Edit tour

Windows Analysis Report
UD3cS4ODWz.exe

Overview

General Information

Sample name:	UD3cS4ODWz.exe renamed because original name is a hash value
Original sample name:	7c9544661439af4f0fd2e7e4387d958d.exe
Analysis ID:	1581188
MD5:	7c9544661439af4f0fd2e7e4387d958d
SHA1:	ecd31f6616df136c73a5ec19f048b067aaa32b1d
SHA256:	1b937ace633e36eee5d6488c64b8945ffd48d8750a0af60143da86ce0cbf5a8b
Tags:	exeuser-abuse_ch
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains very large array initializations

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Tries to harvest and steal Bitcoin Wallet information

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

UD3cS4ODWz.exe (PID: 3428 cmdline: "C:\Users\user\Desktop\UD3cS4ODWz.exe" MD5: 7C9544661439AF4F0FD2E7E4387D958D)

UD3cS4ODWz.tmp (PID: 4892 cmdline: "C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp" /SL5="$203FE,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe" MD5: EAA27C4A436F9109F95EF7D65AA446D5)

UD3cS4ODWz.exe (PID: 1460 cmdline: "C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART MD5: 7C9544661439AF4F0FD2E7E4387D958D)

UD3cS4ODWz.tmp (PID: 3224 cmdline: "C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp" /SL5="$303FE,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART MD5: EAA27C4A436F9109F95EF7D65AA446D5)

timeout.exe (PID: 5888 cmdline: "timeout" 6 MD5: 100065E21CFBBDE57CBA2838921F84D6)

conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 2444 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 5672 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

find.exe (PID: 5700 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 4620 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 5156 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

find.exe (PID: 4412 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 776 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 1948 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

find.exe (PID: 6496 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 5492 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 2304 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

find.exe (PID: 3040 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 2656 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 5480 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

find.exe (PID: 3604 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

cmd.exe (PID: 3608 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 3556 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

find.exe (PID: 5908 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)

BtowsPlayer.exe (PID: 3360 cmdline: "C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe" MD5: BE2EDCF02F80B8D9AB65724911E3F2E6)

BtowsPlayer.exe (PID: 6036 cmdline: "C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe" /auto MD5: BE2EDCF02F80B8D9AB65724911E3F2E6)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x5c05a:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x5f5f0:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001F.00000002.4589800216.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: BtowsPlayer.exe PID: 3360	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: BtowsPlayer.exe PID: 6036	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
32.2.BtowsPlayer.exe.24127ce.0.unpack	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x57a8c:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
32.2.BtowsPlayer.exe.24127ce.0.raw.unpack	Windows_Trojan_Donutloader_f40e3759	unknown	unknown	0x5988c:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49 0x5ce22:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB

Sigma Signatures

System Summary

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp, ProcessId: 3224, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BtowsPlayer.exe.lnk

Suricata Signatures

ET MALWARE Generic AsyncRAT Style SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-27T08:10:33.564719+0100	2035595	1	Domain Observed Used for C2 Detected	185.156.175.43	21411	192.168.2.6	49745	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe (copy)	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Roaming\map\is-DQMBE.tmp	ReversingLabs: Detection: 28%

Multi AV Scanner detection for submitted file

Source: UD3cS4ODWz.exe

ReversingLabs: Detection: 31%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 95.8% probability

Source: UD3cS4ODWz.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: UD3cS4ODWz.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 185.156.175.43:21411 -> 192.168.2.6:49745

Source: global traffic

TCP traffic: 192.168.2.6:49745 -> 185.156.175.43:21411

Source: Joe Sandbox View

ASN Name: M247GB M247GB

Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.175.43

Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: BtowsPlayer.exe, 0000001F.00000002.4586776265.00000000008E1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: BtowsPlayer.exe, 0000001F.00000002.4586776265.0000000000868000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008110000.00000004.00001000.00020000.00000000.sdmp, BtowsPlayer.exe, 0000001F.00000000.2228957381.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-DQMBE.tmp.4.dr	String found in binary or memory: http://www.toolwiz.com
Source: BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll
Source: BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe
Source: BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe
Source: UD3cS4ODWz.exe	String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
Source: UD3cS4ODWz.exe, 00000000.00000003.2109424276.0000000002B0F000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, 00000000.00000003.2111695555.000000007F55B000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000002.00000000.2113341420.0000000000261000.00000020.00000001.01000000.00000004.sdmp, UD3cS4ODWz.tmp, 00000004.00000000.2136573032.0000000000B8D000.00000020.00000001.01000000.00000008.sdmp, UD3cS4ODWz.tmp.0.dr, UD3cS4ODWz.tmp.3.dr	String found in binary or memory: https://www.innosetup.com/
Source: UD3cS4ODWz.exe, 00000000.00000003.2109424276.0000000002B0F000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, 00000000.00000003.2111695555.000000007F55B000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000002.00000000.2113341420.0000000000261000.00000020.00000001.01000000.00000004.sdmp, UD3cS4ODWz.tmp, 00000004.00000000.2136573032.0000000000B8D000.00000020.00000001.01000000.00000008.sdmp, UD3cS4ODWz.tmp.0.dr, UD3cS4ODWz.tmp.3.dr	String found in binary or memory: https://www.remobjects.com/ps

System Summary

Malicious sample detected (through community Yara rule)

Source: 32.2.BtowsPlayer.exe.24127ce.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 32.2.BtowsPlayer.exe.24127ce.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
Source: 00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown

.NET source code contains very large array initializations

Source: 32.2.BtowsPlayer.exe.4f40000.4.raw.unpack, ImIFiiaFZW8NwtFyyJ.cs	Large array initialization: pnTWmaVul: array initializer size 304704
Source: 32.2.BtowsPlayer.exe.3aa5570.2.raw.unpack, ImIFiiaFZW8NwtFyyJ.cs	Large array initialization: pnTWmaVul: array initializer size 304704
Source: 32.2.BtowsPlayer.exe.24127ce.0.raw.unpack, ImIFiiaFZW8NwtFyyJ.cs	Large array initialization: pnTWmaVul: array initializer size 304704

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F53D0	31_2_028F53D0
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F5B30	31_2_028F5B30
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F1D80	31_2_028F1D80
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F5AD2	31_2_028F5AD2
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F1AF7	31_2_028F1AF7
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F4A09	31_2_028F4A09
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F4A30	31_2_028F4A30
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F53C0	31_2_028F53C0
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F1B08	31_2_028F1B08
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F1D80	31_2_028F1D80
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F4981	31_2_028F4981
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028FAF80	31_2_028FAF80
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_050EC008	31_2_050EC008
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_050E4E58	31_2_050E4E58
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_050E5345	31_2_050E5345
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_050E6D00	31_2_050E6D00
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_050E9CC0	31_2_050E9CC0
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_050EBB50	31_2_050EBB50
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_051B50A0	31_2_051B50A0
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_051B6260	31_2_051B6260
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_051EA710	31_2_051EA710
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_051E1AA0	31_2_051E1AA0
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_051E8E28	31_2_051E8E28
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_051EA6FF	31_2_051EA6FF
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_051EE330	31_2_051EE330
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_051EE320	31_2_051EE320
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_05209C38	31_2_05209C38
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_0520D7A0	31_2_0520D7A0
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_05209F80	31_2_05209F80
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_0520A850	31_2_0520A850
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_0520FA91	31_2_0520FA91
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_0520F54E	31_2_0520F54E
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_0520F557	31_2_0520F557
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_05201F60	31_2_05201F60
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_05201F50	31_2_05201F50
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_0520D790	31_2_0520D790
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_0520F63D	31_2_0520F63D
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_05200007	31_2_05200007
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_05200040	31_2_05200040
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_052040A8	31_2_052040A8
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_0520D0E5	31_2_0520D0E5
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_0520FB66	31_2_0520FB66
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_0520FA9A	31_2_0520FA9A
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02410751	32_2_02410751
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02470E06	32_2_02470E06
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_0246D6D6	32_2_0246D6D6
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_024196A3	32_2_024196A3
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_0246D306	32_2_0246D306
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_0246DB0E	32_2_0246DB0E
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02410000	32_2_02410000
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_0246C412	32_2_0246C412
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_0246E5AE	32_2_0246E5AE
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_028553D0	32_2_028553D0
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02855B30	32_2_02855B30
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02851D80	32_2_02851D80
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02855AD2	32_2_02855AD2
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02851AF7	32_2_02851AF7
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02854A30	32_2_02854A30
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_028553C0	32_2_028553C0
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02851B08	32_2_02851B08
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02851D80	32_2_02851D80
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02854981	32_2_02854981
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_0285AF80	32_2_0285AF80
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_050EC008	32_2_050EC008
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_050E4E58	32_2_050E4E58
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_050E5345	32_2_050E5345
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_050E6D00	32_2_050E6D00
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_050E9CC0	32_2_050E9CC0
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_050EBB50	32_2_050EBB50
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_051B50A0	32_2_051B50A0
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_051B6260	32_2_051B6260
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_051EA710	32_2_051EA710
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_051E1AA0	32_2_051E1AA0
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_051E8E28	32_2_051E8E28
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_051EA6FF	32_2_051EA6FF
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_051EE330	32_2_051EE330
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_051EE320	32_2_051EE320
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_05201F60	32_2_05201F60
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_05201F50	32_2_05201F50
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_05200007	32_2_05200007
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_05200040	32_2_05200040
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_052040A8	32_2_052040A8

Source: UD3cS4ODWz.exe

Static PE information: invalid certificate

Source: UD3cS4ODWz.tmp.0.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: UD3cS4ODWz.tmp.3.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows

Source: UD3cS4ODWz.tmp.3.dr	Static PE information: Number of sections : 11 > 10
Source: UD3cS4ODWz.tmp.0.dr	Static PE information: Number of sections : 11 > 10
Source: UD3cS4ODWz.exe	Static PE information: Number of sections : 11 > 10

Source: UD3cS4ODWz.exe, 00000000.00000003.2111695555.000000007F85A000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileNameAudacity.exe vs UD3cS4ODWz.exe
Source: UD3cS4ODWz.exe, 00000000.00000003.2109424276.0000000002E0E000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFileNameAudacity.exe vs UD3cS4ODWz.exe
Source: UD3cS4ODWz.exe, 00000000.00000000.2106460200.0000000001009000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFileNameAudacity.exe vs UD3cS4ODWz.exe
Source: UD3cS4ODWz.exe	Binary or memory string: OriginalFileNameAudacity.exe vs UD3cS4ODWz.exe

Source: UD3cS4ODWz.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 32.2.BtowsPlayer.exe.24127ce.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 32.2.BtowsPlayer.exe.24127ce.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
Source: 00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13

Source: 32.2.BtowsPlayer.exe.4f40000.4.raw.unpack, XxHkOWpffRyD2rf8x9.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 32.2.BtowsPlayer.exe.4f40000.4.raw.unpack, XxHkOWpffRyD2rf8x9.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 32.2.BtowsPlayer.exe.4f40000.4.raw.unpack, ImIFiiaFZW8NwtFyyJ.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 32.2.BtowsPlayer.exe.3aa5570.2.raw.unpack, XxHkOWpffRyD2rf8x9.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 32.2.BtowsPlayer.exe.3aa5570.2.raw.unpack, XxHkOWpffRyD2rf8x9.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 32.2.BtowsPlayer.exe.3aa5570.2.raw.unpack, ImIFiiaFZW8NwtFyyJ.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 32.2.BtowsPlayer.exe.24127ce.0.raw.unpack, XxHkOWpffRyD2rf8x9.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 32.2.BtowsPlayer.exe.24127ce.0.raw.unpack, XxHkOWpffRyD2rf8x9.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 32.2.BtowsPlayer.exe.24127ce.0.raw.unpack, ImIFiiaFZW8NwtFyyJ.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.spyw.evad.winEXE@55/8@0/1

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

Code function: 32_2_02410E61 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,CloseHandle,

32_2_02410E61

Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp

File created: C:\Users\user\AppData\Roaming\map

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2448:120:WilError_03
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Mutant created: \Sessions\1\BaseNamedObjects\f2d06879d699
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3984:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5000:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5064:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4892:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6012:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5920:120:WilError_03

Source: C:\Users\user\Desktop\UD3cS4ODWz.exe

File created: C:\Users\user\AppData\Local\Temp\is-R9513.tmp

Jump to behavior

Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\UD3cS4ODWz.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: UD3cS4ODWz.exe

ReversingLabs: Detection: 31%

Source: UD3cS4ODWz.exe

String found in binary or memory: /LOADINF="filename"

Source: C:\Users\user\Desktop\UD3cS4ODWz.exe

File read: C:\Users\user\Desktop\UD3cS4ODWz.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\UD3cS4ODWz.exe "C:\Users\user\Desktop\UD3cS4ODWz.exe"
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Process created: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp "C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp" /SL5="$203FE,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe"
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Process created: C:\Users\user\Desktop\UD3cS4ODWz.exe "C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Process created: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp "C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp" /SL5="$303FE,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\timeout.exe "timeout" 6
Source: C:\Windows\System32\timeout.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH \| find /I "wrsa.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "wrsa.exe"
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH \| find /I "opssvc.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "opssvc.exe"
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH \| find /I "avastui.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "avastui.exe"
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH \| find /I "avgui.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "avgui.exe"
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH \| find /I "nswscsvc.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH \| find /I "sophoshealth.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe "C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe "C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe" /auto
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Process created: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp "C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp" /SL5="$203FE,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Process created: C:\Users\user\Desktop\UD3cS4ODWz.exe "C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART	Jump to behavior
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Process created: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp "C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp" /SL5="$303FE,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\timeout.exe "timeout" 6	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH \| find /I "wrsa.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH \| find /I "opssvc.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH \| find /I "avastui.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH \| find /I "avgui.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH \| find /I "nswscsvc.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH \| find /I "sophoshealth.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe "C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "wrsa.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "opssvc.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "avastui.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "avgui.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"	Jump to behavior

Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\timeout.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\find.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Section loaded: msasn1.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH

Source: BtowsPlayer.exe.lnk.4.dr

LNK file: ..\..\..\..\..\map\BtowsPlayer.exe

Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp

Window found: window name: TMainForm

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: UD3cS4ODWz.exe

Static file information: File size 2792229 > 1048576

Source: UD3cS4ODWz.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 32.2.BtowsPlayer.exe.4f40000.4.raw.unpack, XxHkOWpffRyD2rf8x9.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 32.2.BtowsPlayer.exe.3aa5570.2.raw.unpack, XxHkOWpffRyD2rf8x9.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 32.2.BtowsPlayer.exe.24127ce.0.raw.unpack, XxHkOWpffRyD2rf8x9.cs	.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

Source: UD3cS4ODWz.tmp.3.dr	Static PE information: real checksum: 0x0 should be: 0x343bce
Source: is-DQMBE.tmp.4.dr	Static PE information: real checksum: 0xff4012 should be: 0x21a706
Source: UD3cS4ODWz.tmp.0.dr	Static PE information: real checksum: 0x0 should be: 0x343bce
Source: UD3cS4ODWz.exe	Static PE information: real checksum: 0xff4012 should be: 0x2b3ce1

Source: UD3cS4ODWz.exe	Static PE information: section name: .didata
Source: UD3cS4ODWz.tmp.0.dr	Static PE information: section name: .didata
Source: UD3cS4ODWz.tmp.3.dr	Static PE information: section name: .didata

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_028F3726 push 8BD88B70h; retf	31_2_028F372C
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_050E89B8 push eax; ret	31_2_050E89B9
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_050E8A4A pushfd ; ret	31_2_050E8A51
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_050E9ACA push eax; iretd	31_2_050E9AD1
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 31_2_051BA7BA push eax; iretd	31_2_051BA7C1
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_024177B6 push ebx; retf	32_2_024177BE
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_050E89B8 push eax; ret	32_2_050E89B9
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_050E8A4A pushfd ; ret	32_2_050E8A51
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_050E9ACA push eax; iretd	32_2_050E9AD1
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_051BA7BA push eax; iretd	32_2_051BA7C1

Source: 32.2.BtowsPlayer.exe.4f40000.4.raw.unpack, XxHkOWpffRyD2rf8x9.cs	High entropy of concatenated method names: 'kM5C10wM8a7nJUq9YQn', 'UMrXMFw6rY39JRAnjo4', 'kQNfG0h0et', 'vh0ry9Sq2v', 'vMdfsjNtiP', 'c1Tf9G3hPh', 'WT5fI1NDIY', 'yWLfLFR0VC', 'kIMNxe4OdN', 'L5YC0OdQI'
Source: 32.2.BtowsPlayer.exe.3aa5570.2.raw.unpack, XxHkOWpffRyD2rf8x9.cs	High entropy of concatenated method names: 'kM5C10wM8a7nJUq9YQn', 'UMrXMFw6rY39JRAnjo4', 'kQNfG0h0et', 'vh0ry9Sq2v', 'vMdfsjNtiP', 'c1Tf9G3hPh', 'WT5fI1NDIY', 'yWLfLFR0VC', 'kIMNxe4OdN', 'L5YC0OdQI'
Source: 32.2.BtowsPlayer.exe.24127ce.0.raw.unpack, XxHkOWpffRyD2rf8x9.cs	High entropy of concatenated method names: 'kM5C10wM8a7nJUq9YQn', 'UMrXMFw6rY39JRAnjo4', 'kQNfG0h0et', 'vh0ry9Sq2v', 'vMdfsjNtiP', 'c1Tf9G3hPh', 'WT5fI1NDIY', 'yWLfLFR0VC', 'kIMNxe4OdN', 'L5YC0OdQI'

Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	File created: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	File created: C:\Users\user\AppData\Local\Temp\is-TUNTK.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	File created: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	File created: C:\Users\user\AppData\Roaming\map\is-DQMBE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	File created: C:\Users\user\AppData\Local\Temp\is-QNH7J.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	File created: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BtowsPlayer.exe.lnk

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BtowsPlayer.exe.lnk

Jump to behavior

Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\UD3cS4ODWz.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Memory allocated: 28A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Memory allocated: 2A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Memory allocated: 4A10000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Memory allocated: 2850000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Memory allocated: 2AA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Memory allocated: 28B0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Window / User API: threadDelayed 2081			Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Window / User API: threadDelayed 7668			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-TUNTK.tmp\_isetup\_setup64.tmp			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QNH7J.tmp\_isetup\_setup64.tmp			Jump to dropped file

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -21213755684765971s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -39000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 3460	Thread sleep count: 2081 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -38875s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 3460	Thread sleep count: 7668 > 30	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -38766s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -38625s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -38481s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -38339s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -38233s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -38125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -38016s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -37906s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -37797s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -37688s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -37563s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -37438s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -37322s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -37219s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -37078s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -36969s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -36859s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -36750s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -36641s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -36531s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -36422s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -36313s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -36188s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -36063s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -35938s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -35828s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -35719s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -35594s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -35485s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -35360s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -35235s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -35110s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -34985s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -34860s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -34735s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -34610s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -34485s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -34360s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -34235s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -34104s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -34000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -33891s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -33781s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -33671s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -33562s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -33453s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -33344s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -33219s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -33107s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 1340	Thread sleep time: -33000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 4976	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 39000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 38875	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 38766	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 38625	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 38481	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 38339	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 38233	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 38125	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 38016	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 37906	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 37797	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 37688	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 37563	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 37438	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 37322	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 37219	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 37078	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 36969	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 36859	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 36750	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 36641	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 36531	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 36422	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 36313	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 36188	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 36063	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 35938	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 35828	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 35719	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 35594	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 35485	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 35360	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 35235	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 35110	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 34985	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 34860	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 34735	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 34610	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 34485	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 34360	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 34235	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 34104	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 34000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 33891	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 33781	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 33671	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 33562	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 33453	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 33344	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 33219	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 33107	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 33000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: UD3cS4ODWz.tmp, 00000002.00000002.2132815618.0000000000CDD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: UD3cS4ODWz.tmp, 00000002.00000002.2132815618.0000000000CDD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: BtowsPlayer.exe, 0000001F.00000002.4586776265.00000000008BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02410751 mov edx, dword ptr fs:[00000030h]	32_2_02410751
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02410D11 mov eax, dword ptr fs:[00000030h]	32_2_02410D11
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02411361 mov eax, dword ptr fs:[00000030h]	32_2_02411361
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_02411360 mov eax, dword ptr fs:[00000030h]	32_2_02411360
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Code function: 32_2_024110C1 mov eax, dword ptr fs:[00000030h]	32_2_024110C1

Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	Process created: C:\Users\user\Desktop\UD3cS4ODWz.exe "C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	Process created: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe "C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "wrsa.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "opssvc.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "avastui.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "avgui.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"	Jump to behavior

Source: BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002F69000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002E9D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008110000.00000004.00001000.00020000.00000000.sdmp, BtowsPlayer.exe, 0000001F.00000000.2228957381.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-DQMBE.tmp.4.dr	Binary or memory string: ProgMan
Source: UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008110000.00000004.00001000.00020000.00000000.sdmp, BtowsPlayer.exe, 0000001F.00000000.2228957381.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-DQMBE.tmp.4.dr	Binary or memory string: ProgManU
Source: BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002F69000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002E75000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager*
Source: BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002F69000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002E75000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002E9D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: find.exe, 00000016.00000002.2221688170.0000014850B60000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000016.00000002.2221629971.00000148509DB000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: avgui.exe

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: BtowsPlayer.exe, 0000001F.00000002.4600695669.0000000005350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum\wallets
Source: BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002C41000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: com.liberty.jaxx@\
Source: BtowsPlayer.exe, 0000001F.00000002.4600695669.0000000005350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: BtowsPlayer.exe, 0000001F.00000002.4600695669.0000000005350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: BtowsPlayer.exe, 0000001F.00000002.4600695669.0000000005350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: BtowsPlayer.exe, 0000001F.00000002.4600695669.0000000005350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: BtowsPlayer.exe, 0000001F.00000002.4600695669.0000000005350000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe

Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Jump to behavior

Source: Yara match	File source: 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.4589800216.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: BtowsPlayer.exe PID: 3360, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: BtowsPlayer.exe PID: 6036, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	341 Windows Management Instrumentation	2 Registry Run Keys / Startup Folder	12 Process Injection	1 Masquerading	OS Credential Dumping	541 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	2 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	351 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Data from Local System	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	351 Virtualization/Sandbox Evasion	Security Account Manager	4 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 System Owner/User Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	223 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
UD3cS4ODWz.exe	32%	ReversingLabs	Win32.Backdoor.Redcap

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-QNH7J.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-TUNTK.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe (copy)	29%	ReversingLabs
C:\Users\user\AppData\Roaming\map\is-DQMBE.tmp	29%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://www.toolwiz.com	0%	Avira URL Cloud	safe

Name	Source	Malicious	Antivirus Detection	Reputation
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	UD3cS4ODWz.exe	false		high
https://sectigo.com/CPS0	UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	false		high
https://stackoverflow.com/q/14436606/23354	BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y	UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	false		high
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0	UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	false		high
http://ocsp.sectigo.com0	UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	false		high
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll	BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354rCannot	BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.remobjects.com/ps	UD3cS4ODWz.exe, 00000000.00000003.2109424276.0000000002B0F000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, 00000000.00000003.2111695555.000000007F55B000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000002.00000000.2113341420.0000000000261000.00000020.00000001.01000000.00000004.sdmp, UD3cS4ODWz.tmp, 00000004.00000000.2136573032.0000000000B8D000.00000020.00000001.01000000.00000008.sdmp, UD3cS4ODWz.tmp.0.dr, UD3cS4ODWz.tmp.3.dr	false		high
https://stackoverflow.com/q/11564914/23354;	BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.toolwiz.com	UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008110000.00000004.00001000.00020000.00000000.sdmp, BtowsPlayer.exe, 0000001F.00000000.2228957381.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-DQMBE.tmp.4.dr	false	Avira URL Cloud: safe	unknown
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe	BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe	BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.innosetup.com/	UD3cS4ODWz.exe, 00000000.00000003.2109424276.0000000002B0F000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, 00000000.00000003.2111695555.000000007F55B000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000002.00000000.2113341420.0000000000261000.00000020.00000001.01000000.00000004.sdmp, UD3cS4ODWz.tmp, 00000004.00000000.2136573032.0000000000B8D000.00000020.00000001.01000000.00000008.sdmp, UD3cS4ODWz.tmp.0.dr, UD3cS4ODWz.tmp.3.dr	false		high
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#	UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	false		high
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#	UD3cS4ODWz.tmp, 00000004.00000003.2230730863.0000000008320000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000002.2283303479.00000000012ED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-DQMBE.tmp.4.dr	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	BtowsPlayer.exe, 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.156.175.43	unknown	Romania		9009	M247GB	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581188
Start date and time:	2024-12-27 08:09:10 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 46s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	37
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	UD3cS4ODWz.exe renamed because original name is a hash value
Original Sample Name:	7c9544661439af4f0fd2e7e4387d958d.exe
Detection:	MAL
Classification:	mal100.spyw.evad.winEXE@55/8@0/1
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 89% Number of executed functions: 518 Number of non-executed functions: 23
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 4.175.87.197, 20.242.39.171, 40.69.42.241, 13.107.246.63
Excluded domains from analysis (whitelisted): client.wns.windows.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, ctldl.windowsupdate.com, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target BtowsPlayer.exe, PID 3360 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: UD3cS4ODWz.exe

Simulations

Behavior and APIs

Time	Type	Description
02:10:33	API Interceptor	9564516x Sleep call for process: BtowsPlayer.exe modified
08:10:07	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BtowsPlayer.exe.lnk

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.156.175.43	nXNMsYXFFc.exe	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	nXNMsYXFFc.exe	Get hash	malicious	Unknown	Browse	185.156.175.43
	ub8ehJSePAfc9FYqZIT6.arm6.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.arm7.elf	Get hash	malicious	Mirai	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.x86_64.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.ppc.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.mips.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.mpsl.elf	Get hash	malicious	Unknown	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.arm.elf	Get hash	malicious	Mirai	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.m68k.elf	Get hash	malicious	Mirai	Browse	92.118.56.167
	ub8ehJSePAfc9FYqZIT6.sh4.elf	Get hash	malicious	Unknown	Browse	92.118.56.167

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\is-QNH7J.tmp\_isetup\_setup64.tmp	Setup64v7.3.9.exe	Get hash	malicious	Unknown	Browse
	Setup64v4.1.9.exe	Get hash	malicious	Unknown	Browse
	Setup64v7.3.9.exe	Get hash	malicious	Unknown	Browse
	Setup64v4.1.9.exe	Get hash	malicious	Unknown	Browse
	Set-up.exe	Get hash	malicious	LummaC	Browse
	setup.exe	Get hash	malicious	LummaC	Browse
	SET_UP.exe	Get hash	malicious	LummaC	Browse
	GLD6WIS3RXG4KKYJLK.exe	Get hash	malicious	Unknown	Browse
	#U5b89#U88c5#U7a0b#U5e8f_2.1.0.exe	Get hash	malicious	Unknown	Browse
	#U5b89#U88c5#U7a0b#U5e8f_2.1.0.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BtowsPlayer.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	621
Entropy (8bit):	5.345265452111628
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhayoDLI4MWuPrePEniv:ML9E4KlKDE4KhKiKhRAE4KzeR
MD5:	9A0010B54E25DD22EC1D9FA3EA1AE6C2
SHA1:	830D8D4D0BD0544B1F25ECF4303C40479CF677C0
SHA-256:	B3D9F4BEFE0FF83AEC0AA7CCFB542E0B9CED36756FBA1BA863606969F3360F56
SHA-512:	6DEBC5BFC689C19AD8B72264FDD3710C93A2C2E5344E8024502B2D3E7554BC80381CE2A7BB4D560EB8F3E5E0C73195D07839651FE8CEA6E27F9A2674ABFF6691
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp

Download File

Process:	C:\Users\user\Desktop\UD3cS4ODWz.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3366912
Entropy (8bit):	6.5305503944980385
Encrypted:	false
SSDEEP:	98304:nJYVM+LtVt3P/KuG2ONG9iqLRQE9333T:2VL/tnHGYiql5F
MD5:	EAA27C4A436F9109F95EF7D65AA446D5
SHA1:	720AB6FE8D758480E6B3E7580AB1D80A96FFB690
SHA-256:	3E1DE3F71AE4967690733BC872DBE79198E470FB0E6A364B653DC5C8E601A8AD
SHA-512:	E73903102B78F268910FEDBFF59CD8B145A69F0DF7F1D89615EF7FE7D0A819357C468C990BB337469B283D50EB2B0571B78D7790942E0706704FFAA388BB3853
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.......................................@..........................04...........@......@...................P,.n.....,.j:...P0.......................,.<............................p,.......................,......@,.(....................text............................. ..`.itext..$.......0................. ..`.data................*.............@....bss.....\|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc........P0......./.............@..@.............04......`3.............@..@................

C:\Users\user\AppData\Local\Temp\is-QNH7J.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: Setup64v7.3.9.exe, Detection: malicious, Browse Filename: Setup64v4.1.9.exe, Detection: malicious, Browse Filename: Setup64v7.3.9.exe, Detection: malicious, Browse Filename: Setup64v4.1.9.exe, Detection: malicious, Browse Filename: Set-up.exe, Detection: malicious, Browse Filename: setup.exe, Detection: malicious, Browse Filename: SET_UP.exe, Detection: malicious, Browse Filename: GLD6WIS3RXG4KKYJLK.exe, Detection: malicious, Browse Filename: #U5b89#U88c5#U7a0b#U5e8f_2.1.0.exe, Detection: malicious, Browse Filename: #U5b89#U88c5#U7a0b#U5e8f_2.1.0.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp

Download File

Process:	C:\Users\user\Desktop\UD3cS4ODWz.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3366912
Entropy (8bit):	6.5305503944980385
Encrypted:	false
SSDEEP:	98304:nJYVM+LtVt3P/KuG2ONG9iqLRQE9333T:2VL/tnHGYiql5F
MD5:	EAA27C4A436F9109F95EF7D65AA446D5
SHA1:	720AB6FE8D758480E6B3E7580AB1D80A96FFB690
SHA-256:	3E1DE3F71AE4967690733BC872DBE79198E470FB0E6A364B653DC5C8E601A8AD
SHA-512:	E73903102B78F268910FEDBFF59CD8B145A69F0DF7F1D89615EF7FE7D0A819357C468C990BB337469B283D50EB2B0571B78D7790942E0706704FFAA388BB3853
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.......................................@..........................04...........@......@...................P,.n.....,.j:...P0.......................,.<............................p,.......................,......@,.(....................text............................. ..`.itext..$.......0................. ..`.data................*.............@....bss.....\|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc........P0......./.............@..@.............04......`3.............@..@................

C:\Users\user\AppData\Local\Temp\is-TUNTK.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.720366600008286
Encrypted:	false
SSDEEP:	96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
MD5:	E4211D6D009757C078A9FAC7FF4F03D4
SHA1:	019CD56BA687D39D12D4B13991C9A42EA6BA03DA
SHA-256:	388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
SHA-512:	17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BtowsPlayer.exe.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp
File Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
Category:	dropped
Size (bytes):	1010
Entropy (8bit):	3.1042330347123777
Encrypted:	false
SSDEEP:	12:8Ql0qsX2lw/tz0/CSLS/5nESel9t9UMJcclEbNfBJ4t2YZ/elFlSJm:8hTWLNfnfXy/Fqy
MD5:	C48F0A73BD381F816E890799AD749F33
SHA1:	46EF4CA68DF7765C6AAD1DE290E93D0A7BF4076A
SHA-256:	A29C5A0C40F352F0F45E29F9A028C920FF9C0EA30A78688E47B886239F1706B6
SHA-512:	1530DF2D099D0D136E19A41A97C985F63A9D415FCC2D60696FA2948F4BA7677C1CBB9004C78F3AD638A77E25291F708A6D327CC646607620AC2D6ED009BCD38F
Malicious:	false
Preview:	L..................F........................................................=....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....Z.1...........user..B............................................e.n.g.i.n.e.e.r.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....J.1...........map.8............................................m.a.p.....n.2...........BtowsPlayer.exe.P............................................B.t.o.w.s.P.l.a.y.e.r...e.x.e.......".....\.....\.....\.....\.....\.m.a.p.\.B.t.o.w.s.P.l.a.y.e.r...e.x.e.%.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.m.a.p.../.a.u.t.o...........................>.e.L.:..er.=................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.......

C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2174904
Entropy (8bit):	7.156429765941512
Encrypted:	false
SSDEEP:	49152:4uG6knvVDK8YcrWaCyqp1uw/0L5QiHzROaBoKxcMH:LG6knvVe8Yzacp50Lx5BoYc8
MD5:	BE2EDCF02F80B8D9AB65724911E3F2E6
SHA1:	AD9A05DDEE4F70214BFAE228F6A974924BCB2F90
SHA-256:	3DF79F238F056CABC4083C1970B1BC5F2E7E6200C364C0D542B484BE20A08E73
SHA-512:	950A60D17EFEBE1B61F96BE5E4947D128C15D812E2E895F4D3D1D1EF5607B5931C7919696AC71C4FD7160C3DCB9F0FA724B0AE0D42B8DB3CB6E8B6D171A0A61E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.................v...h....................@...........................!......@...........@..............................^)....................!..+...@..<............................0......................................................CODE.....u.......v.................. ..`DATA.....6.......8...z..............@...BSS.....!................................idata..^).........................@....tls......... ...........................rdata.......0......................@..P.reloc..<....@......................@..P.rsrc...............................@..P.............`......................@..P........................................................................................................................................

C:\Users\user\AppData\Roaming\map\is-DQMBE.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2174904
Entropy (8bit):	7.156429765941512
Encrypted:	false
SSDEEP:	49152:4uG6knvVDK8YcrWaCyqp1uw/0L5QiHzROaBoKxcMH:LG6knvVe8Yzacp50Lx5BoYc8
MD5:	BE2EDCF02F80B8D9AB65724911E3F2E6
SHA1:	AD9A05DDEE4F70214BFAE228F6A974924BCB2F90
SHA-256:	3DF79F238F056CABC4083C1970B1BC5F2E7E6200C364C0D542B484BE20A08E73
SHA-512:	950A60D17EFEBE1B61F96BE5E4947D128C15D812E2E895F4D3D1D1EF5607B5931C7919696AC71C4FD7160C3DCB9F0FA724B0AE0D42B8DB3CB6E8B6D171A0A61E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B.................v...h....................@...........................!......@...........@..............................^)....................!..+...@..<............................0......................................................CODE.....u.......v.................. ..`DATA.....6.......8...z..............@...BSS.....!................................idata..^).........................@....tls......... ...........................rdata.......0......................@..P.reloc..<....@......................@..P.rsrc...............................@..P.............`......................@..P........................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.75876924143709
TrID:	Win32 Executable (generic) a (10002005/4) 98.04% Inno Setup installer (109748/4) 1.08% InstallShield setup (43055/19) 0.42% Win32 EXE PECompact compressed (generic) (41571/9) 0.41% Win16/32 Executable Delphi generic (2074/23) 0.02%
File name:	UD3cS4ODWz.exe
File size:	2'792'229 bytes
MD5:	7c9544661439af4f0fd2e7e4387d958d
SHA1:	ecd31f6616df136c73a5ec19f048b067aaa32b1d
SHA256:	1b937ace633e36eee5d6488c64b8945ffd48d8750a0af60143da86ce0cbf5a8b
SHA512:	aa27d8d779c6f0200ffd8cfbb6133d6ae324f27f93fa513ec87f03353f9f50c66889b578ba43778497f11e3e75be932953b6f988e0aaf3cca65357c93b22546a
SSDEEP:	49152:ZwREDDMQFMwJz0/JPNqDBouB3ftiaOXziJD+QzMm1RBoBVtYHqg8MH:ZwREEGzYVABouB3FMi9+Q4m1PQKqX8
TLSH:	70D5E123F2CBE43EE05D0B3B05B2A25494FBAA616422BD5396ECB4ECCE751501D3E647
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	0c0c2d33ceec80aa

Static PE Info

General

Entrypoint:	0x4a83bc
Entrypoint Section:	.itext
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6690DABD [Fri Jul 12 07:26:53 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	40ab50289f7ef5fae60801f88d4541fc

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	21/04/2022 02:00:00 21/04/2025 01:59:59
Subject Chain	CN=Musecy SM Ltd., O=Musecy SM Ltd., S=Lemesos, C=CY
Version:	3
Thumbprint MD5:	BD369706380B543F3116644C27E8A343
Thumbprint SHA-1:	2162556B51EFF0F55949EEDD6D0B270E412C27B0
Thumbprint SHA-256:	90FD858CBC4F0C292C17D50C323FD0B5704D87EFD7DB4B80AF74D76CCAE868E7
Serial:	00C134B2A3AE7F9BD5A260DC5FCC04087C

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFA4h
push ebx
push esi
push edi
xor eax, eax
mov dword ptr [ebp-3Ch], eax
mov dword ptr [ebp-40h], eax
mov dword ptr [ebp-5Ch], eax
mov dword ptr [ebp-30h], eax
mov dword ptr [ebp-38h], eax
mov dword ptr [ebp-34h], eax
mov dword ptr [ebp-2Ch], eax
mov dword ptr [ebp-28h], eax
mov dword ptr [ebp-14h], eax
mov eax, 004A2EBCh
call 00007FB93479E835h
xor eax, eax
push ebp
push 004A8AC1h
push dword ptr fs:[eax]
mov dword ptr fs:[eax], esp
xor edx, edx
push ebp
push 004A8A7Bh
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
mov eax, dword ptr [004B0634h]
call 00007FB9348301BBh
call 00007FB93482FD0Eh
lea edx, dword ptr [ebp-14h]
xor eax, eax
call 00007FB93482A9E8h
mov edx, dword ptr [ebp-14h]
mov eax, 004B41F4h
call 00007FB9347988E3h
push 00000002h
push 00000000h
push 00000001h
mov ecx, dword ptr [004B41F4h]
mov dl, 01h
mov eax, dword ptr [0049CD14h]
call 00007FB93482BD13h
mov dword ptr [004B41F8h], eax
xor edx, edx
push ebp
push 004A8A27h
push dword ptr fs:[edx]
mov dword ptr fs:[edx], esp
call 00007FB934830243h
mov dword ptr [004B4200h], eax
mov eax, dword ptr [004B4200h]
cmp dword ptr [eax+0Ch], 01h
jne 00007FB934836F2Ah
mov eax, dword ptr [004B4200h]
mov edx, 00000028h
call 00007FB93482C608h
mov edx, dword ptr [004B4200h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0xb7000	0x71	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0xb5000	0xfec	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xcb000	0x11000	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x2a6f6d	0x2bb8
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xba000	0x10fa8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xb9000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xb52d4	0x25c	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0xb6000	0x1a4	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xa568c	0xa5800	b889d302f6fc48a904de33d8d947ae80	False	0.3620185045317221	data	6.377190161826806	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.itext	0xa7000	0x1b64	0x1c00	588dd0a8ab499300d3701cbd11b017d9	False	0.548828125	data	6.109264411030635	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xa9000	0x3838	0x3a00	5c0c76e77aef52ebc6702430837ccb6e	False	0.35338092672413796	data	4.95916338709992	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0xad000	0x7258	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xb5000	0xfec	0x1000	627340dff539ef99048969aa4824fb2d	False	0.380615234375	data	5.020404933181373	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0xb6000	0x1a4	0x200	fd11c1109737963cc6cb7258063abfd6	False	0.34765625	data	2.729290535217263	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0xb7000	0x71	0x200	7de8ca0c7a61668a728fd3a88dc0942d	False	0.1796875	data	1.305578535725827	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0xb8000	0x18	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0xb9000	0x5d	0x200	d84006640084dc9f74a07c2ff9c7d656	False	0.189453125	data	1.3892750148744617	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xba000	0x10fa8	0x11000	a85fda2741bd9417695daa5fc5a9d7a5	False	0.5789579503676471	data	6.709466460182023	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.rsrc	0xcb000	0x11000	0x11000	dfc2f667184e2d8e1a93cfcccecc3510	False	0.18793083639705882	data	3.7219048892773863	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xcb678	0xa68	Device independent bitmap graphic, 64 x 128 x 4, image size 2048	English	United States	0.1174924924924925
RT_ICON	0xcc0e0	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States	0.15792682926829268
RT_ICON	0xcc748	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.23387096774193547
RT_ICON	0xcca30	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States	0.39864864864864863
RT_ICON	0xccb58	0x1628	Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colors	English	United States	0.08339210155148095
RT_ICON	0xce180	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.1023454157782516
RT_ICON	0xcf028	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.10649819494584838
RT_ICON	0xcf8d0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.10838150289017341
RT_ICON	0xcfe38	0x12e5	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	0.8712011577424024
RT_ICON	0xd1120	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.05668398677373642
RT_ICON	0xd5348	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.08475103734439834
RT_ICON	0xd78f0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.09920262664165103
RT_ICON	0xd8998	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.2047872340425532
RT_STRING	0xd8e00	0x3f8	data			0.3198818897637795
RT_STRING	0xd91f8	0x2dc	data			0.36475409836065575
RT_STRING	0xd94d4	0x430	data			0.40578358208955223
RT_STRING	0xd9904	0x44c	data			0.38636363636363635
RT_STRING	0xd9d50	0x2d4	data			0.39226519337016574
RT_STRING	0xda024	0xb8	data			0.6467391304347826
RT_STRING	0xda0dc	0x9c	data			0.6410256410256411
RT_STRING	0xda178	0x374	data			0.4230769230769231
RT_STRING	0xda4ec	0x398	data			0.3358695652173913
RT_STRING	0xda884	0x368	data			0.3795871559633027
RT_STRING	0xdabec	0x2a4	data			0.4275147928994083
RT_RCDATA	0xdae90	0x10	data			1.5
RT_RCDATA	0xdaea0	0x310	data			0.6173469387755102
RT_RCDATA	0xdb1b0	0x2c	data			1.2045454545454546
RT_GROUP_ICON	0xdb1dc	0xbc	data	English	United States	0.6170212765957447
RT_VERSION	0xdb298	0x584	data	English	United States	0.2896600566572238
RT_MANIFEST	0xdb81c	0x7a8	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.3377551020408163

Imports

DLL	Import
kernel32.dll	GetACP, GetExitCodeProcess, CloseHandle, LocalFree, SizeofResource, VirtualProtect, QueryPerformanceFrequency, VirtualFree, GetFullPathNameW, GetProcessHeap, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVolumeInformationW, GetVersion, GetDriveTypeW, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetCommandLineW, GetSystemInfo, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, LCMapStringW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
comctl32.dll	InitCommonControls
user32.dll	CreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
oleaut32.dll	SysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
advapi32.dll	ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, AdjustTokenPrivileges, LookupPrivilegeValueW, RegOpenKeyExW, OpenProcessToken, FreeSid, AllocateAndInitializeSid, EqualSid, RegQueryValueExW, GetTokenInformation, ConvertSidToStringSidW, RegCloseKey

Exports

Name	Ordinal	Address
__dbk_fcall_wrapper	2	0x40fc10
dbkFCallWrapperAddr	1	0x4b063c

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-27T08:10:33.564719+0100	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	185.156.175.43	21411	192.168.2.6	49745	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 08:10:31.842556953 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:10:31.962023973 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:10:31.962110043 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:10:31.964602947 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:10:32.084115982 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:10:32.084197044 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:10:32.203708887 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:10:33.428862095 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:10:33.428982973 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:10:33.429056883 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:10:33.445055008 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:10:33.564718962 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:10:33.979140997 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:10:34.020087957 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:10:34.953145981 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:10:35.072630882 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:10:35.072792053 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:10:35.192353010 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:10:54.424762964 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:10:54.473176956 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:10:54.634862900 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:10:54.676398993 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:13.156516075 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:13.276309967 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:13.276380062 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:13.395960093 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:13.938611984 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:13.988862991 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:14.162180901 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:14.182117939 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:14.182226896 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:14.281672001 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:14.281730890 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:14.301748037 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:14.401335955 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:15.076314926 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:15.129487991 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:15.199704885 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:15.215092897 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:15.334594965 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:15.334671021 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:15.430740118 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:15.454140902 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:15.473249912 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:15.640964031 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:15.692094088 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:36.446221113 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:36.488915920 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:36.656456947 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:36.707678080 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:53.176544905 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:53.296116114 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:53.296168089 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:53.415690899 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:54.118155956 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:54.163640976 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:54.364559889 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:54.367136955 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:54.486669064 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:54.486802101 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:54.606296062 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:56.740246058 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:56.859699011 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:56.859836102 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:56.979325056 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:57.452431917 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:57.504599094 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:57.720824003 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:57.723608971 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:57.843122959 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:11:57.843173981 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:11:57.962846041 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:06.195674896 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:06.315143108 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:06.319678068 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:06.439244986 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:06.964104891 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:07.067132950 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:07.211817026 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:07.215915918 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:07.335371971 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:07.335433006 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:07.456264019 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:09.146408081 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:09.265944004 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:09.266022921 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:09.385530949 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:09.957577944 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:10.074662924 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:10.147355080 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:10.150091887 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:10.269701958 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:10.269803047 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:10.389322042 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:15.853534937 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:15.973077059 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:15.973176956 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:16.092719078 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:16.614582062 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:16.676666021 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:16.860724926 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:16.865362883 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:16.984905958 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:16.987801075 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:17.107281923 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:17.552860022 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:17.672348022 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:17.672406912 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:17.791894913 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:18.267417908 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:18.379698038 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:18.476613045 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:18.481729984 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:18.601145983 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:18.601258039 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:18.720720053 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:19.052845001 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:19.172300100 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:19.175760984 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:19.295459032 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:19.813913107 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:19.864083052 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:20.054523945 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:20.057425022 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:20.176903963 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:20.176955938 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:20.296390057 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:20.694706917 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:20.814266920 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:20.819773912 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:20.939289093 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:21.508066893 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:21.652772903 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:21.758964062 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:21.761476994 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:21.880929947 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:21.880978107 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:22.000480890 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:23.787714958 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:23.907176018 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:23.907270908 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:24.027093887 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:24.555222988 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:24.676570892 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:24.919224024 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:24.926052094 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:25.045643091 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:25.046483040 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:25.166028023 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:40.944101095 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:41.063632965 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:41.063831091 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:41.183379889 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:41.706393003 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:41.864128113 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:41.945440054 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:42.021061897 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:42.140599012 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:12:42.140875101 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:12:42.260284901 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:04.787853003 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:04.907294989 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:04.907530069 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:05.026984930 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:05.557368994 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:05.645030022 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:05.808970928 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:05.812659025 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:05.932100058 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:05.932215929 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:06.051645994 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:08.571856976 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:08.691337109 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:08.691420078 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:08.810899973 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:09.330926895 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:09.427438974 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:09.574791908 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:09.578509092 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:09.697932005 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:09.698004007 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:09.817565918 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:10.318547964 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:10.438605070 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:10.438707113 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:10.558196068 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:10.881062984 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:10.976264954 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:10.978014946 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:11.000547886 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:11.097565889 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:11.186391115 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:11.192890882 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:11.312422991 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:11.312478065 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:11.433221102 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:11.641350031 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:11.851586103 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:11.851679087 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:11.854370117 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:11.973788977 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:11.973835945 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:12.093487978 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:12.623449087 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:12.677983046 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:12.867382050 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:12.872378111 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:12.991837025 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:12.991955996 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:13.111481905 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:27.803003073 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:27.922677994 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:27.922734022 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:28.042320967 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:28.571702957 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:28.614697933 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:28.823318005 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:28.827445030 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:28.947014093 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:28.951471090 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:29.071019888 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:31.725187063 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:31.844727993 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:31.844774961 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:31.964274883 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:32.445518970 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:32.489281893 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:32.763529062 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:32.766735077 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:32.886406898 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:32.886727095 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:33.006295919 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:58.318723917 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:58.440078020 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:58.444303036 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:58.563915968 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:59.086631060 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:59.129961014 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:59.380939960 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:59.393747091 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:59.513609886 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:13:59.513683081 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:13:59.633390903 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:01.130954981 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:01.250730038 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:01.250797033 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:01.370310068 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:01.898436069 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:01.942461967 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:02.136332035 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:02.153513908 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:02.273134947 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:02.273190975 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:02.392827034 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:07.896986008 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:08.016678095 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:08.016817093 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:08.138133049 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:08.667978048 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:08.723813057 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:08.970398903 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:08.978828907 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:09.098936081 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:09.099129915 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:09.218703985 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:12.943077087 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:13.062661886 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:13.062736034 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:13.182250977 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:13.675470114 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:13.723882914 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:13.885966063 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:13.888999939 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:14.008711100 CET	21411	49745	185.156.175.43	192.168.2.6
Dec 27, 2024 08:14:14.008836985 CET	49745	21411	192.168.2.6	185.156.175.43
Dec 27, 2024 08:14:14.128321886 CET	21411	49745	185.156.175.43	192.168.2.6

Target ID:	0
Start time:	02:10:02
Start date:	27/12/2024
Path:	C:\Users\user\Desktop\UD3cS4ODWz.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\UD3cS4ODWz.exe"
Imagebase:	0xf50000
File size:	2'792'229 bytes
MD5 hash:	7C9544661439AF4F0FD2E7E4387D958D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	02:10:03
Start date:	27/12/2024
Path:	C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp" /SL5="$203FE,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe"
Imagebase:	0x260000
File size:	3'366'912 bytes
MD5 hash:	EAA27C4A436F9109F95EF7D65AA446D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	02:10:03
Start date:	27/12/2024
Path:	C:\Users\user\Desktop\UD3cS4ODWz.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART
Imagebase:	0xf50000
File size:	2'792'229 bytes
MD5 hash:	7C9544661439AF4F0FD2E7E4387D958D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	02:10:05
Start date:	27/12/2024
Path:	C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp" /SL5="$303FE,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART
Imagebase:	0x910000
File size:	3'366'912 bytes
MD5 hash:	EAA27C4A436F9109F95EF7D65AA446D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	02:10:06
Start date:	27/12/2024
Path:	C:\Windows\System32\timeout.exe
Wow64 process (32bit):	false
Commandline:	"timeout" 6
Imagebase:	0x7ff6db590000
File size:	32'768 bytes
MD5 hash:	100065E21CFBBDE57CBA2838921F84D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	02:10:06
Start date:	27/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH \| find /I "wrsa.exe"
Imagebase:	0x7ff6c2310000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\tasklist.exe
Wow64 process (32bit):	false
Commandline:	tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
Imagebase:	0x7ff7b4df0000
File size:	106'496 bytes
MD5 hash:	D0A49A170E13D7F6AEBBEFED9DF88AAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\find.exe
Wow64 process (32bit):	false
Commandline:	find /I "wrsa.exe"
Imagebase:	0x7ff7aa950000
File size:	17'920 bytes
MD5 hash:	4BF76A28D31FC73AA9FC970B22D056AF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH \| find /I "opssvc.exe"
Imagebase:	0x7ff6c2310000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\tasklist.exe
Wow64 process (32bit):	false
Commandline:	tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
Imagebase:	0x7ff7b4df0000
File size:	106'496 bytes
MD5 hash:	D0A49A170E13D7F6AEBBEFED9DF88AAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\find.exe
Wow64 process (32bit):	false
Commandline:	find /I "opssvc.exe"
Imagebase:	0x7ff7aa950000
File size:	17'920 bytes
MD5 hash:	4BF76A28D31FC73AA9FC970B22D056AF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH \| find /I "avastui.exe"
Imagebase:	0x7ff6c2310000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\tasklist.exe
Wow64 process (32bit):	false
Commandline:	tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
Imagebase:	0x7ff7b4df0000
File size:	106'496 bytes
MD5 hash:	D0A49A170E13D7F6AEBBEFED9DF88AAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	02:10:12
Start date:	27/12/2024
Path:	C:\Windows\System32\find.exe
Wow64 process (32bit):	false
Commandline:	find /I "avastui.exe"
Imagebase:	0x7ff7aa950000
File size:	17'920 bytes
MD5 hash:	4BF76A28D31FC73AA9FC970B22D056AF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	02:10:13
Start date:	27/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH \| find /I "avgui.exe"
Imagebase:	0x7ff6c2310000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	02:10:13
Start date:	27/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	02:10:13
Start date:	27/12/2024
Path:	C:\Windows\System32\tasklist.exe
Wow64 process (32bit):	false
Commandline:	tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
Imagebase:	0x7ff7b4df0000
File size:	106'496 bytes
MD5 hash:	D0A49A170E13D7F6AEBBEFED9DF88AAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	02:10:13
Start date:	27/12/2024
Path:	C:\Windows\System32\find.exe
Wow64 process (32bit):	false
Commandline:	find /I "avgui.exe"
Imagebase:	0x7ff7aa950000
File size:	17'920 bytes
MD5 hash:	4BF76A28D31FC73AA9FC970B22D056AF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	02:10:13
Start date:	27/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH \| find /I "nswscsvc.exe"
Imagebase:	0x7ff6c2310000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	02:10:13
Start date:	27/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	02:10:14
Start date:	27/12/2024
Path:	C:\Windows\System32\tasklist.exe
Wow64 process (32bit):	false
Commandline:	tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
Imagebase:	0x7ff7b4df0000
File size:	106'496 bytes
MD5 hash:	D0A49A170E13D7F6AEBBEFED9DF88AAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	02:10:14
Start date:	27/12/2024
Path:	C:\Windows\System32\find.exe
Wow64 process (32bit):	false
Commandline:	find /I "nswscsvc.exe"
Imagebase:	0x7ff7aa950000
File size:	17'920 bytes
MD5 hash:	4BF76A28D31FC73AA9FC970B22D056AF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	02:10:14
Start date:	27/12/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH \| find /I "sophoshealth.exe"
Imagebase:	0x7ff6c2310000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	02:10:14
Start date:	27/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	02:10:14
Start date:	27/12/2024
Path:	C:\Windows\System32\tasklist.exe
Wow64 process (32bit):	false
Commandline:	tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
Imagebase:	0x7ff7b4df0000
File size:	106'496 bytes
MD5 hash:	D0A49A170E13D7F6AEBBEFED9DF88AAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	02:10:14
Start date:	27/12/2024
Path:	C:\Windows\System32\find.exe
Wow64 process (32bit):	false
Commandline:	find /I "sophoshealth.exe"
Imagebase:	0x7ff7aa950000
File size:	17'920 bytes
MD5 hash:	4BF76A28D31FC73AA9FC970B22D056AF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	02:10:14
Start date:	27/12/2024
Path:	C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe"
Imagebase:	0x400000
File size:	2'174'904 bytes
MD5 hash:	BE2EDCF02F80B8D9AB65724911E3F2E6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.4589800216.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.4589800216.0000000002C41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	02:10:16
Start date:	27/12/2024
Path:	C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe" /auto
Imagebase:	0x400000
File size:	2'174'904 bytes
MD5 hash:	BE2EDCF02F80B8D9AB65724911E3F2E6
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000020.00000002.2515238325.0000000002AD3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Function 0520D7A0 Relevance: 2.8, Strings: 1, Instructions: 1501COMMON

Download Yara Rule

Strings

7[IS, xrefs: 0520E78A

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: 7[IS
API String ID: 0-4287113815
Opcode ID: 33d775696174754d0635f7013f27781ae2442026c4f7a1030aaa068012a8b59c
Instruction ID: 292b8b146b11a5db667b720da1d8c005f5744eb2f4c01c03104a618303e2e606
Opcode Fuzzy Hash: 33d775696174754d0635f7013f27781ae2442026c4f7a1030aaa068012a8b59c
Instruction Fuzzy Hash: 51F2D8786000448FD784EF28D594B6A73F6FB9D304F1141A9D60ADB36AEB38AD42CF95

Function 0520D790 Relevance: 2.7, Strings: 1, Instructions: 1499COMMON

Download Yara Rule

Strings

7[IS, xrefs: 0520E78A

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: 7[IS
API String ID: 0-4287113815
Opcode ID: 8c638c96744450bdba6f7e4f126d1d5dc79498401a14c51ef2e2a11e541804cd
Instruction ID: ed5160a49d0691f41ed2c168a5e9146ec088473e51a6a6e497f9d318c19482c8
Opcode Fuzzy Hash: 8c638c96744450bdba6f7e4f126d1d5dc79498401a14c51ef2e2a11e541804cd
Instruction Fuzzy Hash: E1F2D8786000448FD784EF28D594B6A73F6FB9D304F1141A9D60ADB36AEB38AD42CF95

Function 050E4E58 Relevance: 2.7, Strings: 1, Instructions: 1495COMMON

Download Yara Rule

Strings

4, xrefs: 050E5D9F

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 9f6c86dab38254b77f228c4966deaeaed2416fdecaaf588fc9ce244d6a61c475
Instruction ID: 2026695c6b86399b17b02f338a211f6c9f65d5641ae8b6f0efd316c15ffcaec0
Opcode Fuzzy Hash: 9f6c86dab38254b77f228c4966deaeaed2416fdecaaf588fc9ce244d6a61c475
Instruction Fuzzy Hash: C0E25F74A00118CFDB55DF68E894BAEBBF6FB88304F508199EA06AB355DB349D42CF50

Function 050E5345 Relevance: 1.9, Strings: 1, Instructions: 696COMMON

Download Yara Rule

Strings

4, xrefs: 050E5D9F

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: 304392ab65bf83d5eb88215975d1e2a63285111c74ec2d9cf8f2cf2c6e960fe4
Instruction ID: 19d953a22dae2706a71c4de8fdbb14bb9ad863ab968af3a106bc570133fe2861
Opcode Fuzzy Hash: 304392ab65bf83d5eb88215975d1e2a63285111c74ec2d9cf8f2cf2c6e960fe4
Instruction Fuzzy Hash: 4B627274A04118CFDB65DF68E884BAEB7F6FB89300F508099DA0A9B359DB349D42CF51

Function 0520FA91 Relevance: 1.5, Strings: 1, Instructions: 294COMMON

Download Yara Rule

Strings

E't, xrefs: 0520FF16

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: E't
API String ID: 0-3500362013
Opcode ID: 1b027d60fbf6f04cd906ea52e3b8c64e79e3e43a23143cf3a833772d373bc738
Instruction ID: bc2494b54258ddae2526d3a333322916fdcd733b50401b833fc5cf6dbeaf7b07
Opcode Fuzzy Hash: 1b027d60fbf6f04cd906ea52e3b8c64e79e3e43a23143cf3a833772d373bc738
Instruction Fuzzy Hash: 5DC13A347101548FD759EB28D598A6E77F7EB88300F5081A9DA0ADB3AADF349C428F81

Function 0520FA9A Relevance: 1.5, Strings: 1, Instructions: 280COMMON

Download Yara Rule

Strings

E't, xrefs: 0520FF16

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: E't
API String ID: 0-3500362013
Opcode ID: 4ce316dfcfc65847ab4b73e5bbab388bf27429a6d7dddc470dcc331e20d06077
Instruction ID: 940e8572196086a37f0f301181d5028d0784c02d66498e2d3efb294204f8a09c
Opcode Fuzzy Hash: 4ce316dfcfc65847ab4b73e5bbab388bf27429a6d7dddc470dcc331e20d06077
Instruction Fuzzy Hash: 29C13C747101548FD759EB28D598A6E77F7EB88300F5081A9DA0ADB3AADF349C438F81

Function 0520FB66 Relevance: 1.5, Strings: 1, Instructions: 236COMMON

Download Yara Rule

Strings

E't, xrefs: 0520FF16

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: E't
API String ID: 0-3500362013
Opcode ID: 87d43becd438246cc05eb1cb455a9dac17f9ac4a0e120702185ddfc3e34f247e
Instruction ID: 999a611c959ea4f4e38d9dc94514369fc77d38e1c74cd4f8ca2e7978b329ac6d
Opcode Fuzzy Hash: 87d43becd438246cc05eb1cb455a9dac17f9ac4a0e120702185ddfc3e34f247e
Instruction Fuzzy Hash: B8A15D347101548FDB59EB28D598A6E77F7EB88300F5181A9D60ADB3AADF349C438F81

Function 050EC008 Relevance: .7, Instructions: 704COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fa877e2fd9129df923a3e575a17a7520e4b3fb66a6031c21a3b91a71fa24280
Instruction ID: 5f91462c046f1e9ffe0106375f4585920168c859af40c42a9f76e6000fd3e440
Opcode Fuzzy Hash: 3fa877e2fd9129df923a3e575a17a7520e4b3fb66a6031c21a3b91a71fa24280
Instruction Fuzzy Hash: D3527171B04144DFDB55EF68E494AAEB7B7FB88300F648069EA069B359DF359C028F90

Function 028F5B30 Relevance: .7, Instructions: 683COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4d278c1e4e44f9b1e8e3287482ee31f8c9b035c9f1315a2a16a82c745a5b984
Instruction ID: 3d3acf8ab33f14c3db600021e89ad9732a4c4f233007d1d8277d9a9fa90156cc
Opcode Fuzzy Hash: e4d278c1e4e44f9b1e8e3287482ee31f8c9b035c9f1315a2a16a82c745a5b984
Instruction Fuzzy Hash: DA520439A00514DFDB55DFA8C984A69BBB2FF88304F1581A8E61ADB262DB35EC51CF40

Function 051B50A0 Relevance: .6, Instructions: 559COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d59fbd04ac72cc3a79d96259ffd9f81bf6b2cfd27d7bdff997dfe938ea787f5
Instruction ID: c3e1b21caf920c1e9d189de164df9f0e710c8293e4b841a1ed29386617629932
Opcode Fuzzy Hash: 9d59fbd04ac72cc3a79d96259ffd9f81bf6b2cfd27d7bdff997dfe938ea787f5
Instruction Fuzzy Hash: 10325E74B002088FDB65EF65E894AAEB7B3FF88300F608569D60697359EB709C46CF51

Function 051E1AA0 Relevance: .5, Instructions: 503COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc1887609306f0a30be529b303ad9742538d9d7b5bd24465fa0badc1d3f932de
Instruction ID: e9157ec57e87b606ecf4ce198e244a104d0fc5abe1bdc76ec2d3b83d85f42d65
Opcode Fuzzy Hash: bc1887609306f0a30be529b303ad9742538d9d7b5bd24465fa0badc1d3f932de
Instruction Fuzzy Hash: 70122034B002049FDB15FF68E9949AEB7B7FB89300B50852DD506A736AEF349D46CB90

Function 050EBB50 Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27c4f49a09acd0df589b2f6f129aaafd5410d9f24bbae1835f1fba113df580e9
Instruction ID: 4d0b14f57797246adeeadf624667f0a4a614efc0c0285c287b9425a9e6a8ed03
Opcode Fuzzy Hash: 27c4f49a09acd0df589b2f6f129aaafd5410d9f24bbae1835f1fba113df580e9
Instruction Fuzzy Hash: 91129071704144CFDB59EFA8E494A6F77B7FB88300F648069EA069B399DF359C028B90

Function 028F1D80 Relevance: .4, Instructions: 357COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 682df4c77544fb6f667363c76e0828cd5d51a418ec0353e2d1cf1440c6ce16bd
Instruction ID: 25fa2d0df03d49a708a3d2e285e03fa1ebcc3f7a8d2494472286d1f233937bbf
Opcode Fuzzy Hash: 682df4c77544fb6f667363c76e0828cd5d51a418ec0353e2d1cf1440c6ce16bd
Instruction Fuzzy Hash: E8E1D239600242CFC746DF68D494A99FFF2FF89320B1581A9D545AB396DB31AC86CF90

Function 051EA710 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47d5640c228cc1ac102010412d2f489bf9b5acb37b0aecf0920133a34963b9f4
Instruction ID: f0e6d614c2be74d91fd63a96100d03607f163a366ac036ee6f5b5f8a620f854b
Opcode Fuzzy Hash: 47d5640c228cc1ac102010412d2f489bf9b5acb37b0aecf0920133a34963b9f4
Instruction Fuzzy Hash: A5D15E34B005059FDB09FF68E4949AE7BB7EB89300B50851DD606A73AAEF349D43DB81

Function 051EA6FF Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb2eb7a070799bf7ab518a5757840eb82f8d920c834d8985340ea963bef6d650
Instruction ID: 0ab4e277e1a18c28e20935f79e63257a6d887d273c4a69a1cbc3177a1dffaae9
Opcode Fuzzy Hash: cb2eb7a070799bf7ab518a5757840eb82f8d920c834d8985340ea963bef6d650
Instruction Fuzzy Hash: D8D16134B005059FDB0AFF68E494AAE77B7EB89300B50451DD606A73AAEF349D43DB81

Function 05209F80 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23cf6bed484b00428a3d9de6b125b7fce6c9391a58b936ccee286846e09ff72e
Instruction ID: 582ab1bff8fffc76a1db23a5873333d88aac9f8ea3100231ac142c57ecc2da4e
Opcode Fuzzy Hash: 23cf6bed484b00428a3d9de6b125b7fce6c9391a58b936ccee286846e09ff72e
Instruction Fuzzy Hash: 65B16070E1530ACFDB10CFA9C8857EEBBF2BF88304F549129D419A7295EB759885CB81

Function 0520A850 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5066f78e1f1d6f38e06c164ed4acc9cd8e8b8b3246c868fc9a5869488026629b
Instruction ID: 6fe571d38110670a05e482b8c7e38ca31d099d068da252c105b9c70c28e43f31
Opcode Fuzzy Hash: 5066f78e1f1d6f38e06c164ed4acc9cd8e8b8b3246c868fc9a5869488026629b
Instruction Fuzzy Hash: E8B17D70E1530ADFDF10CFA9C8857AEBBF2BF88310F549129D819A7295EB749845CB81

Function 05209C38 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d1656ccb424b74c7e22fa13243d314829f41edcdb838bb6d1e83351cb457f9
Instruction ID: 9728482dd2153b7dae51b4f28c0043673abc7fdf5937eeae35144b6cee0b14e0
Opcode Fuzzy Hash: 19d1656ccb424b74c7e22fa13243d314829f41edcdb838bb6d1e83351cb457f9
Instruction Fuzzy Hash: 46919470E15209DFDF10DFA8C8857EEBBF2BF88714F149129D40AA7296DB749885CB81

Function 028F53C0 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee85db7f8da2c75dd5aab1007c26fc4ebe5eb4fabfaeeb530585b314dbbc00dc
Instruction ID: a9873a7bf4fc8af28a75e75ba9b64181d41d8776ba0b7518881f0193febef9f9
Opcode Fuzzy Hash: ee85db7f8da2c75dd5aab1007c26fc4ebe5eb4fabfaeeb530585b314dbbc00dc
Instruction Fuzzy Hash: CB514970A10685CBD74DEF7AE94169E7FA7FBC8300F14C56AD104AB269EF7848068F50

Function 028F53D0 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1c010072dd30f54b3ac32bc75f73d6de7a149eec9c20698ba4340b284733a3a
Instruction ID: d6323a35cac17d7b29cdba0ef8f94d2fa3ef83e2bc215dbd6d4d52ee60a49d26
Opcode Fuzzy Hash: c1c010072dd30f54b3ac32bc75f73d6de7a149eec9c20698ba4340b284733a3a
Instruction Fuzzy Hash: D2514A70A106858BD74DEF7AE84169E7FEBFBC8300F04C56AD104AB269EF7858068F50

Function 050B7C60 Relevance: 4.1, Instructions: 4052COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4598842964.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97716dee933d09b937b2f4c08e9e91139a8edcd22550b488ae4c256af28d4950
Instruction ID: 0fd6e4310c335fd290277acd7395db85510afea81cec34ab02dcc26c7ea68a3a
Opcode Fuzzy Hash: 97716dee933d09b937b2f4c08e9e91139a8edcd22550b488ae4c256af28d4950
Instruction Fuzzy Hash: 7963F830F002258BDB755B68E4947BEB9F7BFC8750F54855ADA0AD7348DEB08C428BA1

Function 0520FDAA Relevance: 1.4, Strings: 1, Instructions: 113COMMON

Download Yara Rule

Strings

E't, xrefs: 0520FF16

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: E't
API String ID: 0-3500362013
Opcode ID: ddf19e619174be05d52fcf8c5646954a121f2e3bee7543e9132a7720384f0a08
Instruction ID: b84ec04b3c5acd98c6869bad7503df847b9add5fd35de113efc23376c4221063
Opcode Fuzzy Hash: ddf19e619174be05d52fcf8c5646954a121f2e3bee7543e9132a7720384f0a08
Instruction Fuzzy Hash: 2C413D347501458FD759EB28E594A6E77F7EB88300B5081A9D60ADB3AADF38DC038F91

Function 0520FDB7 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

E't, xrefs: 0520FF16

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: E't
API String ID: 0-3500362013
Opcode ID: 124fbab2663f61602fc0f937bfb623dd0b8ae319cb810a6bdb118427dc9a13be
Instruction ID: 1327f44b63f2ed31fff5a5c7f965e44f287059298eb4a0c76045bc8ead821475
Opcode Fuzzy Hash: 124fbab2663f61602fc0f937bfb623dd0b8ae319cb810a6bdb118427dc9a13be
Instruction Fuzzy Hash: 57414F347501418FD759EB28E594A6E77F7EB88310B508169D60ADB3AADF34DC038F91

Function 0520CF70 Relevance: 1.3, Strings: 1, Instructions: 85COMMON

Download Yara Rule

Strings

@, xrefs: 0520D092

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: f65fc2bb27f9c901b27b99edd4a622d95318531617157a298229ff638382fa74
Instruction ID: 379177eca952075631f0251dc2a07b79e46bf8d01a2568139672df83472c79c6
Opcode Fuzzy Hash: f65fc2bb27f9c901b27b99edd4a622d95318531617157a298229ff638382fa74
Instruction Fuzzy Hash: 3D317E347111058FDB54EB68D594AAF77B7EF88304F505429C60A9B3AAEF749C02CB92

Function 0520CF60 Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

@, xrefs: 0520D092

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 1f4db65933ae873289058997b1e9e378d7e5b8e0b9cf00204fbd8fa067c17649
Instruction ID: 85ee7dc742478aefcbfa0d60c7e22a5477f53ca1149117aa7316af67e17b4685
Opcode Fuzzy Hash: 1f4db65933ae873289058997b1e9e378d7e5b8e0b9cf00204fbd8fa067c17649
Instruction Fuzzy Hash: BA31A0346121018FD754FB64D594AAF37B7EF88304F505429C6069B3AAEB349C03CB92

Function 050BD5E0 Relevance: 1.3, Instructions: 1331COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4598842964.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b02ede17c040ba7a1904c7063f02275f3ede07678e7b1bafa89be9d9442af2bd
Instruction ID: 31d4cace8f2a74ee68400784808e0dcffc16697f84cd683d798a54d31cb3d2c2
Opcode Fuzzy Hash: b02ede17c040ba7a1904c7063f02275f3ede07678e7b1bafa89be9d9442af2bd
Instruction Fuzzy Hash: 7BB25E70610214CBE7649B69D8987AEFBFBBFD5700F50856DE606962C8CFB08D818F61

Function 051BAF90 Relevance: .8, Instructions: 799COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3935c277b53cbc87b7a078e0beb40b8d792d239fd77fa488b1bac492fc3b6ef
Instruction ID: 050188ed82ef043eb48d3533529cb94909684c3c3fe44ccfed2213e5b6452f33
Opcode Fuzzy Hash: b3935c277b53cbc87b7a078e0beb40b8d792d239fd77fa488b1bac492fc3b6ef
Instruction Fuzzy Hash: 9B820874A042189FDB65DF68D894BAEBBB2FB88300F5081D9E509A7365DF309E85CF50

Function 028F7230 Relevance: .8, Instructions: 776COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb7972159797f4a4c66dcd9da2830ff32c3ef65dc4df17b8d37e404bcb8db450
Instruction ID: c342d2f6fdd393ccb2f992b2d0b388c35b2f587010709800144f4f6383aa5252
Opcode Fuzzy Hash: cb7972159797f4a4c66dcd9da2830ff32c3ef65dc4df17b8d37e404bcb8db450
Instruction Fuzzy Hash: 23628174B101548BDB99AB68E4586AFBBB7FB84300F508069D606DB39CEF349C038F91

Function 028F746F Relevance: .6, Instructions: 607COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd113a05dcf721f497a4f726e81c16c0b916440721c2a532f09155b9a7aaad6e
Instruction ID: d585da96d9c469576e744707f183eb788ed0da06d04677c5c9ef2a88b55b9fa5
Opcode Fuzzy Hash: fd113a05dcf721f497a4f726e81c16c0b916440721c2a532f09155b9a7aaad6e
Instruction Fuzzy Hash: 3C328C747141548BDB99BB68E4586AFBBB7FB88700F508058E6069B39CEF349C039F91

Function 028F74E6 Relevance: .6, Instructions: 583COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a946fc2f9954648680da71f383c22d6c9302e6520a560576a8c036d20f0a89e0
Instruction ID: 79f53026d83263dbd41f37cd49ecdbbb31b396c30bd229c21acf64097687663d
Opcode Fuzzy Hash: a946fc2f9954648680da71f383c22d6c9302e6520a560576a8c036d20f0a89e0
Instruction Fuzzy Hash: A5329D747141448BDB99BB68E4586AFBBB7FB88700F508059E6069B39CEF349C039F91

Function 028F751A Relevance: .6, Instructions: 572COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22ea44178b6a09191ca41a820d22c94e0654eb739df28beb31aa3ba374cbe500
Instruction ID: 68ae884ef090f2204a086ad85fa43a2b352bb2f9f270325b82da85678d2af3b8
Opcode Fuzzy Hash: 22ea44178b6a09191ca41a820d22c94e0654eb739df28beb31aa3ba374cbe500
Instruction Fuzzy Hash: 5F329D747141448BDB99BB68E4586AFBBB7FB88700F508059E6069B39CEF349C039F91

Function 028F7578 Relevance: .6, Instructions: 551COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 924b84862d39eac3bc92b0a89af3ac5345c27fadb7791fe71f2b3d0dc7baf110
Instruction ID: 4d116a9222296502c0c3efcbd8ac1ab6a946de6cb29c2a810ec28520baa40425
Opcode Fuzzy Hash: 924b84862d39eac3bc92b0a89af3ac5345c27fadb7791fe71f2b3d0dc7baf110
Instruction Fuzzy Hash: 4B228C747141448BDB99BB68E4586AF7BB7FB88300F508469E6069B39CEF349C039F91

Function 05BC1220 Relevance: .5, Instructions: 491COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 334d6dc779296e804176faf4e1f6b84ce51cab7fcce1d2e4ac946dbcbe76a1ad
Instruction ID: fe5f2db81ab49b585b683d7d5a099e679721a0bb0c9ce12fb360edb72cba7af6
Opcode Fuzzy Hash: 334d6dc779296e804176faf4e1f6b84ce51cab7fcce1d2e4ac946dbcbe76a1ad
Instruction Fuzzy Hash: AF22B334A00204CFDB15DFA9C594AADBBB2FB89304F6485ADD406AB362DB71ED42CF54

Function 051B2AF0 Relevance: .5, Instructions: 476COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 478fe966121bb1ecd37fb240d4b40051f3a4ecabff32477941abd3d4fb1677a6
Instruction ID: 1de96d7e1b1ac047799f32fb4036acf0bc9519c32e2769e304cb019150a13d51
Opcode Fuzzy Hash: 478fe966121bb1ecd37fb240d4b40051f3a4ecabff32477941abd3d4fb1677a6
Instruction Fuzzy Hash: 0902E1707081458BEB59EF68E85467F77A7EBC8300F508468E626C7799EF788C128F91

Function 05BC0548 Relevance: .5, Instructions: 476COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 128bf2de7511b7fc0b1954c7de62943c50a1c03bb3d36b812ab70fdc2819dd98
Instruction ID: ffb8cb9536eac07adb8662268e376e18406c53cc03a2f8613ae6118f43253c8a
Opcode Fuzzy Hash: 128bf2de7511b7fc0b1954c7de62943c50a1c03bb3d36b812ab70fdc2819dd98
Instruction Fuzzy Hash: 3A122A30A00609CFDB25EF79C454A9EBBB2FF84314F6486ADD506AB790DB75E841CB44

Function 051E1A90 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3631292503f383ebd7add8fb0b5e0642f5732383ebaa0c15f4afb77969a94f3f
Instruction ID: 3fd4d1ea14c9a4f22fb16e6bee9b75a2d2fb6c14089ff9fc8fe829f327e1fd16
Opcode Fuzzy Hash: 3631292503f383ebd7add8fb0b5e0642f5732383ebaa0c15f4afb77969a94f3f
Instruction Fuzzy Hash: 0EE14334B002049FDB15FF68E9949AE77B7FB89300B50852DD606A73AAEF349D46CB50

Function 05BC0538 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53ddc73c4db648d01380c5c73ad302c184cbd208c66bf1f090a10181d667f092
Instruction ID: 4226d6df93c6a991dc08e7ee284c60cd7c49f2b5753cd3e9f4dd8f777968e1f3
Opcode Fuzzy Hash: 53ddc73c4db648d01380c5c73ad302c184cbd208c66bf1f090a10181d667f092
Instruction Fuzzy Hash: 41D12A30A0060ACFDB25DF69C454BAEBBB2FF84314F6486ADD4069B691DBB5E841CF40

Function 051BAF82 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96ef6d416c94fe04f7d1d96107be6bb33b9bf6984a8928a30ee8cbbb54190d4a
Instruction ID: 97a173a6da39a8bb81a6c1bebb4a0f6fc5ffd012e18482d9aa7895b45fed5526
Opcode Fuzzy Hash: 96ef6d416c94fe04f7d1d96107be6bb33b9bf6984a8928a30ee8cbbb54190d4a
Instruction Fuzzy Hash: 30E13D74A002189FDB65DB68D854BEEBBB6FF88300F508099E509A7395DF709E85CF90

Function 050BB7B0 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4598842964.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fa5c3557b4d12eec94b33de6aa568e1503a9a9587813208d3d1d2786604f13d
Instruction ID: f4799b9785208e7653d643a5c29406d0bb75a8e14804b164fc2e869fff59b008
Opcode Fuzzy Hash: 3fa5c3557b4d12eec94b33de6aa568e1503a9a9587813208d3d1d2786604f13d
Instruction Fuzzy Hash: 45B17034B006028B9B6AAB24E4A59BDBBF7FFC5240714441EE907D7348DFB5D8028B85

Function 05BC1BD1 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 722875abd3a67bacdafed61b13456345aac1ff82ea73f14f96b70c851936260b
Instruction ID: 91034b1df2d1fbd06622dccae94fa47b78595eda0fac1079d80664146c606ac7
Opcode Fuzzy Hash: 722875abd3a67bacdafed61b13456345aac1ff82ea73f14f96b70c851936260b
Instruction Fuzzy Hash: A1D1D574A04609CFDB14CF58C584A9DBBB2FF89310F25C299E809AB366D770E985CF94

Function 05209F76 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd15ab899c3ac753f4116e8d5a7eed0530962f1ba477b72443e867c64a92100c
Instruction ID: 26b0eca4e53e10c25d73ff9d875824d9a0f3677b008ef742bfc500e0307656ad
Opcode Fuzzy Hash: fd15ab899c3ac753f4116e8d5a7eed0530962f1ba477b72443e867c64a92100c
Instruction Fuzzy Hash: 79B16F70E1530ADFDB10CFA8C8857EEBBF2BF48304F549129D819A7295EB759885CB81

Function 028F8690 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e360f15a3e67a57b324cbaee6d4872472f552494fb56228941db21437cf3997
Instruction ID: bc0c66a481098cd31b5326655e14d5b70f3818cc414ede196bb5919390d1943f
Opcode Fuzzy Hash: 5e360f15a3e67a57b324cbaee6d4872472f552494fb56228941db21437cf3997
Instruction Fuzzy Hash: D8B18C38A00204DFDB44EF29D594A59BBF6FF88310F1585A9E905EB3A5DB71EC02CB90

Function 0520A844 Relevance: .3, Instructions: 262COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c257f0c6bd2a311885e93c23b07abee9fe5b40b07efd42b78e860bde78e52241
Instruction ID: 0960baf2bbd8253a47383734ede7a6b0fc36118d3b1c5c61486191f97624af40
Opcode Fuzzy Hash: c257f0c6bd2a311885e93c23b07abee9fe5b40b07efd42b78e860bde78e52241
Instruction Fuzzy Hash: ACB17C70E1530ADFDF10CFA8C885BAEBBF2BF48310F549129D819A7295EB749845CB81

Function 028FFC18 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eea46497059aa65be35dcac06d1e29357211c7d9538ab7f96dc7f5055f071906
Instruction ID: 368d11c690b16743af17b8dfbaa6d74c33b63d3fd577b280e64a25522f3c64c8
Opcode Fuzzy Hash: eea46497059aa65be35dcac06d1e29357211c7d9538ab7f96dc7f5055f071906
Instruction Fuzzy Hash: DDA16F79600114CFCB59EF58D484AAEB7B6EB88310F508119DA06DB7A8DF34ED46CF90

Function 05BC0EF8 Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54ea4e851304b312d622688f6f06fbe720116a3ee8c15f1bca4fb47b12f13a4d
Instruction ID: a94b5af1b1841f5a826f10bbe6e9de48ba572edeb434d8bf7ad5f874c69b801d
Opcode Fuzzy Hash: 54ea4e851304b312d622688f6f06fbe720116a3ee8c15f1bca4fb47b12f13a4d
Instruction Fuzzy Hash: CB31A5356042408FD315EB29D444A5ABFE3EFC5310B14C6AED1898F391DE75E80ACB91

Function 051EA2A0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8707d4f9251b2545a0a2cb834244311d92e95cd6f2393f622ef22d0dd4f83b18
Instruction ID: de799e338d5e0db7dc748cd9200c77c55a452960636ef71f5e574a58f7f6d2fa
Opcode Fuzzy Hash: 8707d4f9251b2545a0a2cb834244311d92e95cd6f2393f622ef22d0dd4f83b18
Instruction Fuzzy Hash: CB917D34B045059BDB05BF64D498AAEB7B7EF89300F10812DD506673AAEF749D87CB81

Function 028F7220 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7040a29cc12193e1168e853b633722cd89cef5fed5992a4d0fbf6e331a1a074
Instruction ID: cd50e359b0d17acbb4a4e88ea0f077eeeac3526630d08c8227420da56b76204f
Opcode Fuzzy Hash: b7040a29cc12193e1168e853b633722cd89cef5fed5992a4d0fbf6e331a1a074
Instruction Fuzzy Hash: 93A17D74B102558BDB99EB28D85476FBBB7FB84300F4084A8D60AD7389EF349C429F91

Function 05BC1211 Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcfd522072b653e9ce6bd94744dd9ed44260c36efd9032a301481ec943600e89
Instruction ID: 6bc8d805b9f9d443581ae3081c51d48072f75ea17effb2d6c6412330771ac95e
Opcode Fuzzy Hash: bcfd522072b653e9ce6bd94744dd9ed44260c36efd9032a301481ec943600e89
Instruction Fuzzy Hash: 34A10774A00204CFDB25CFA9C594AADBBB2FF88304F6485ADD406AB362DB71E941CF50

Function 05209C2E Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 790a4fa884500dc2d960e8bd41280ffb8defe02d4effe3704ff3ef743f0cab38
Instruction ID: aedb51badd3ddcd68834bde1513645e2c8701ba9e6315b9632b11fac416fc73a
Opcode Fuzzy Hash: 790a4fa884500dc2d960e8bd41280ffb8defe02d4effe3704ff3ef743f0cab38
Instruction Fuzzy Hash: CD91A370E15209DFDF10DFA8C8857EDBBF1BF48714F149129E40AA7296DB749885CB81

Function 028F7268 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef9bc553602fac67c31054d4f61d5fb14fb2c9927d3e57b45a78fec74340898a
Instruction ID: c762f78c53f869eefc2e1a593bb3085d2d94083a1baea0f797eef162796313f8
Opcode Fuzzy Hash: ef9bc553602fac67c31054d4f61d5fb14fb2c9927d3e57b45a78fec74340898a
Instruction Fuzzy Hash: 37918D74B102558BDB99EB38D85476EBBB7FB84300F4084A8D60ADB349EF349C428F91

Function 050EE2E5 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75fefc9483f80a9418f54c28d128bcf878a473feb0928d7c55130106812922ad
Instruction ID: a4f5a2f580285e87b11baf671033b24fd829e76d57d13dc008dad3b13e709eeb
Opcode Fuzzy Hash: 75fefc9483f80a9418f54c28d128bcf878a473feb0928d7c55130106812922ad
Instruction Fuzzy Hash: 257178707181449FC799AFA8F89857F36ABEB84201F90846AE207DB7D9DE258C078B51

Function 051EA29B Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0796432a3c0a2bc85fadcfadee6456132d722754f4e10c9acca4ee10a667dd32
Instruction ID: f73ca245e871dc285ac566eb7792d526b696eb006b27999ad407c7520132b90d
Opcode Fuzzy Hash: 0796432a3c0a2bc85fadcfadee6456132d722754f4e10c9acca4ee10a667dd32
Instruction Fuzzy Hash: F7718C30B04A059BDB05BF68D4986AEB7B7EF89300F10811DD506673AAEF749987CB91

Function 050BEA3C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4598842964.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ae7881295a8f6c151138a4419fd54a1d309e16b64e19974df429b5ea197c00f
Instruction ID: 03a71995213c9540cc2134cadd5fec63a0174da7f4449cf1a9d2d4a4d21b24f4
Opcode Fuzzy Hash: 8ae7881295a8f6c151138a4419fd54a1d309e16b64e19974df429b5ea197c00f
Instruction Fuzzy Hash: 7661943170030147E7299E16D4D8A7EFBEFBFC9601B89887D950797384CFB4A80A8B51

Function 051BEB90 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c18763f631fe4a0aaa068f9b9d82258bca15b01f05df98fffb451fe5d3c6ffdf
Instruction ID: 5af941922fc272000973a159fd8d0cf3c9684f57fc6d9292adff4cc824936c56
Opcode Fuzzy Hash: c18763f631fe4a0aaa068f9b9d82258bca15b01f05df98fffb451fe5d3c6ffdf
Instruction Fuzzy Hash: 6381183A114100EFDB5AAF84EA48C95BFB7FF4C32430A8194E2455B276C773D8A2EB51

Function 050BEA58 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4598842964.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80e02d2177f0f591736422ec0aca6d48af28cd66429f7b06192eeeaaa1b3220
Instruction ID: 479ad0e0709ce9f103d0ad6266b31b9c4e0edc9bc8488c5801893de1faa84316
Opcode Fuzzy Hash: e80e02d2177f0f591736422ec0aca6d48af28cd66429f7b06192eeeaaa1b3220
Instruction Fuzzy Hash: 79517F3170030147E7299E66D4D8A7EFBEFBFC9601B99887D950797384CFB4A80A8B51

Function 0520A5C8 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 143ff0e52c5f33127538c82fd692a31472aec3e5fdd2cd1e89dc655af1b8f21c
Instruction ID: 4af8d19c0031df2d7f40d9a059439b4aebf0ecee63f5fdd2bca4bcd427411658
Opcode Fuzzy Hash: 143ff0e52c5f33127538c82fd692a31472aec3e5fdd2cd1e89dc655af1b8f21c
Instruction Fuzzy Hash: E8716C70E11309DFDF14CFA9C884BAEBBF2BF88714F549129D419AB294EB749841CB81

Function 050EFD20 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8b33ec86419cf0b693284e071fa13aef614b13e08986a8a2dec492cf1f78cd6
Instruction ID: c0ed42f27c8db5653c7440277b1c7c2da71aacb18b296ce67290c5706cf75632
Opcode Fuzzy Hash: f8b33ec86419cf0b693284e071fa13aef614b13e08986a8a2dec492cf1f78cd6
Instruction Fuzzy Hash: 35515C36B0410A9FCF45DFA8D8449EEBBF6FF8C210B14816AEA05A7310DB71E9119B91

Function 0520A5BC Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41e76ec0f20c5dcc41789969763d8ca987920d1a88363d5e399948188e10e120
Instruction ID: 4ea41ae3614574d383c6ffcb36385ff5fd1cf909a328e6c8779d34103c44fbe2
Opcode Fuzzy Hash: 41e76ec0f20c5dcc41789969763d8ca987920d1a88363d5e399948188e10e120
Instruction Fuzzy Hash: 2E7159B0E113099FDF10CFA8C885BEDBBF2BF88714F549129D419AB295EB749841CB91

Function 050E3730 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3ff9b44bce282ff36c5e3b2f6bd7d857a82667197b2fe51530f89b07337b1e
Instruction ID: 1a6f575fe945b908b40654d7b840ea89ce8b7af1d58d9068605c7722b662c9f8
Opcode Fuzzy Hash: 1a3ff9b44bce282ff36c5e3b2f6bd7d857a82667197b2fe51530f89b07337b1e
Instruction Fuzzy Hash: FD51AF707042449FD749EF68E494A6F7BE7EBC5210B50886DD606DB399EF389C028B91

Function 028F8682 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4db05ba9b1a7d793b6dca9d4575a161d5d8067672cff614d638abf14182e022
Instruction ID: aef939c5bfe2c10f134aa7f0bdb222431a8e6117f2f4ac3ce0deae33c9f6aa52
Opcode Fuzzy Hash: b4db05ba9b1a7d793b6dca9d4575a161d5d8067672cff614d638abf14182e022
Instruction Fuzzy Hash: F4615D39A00604DFCB54DF29D584A59BBF6FF88310B158569E90AEB365EB30EC02CF90

Function 050E05E0 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed907f6234455fa8bb66f651ddb959df36e433b1d21b3ee5216d704705a4b719
Instruction ID: d7f4e201891975dbaf150f734bd383b9cd7f96a926c6abeeb57a4992a3f9a5dd
Opcode Fuzzy Hash: ed907f6234455fa8bb66f651ddb959df36e433b1d21b3ee5216d704705a4b719
Instruction Fuzzy Hash: A1519234B042049FDB54EF69E898B6F77B6EB88314F50802DD60697398DFB49C068FA1

Function 028FC770 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5ecddd84ce0b35c22b0c267427ddcc528ffb2d6d4a8b36be9213d8f290896dc
Instruction ID: 00f26418379b829f89e89a35cc27f57e724b73b8e0066463468c9e46188a2237
Opcode Fuzzy Hash: b5ecddd84ce0b35c22b0c267427ddcc528ffb2d6d4a8b36be9213d8f290896dc
Instruction Fuzzy Hash: C851FB76600100EFCB4AAF98D948D6A7FB7FB8C3107558098E6069B37ADB35D812EF51

Function 05207870 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a23a79bd0995bbe3349f7f321e45849927448bac0eafff6c4191c25197f5f6e
Instruction ID: 63114f938130349f73c08ab23cbc5554dbed1a600332cf0cc9c11f7222195e80
Opcode Fuzzy Hash: 9a23a79bd0995bbe3349f7f321e45849927448bac0eafff6c4191c25197f5f6e
Instruction Fuzzy Hash: B6514B347100159BDB44EB68E494A6F77BBFF88300F548129D606DB39AEF34AD02CB91

Function 028F7409 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd0b840128bbdb7d8be286be5b165ad140294f1ecbd472f16606d1ebd2e4166
Instruction ID: 50a2f7b48a91c80a8aa116fa49896b01b656c53c01130f22b7ff7f6d598b7dbb
Opcode Fuzzy Hash: 8cd0b840128bbdb7d8be286be5b165ad140294f1ecbd472f16606d1ebd2e4166
Instruction Fuzzy Hash: 0A41B139B101558BD799AB38D854A6FB7A7EBC4700F41856CD60ADB38CEF349C029F91

Function 05207861 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87701b587cd260e9be57e0a1bb13f0afcd8a7f770d51b74dcef2c234519e30ad
Instruction ID: b01cf7da140d8893f81aad1ba80c769c62a97a0270324d8e60c6a713df7c248b
Opcode Fuzzy Hash: 87701b587cd260e9be57e0a1bb13f0afcd8a7f770d51b74dcef2c234519e30ad
Instruction Fuzzy Hash: 1B516D346201158FDB45EB68E494A6F77B7FF88300F548129D606DB39ADF34AD02CB91

Function 051BD2A8 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcbb1c913a751c0697014b0cc70168f4b9b129b779ea42bb9245bc866fc76322
Instruction ID: 63893399950d5a1fa3a730f238bb1481df7539eb9d624823e4dafdf4e5b0e1ae
Opcode Fuzzy Hash: bcbb1c913a751c0697014b0cc70168f4b9b129b779ea42bb9245bc866fc76322
Instruction Fuzzy Hash: F4315075700104AFDB09EF54E844EAE77B7FB88310F148568EA069B366DB71D802CB90

Function 051B6F90 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bcb178f638fb54f3b1215fabab2c0620a65c1d9c27d12f4eb68cec0e3c4f375
Instruction ID: 4490dab851bb3f69e13158f889abd0606287bfa7ac03ab4c2f109d60f0fa5a40
Opcode Fuzzy Hash: 2bcb178f638fb54f3b1215fabab2c0620a65c1d9c27d12f4eb68cec0e3c4f375
Instruction Fuzzy Hash: 87419F35710104DFDB56EFA8D884ABE7BF7EB8C700B048058E606A73A5DB318D029FA1

Function 051B6FA0 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6bc4936766ad500b5efe6cc243c063349168325b0e82cf41b59fae77dd31011
Instruction ID: 77593f3182171e93776fcf824337bf9f11a5798556b06d92ecda189d1c9cfbc6
Opcode Fuzzy Hash: f6bc4936766ad500b5efe6cc243c063349168325b0e82cf41b59fae77dd31011
Instruction Fuzzy Hash: 34417C347101049FDB5AEBA8D854ABE7BF7EB8C700B548058E606A73A5DF318C029FA1

Function 028F18ED Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22e0859e2d1e65eff348484b5ddb1879bc9899d5fc8c849d535ff93e3678fa22
Instruction ID: 6d69588b0a2e074d513a0278c3ef01d6b07768eabc9662c13a3755171b1736ad
Opcode Fuzzy Hash: 22e0859e2d1e65eff348484b5ddb1879bc9899d5fc8c849d535ff93e3678fa22
Instruction Fuzzy Hash: F441C878B10108CFCB84DF68D598AADB7F2BF48315F6544A9E50AEB3A5CA359C41CF50

Function 051E7AA8 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54f25333b5a5ee4a0ff46d601609ef4b31aafbf3b7d2e0838592a33075e28dd9
Instruction ID: f14375ca72df73cd3b74ba5dfb2c7933c2bfc888b8c98584addef67bca40e4fd
Opcode Fuzzy Hash: 54f25333b5a5ee4a0ff46d601609ef4b31aafbf3b7d2e0838592a33075e28dd9
Instruction Fuzzy Hash: BD2107367042448FD704EBB9A8405AE7BEBEBC5260B1440BBDA09D7391DF358D0297D1

Function 051E7BF0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e4c69d48fcc96877e0c730360fc18c07fb884c6be477f9c824b39df377ca9f2
Instruction ID: 6d77bd973d985168af4c4618728998bdd2ed66aa8b11c53d4ee2d77ec1c3bfc7
Opcode Fuzzy Hash: 9e4c69d48fcc96877e0c730360fc18c07fb884c6be477f9c824b39df377ca9f2
Instruction Fuzzy Hash: B0317F72600059AF8F028ED59C40CFFBFBEEB8D200F044466FA55E2150DA36DA259BB0

Function 05208495 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bc58ca0093453e6605c6d158d426a621f22f7607274297750ff0c76b9eef938
Instruction ID: 5ab385346a9bb38cb7bb2f814a6ac54f27642ce8a89f6582d54fad7a07797c49
Opcode Fuzzy Hash: 3bc58ca0093453e6605c6d158d426a621f22f7607274297750ff0c76b9eef938
Instruction Fuzzy Hash: 5C41DCB1D01349DFDB10CFA9C994ADEBFB1BF48310F248429E909AB254DB75A949CB90

Function 0520C630 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0357f85a591177238a26126ddb75622a70a052f7915afed926dc6711c6d19b29
Instruction ID: bcf45461f3635825ae42d802e1693a726966c1faac019de7b79851691868c953
Opcode Fuzzy Hash: 0357f85a591177238a26126ddb75622a70a052f7915afed926dc6711c6d19b29
Instruction Fuzzy Hash: 1D31A3347112448FDB05EB64C4986AE7BB3EF89200F15552AC606EB3A6EF349C03CB91

Function 052084A0 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e90d1f3bee81debb8c93b196031cbf801d04b65d774486e3cf569ecc3278283b
Instruction ID: 80fdc3f7c76408e5339ddbd587a92c9108fb1b0f9447145cea965c64812eda3f
Opcode Fuzzy Hash: e90d1f3bee81debb8c93b196031cbf801d04b65d774486e3cf569ecc3278283b
Instruction Fuzzy Hash: 7141CBB0D01349DFDB10DFA9C994A9EBFB5BF48310F208429E909AB254DB75A945CF90

Function 0520B6F0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27c445c764ac82a883d4d4decabf6fb351f157bee218d9125f35a82de9d3b203
Instruction ID: 922ccd06d79700a57ea4f8d8c5bba37feda3cc53f93e41d1cb0b7a49209f2d08
Opcode Fuzzy Hash: 27c445c764ac82a883d4d4decabf6fb351f157bee218d9125f35a82de9d3b203
Instruction Fuzzy Hash: 9F315E34B25219DBDB24EB64E454ABE77B2FF88700F109529DA06E73A5DF709C02CB91

Function 050BF054 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4598842964.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ba145ff78e3cf7576bf15e196b772133b01dedfd0d83c6afac31377589cd17b
Instruction ID: 7c94fe63fd4e1b24333d9ca07249e75271fb6330d0434519257c46ca791cf67d
Opcode Fuzzy Hash: 3ba145ff78e3cf7576bf15e196b772133b01dedfd0d83c6afac31377589cd17b
Instruction Fuzzy Hash: A8214B3170430207EB296A3ADCD4BBFF7E7BFD6501B8989BD810697395CEA4AC064760

Function 0520B6E0 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d9865c5f6da524299131a2651bd162bb1fa7b5625c4c41e4a7ee0df5c47df0c
Instruction ID: 042b00daacc9fd5168887bababc922bb508cc68293a854fd764dee0d6397eb6e
Opcode Fuzzy Hash: 1d9865c5f6da524299131a2651bd162bb1fa7b5625c4c41e4a7ee0df5c47df0c
Instruction Fuzzy Hash: 29318D34A25219DBDB24EB64E444ABE77B2FF88700F10952DDA06A73E5DB708C02CB91

Function 050E9AD8 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8730e1fe1449e79c3d7e378e35bac369fcac1a2dd8b94e92b83d00415bc517b2
Instruction ID: 0f6eeb6fe30e325fe7774429814482ae59c92ab0749ca3e5dd3d1b300381475b
Opcode Fuzzy Hash: 8730e1fe1449e79c3d7e378e35bac369fcac1a2dd8b94e92b83d00415bc517b2
Instruction Fuzzy Hash: 923189743041499FDB86EF29E880AAF7BEAFB89240B548455FD05C73A0DA35DC51DB20

Function 050BF070 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4598842964.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e7665775a09f0331cf92d1269f63ad5386f0f66f50804ecaca587288c13c714
Instruction ID: 58cf8598d3a2e44555d6112231a57521eaa85fc254a32a28e90ef2a72173d092
Opcode Fuzzy Hash: 1e7665775a09f0331cf92d1269f63ad5386f0f66f50804ecaca587288c13c714
Instruction Fuzzy Hash: B321FC3170430207DB286A3AD8D477FF6EB7FD6511B49CDBC820697394DEA4AC064761

Function 051BD298 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 905e8de4d17011331178789e9b93c3f8a91a1d8b51bc5b314a10988eb24262b0
Instruction ID: 134892e9b592029190bb7c45e3170d173898f5b7523464d329517e75efda210b
Opcode Fuzzy Hash: 905e8de4d17011331178789e9b93c3f8a91a1d8b51bc5b314a10988eb24262b0
Instruction Fuzzy Hash: C2217136700104AFDB19DF94E884EEE7BB7FB88310F054568E6069B366DB71D916CB90

Function 028FD180 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93571cc47880436925a83aae316d465f95fa552a7c35febae8aebe0044f7dd24
Instruction ID: 0d334f4c4f1ceaf61ecae8960d4a35df05593eb8ed0b199e03cfa78f47aaa9f9
Opcode Fuzzy Hash: 93571cc47880436925a83aae316d465f95fa552a7c35febae8aebe0044f7dd24
Instruction Fuzzy Hash: 2F3193B5604149EBDB55EF98D8549AFBBBBEB8C310F50C119E612E7398DE349C028F90

Function 05BC4362 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95af163be2e22f52fa9cddc60266ffe29886d36609bf676607bd29e2521f5fdb
Instruction ID: 06eaf9be1cb16cd03a3daf8f8acff4373052c35e04f1c30c244e15e3923137e2
Opcode Fuzzy Hash: 95af163be2e22f52fa9cddc60266ffe29886d36609bf676607bd29e2521f5fdb
Instruction Fuzzy Hash: 2721D2B66041009FCB45DB58D955AAE7BB6EB88300F648499E502E73D9CE319D068FA1

Function 051B4A90 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 018371c2b07f60242917b774f587a2249b2e0bc5ca202602c944c6f165e51dfa
Instruction ID: 315cd7508c14057a610400f2070a0f552aa0f6a7f66c62b824baa079de6ba985
Opcode Fuzzy Hash: 018371c2b07f60242917b774f587a2249b2e0bc5ca202602c944c6f165e51dfa
Instruction Fuzzy Hash: 25314F75A001099FEF14DB54D984BEE77F3FB89300F508198D602A73AADBB5AD06CB94

Function 050E9AD2 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e241cfb8ddd78e0e85407aee22bc874b41aa2e0e124c2b16f5943818e483466
Instruction ID: 855de28aff4c9334dbab556acd6e64f48c4add7f00f8a08d3ed839c4e18a68d1
Opcode Fuzzy Hash: 3e241cfb8ddd78e0e85407aee22bc874b41aa2e0e124c2b16f5943818e483466
Instruction Fuzzy Hash: 2A219A753041499FCB86DF58E884AAF3BE6FB89240B548455F905D73A4DA34D852DB20

Function 051BF9A8 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 618b1d2cdd8905ac04b190a5689908fc04ed928d5115b35dfb81b7c83e0d8fdc
Instruction ID: fcdab4646ecaaa4412755c7158ece7600139b5015e4a3f7fda0a5b7818b4e5e1
Opcode Fuzzy Hash: 618b1d2cdd8905ac04b190a5689908fc04ed928d5115b35dfb81b7c83e0d8fdc
Instruction Fuzzy Hash: DA21273170C2505FE74E5A699814BAF7BA6EBC9790F15806AE909DB381CF389D02C761

Function 028FF2E8 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7543fa3de978fa74daa01018e1cc7f865127f8ef6626c4e15df53a22065d07f9
Instruction ID: 04544994a01264d6fb409e526b886572d550632d1c3232a5bdf3a70197e991b1
Opcode Fuzzy Hash: 7543fa3de978fa74daa01018e1cc7f865127f8ef6626c4e15df53a22065d07f9
Instruction Fuzzy Hash: 9521B7747142449FDB54AA78D4447BF7BE6EB88714F148029EB06D7389DF388C02CBA1

Function 05BC24E0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e85f73f28b2b4de7f970567f68a0ab9d449a0f1aed0ab9f7edf2bf0667df8bf
Instruction ID: 9c6003fc2050badd7851adcbd4ca765f94f8e309c602692677c76dca3934d278
Opcode Fuzzy Hash: 1e85f73f28b2b4de7f970567f68a0ab9d449a0f1aed0ab9f7edf2bf0667df8bf
Instruction Fuzzy Hash: CD2164746002059FC744EF68D4909AEBBB6FF88304B508529D60AD7355EF30AD0ACF91

Function 0520C660 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cadd84e4cf6bf3298c91cc88ef2c5dbeb341e7d16484ac354f25f0696313811
Instruction ID: 0627dae510f1dd2bba33673de494c588e5f9216e962dc043afc15424c4b65ccc
Opcode Fuzzy Hash: 5cadd84e4cf6bf3298c91cc88ef2c5dbeb341e7d16484ac354f25f0696313811
Instruction Fuzzy Hash: 2C210C747111058BDB54EB64D498AAFB7B7EF8D300F545129C606EB3A6EF349C02CB91

Function 027FD5B0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4588955892.00000000027FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_27fd000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 647674ba4d0dda37459dc0b6a48357e13ae5cdc478cea8465d0a87af49a822b0
Instruction ID: 3c2fe7e9f8516f0eb776df5d29d6f10ecfd0ce4b743b58434d014a2c4136dd63
Opcode Fuzzy Hash: 647674ba4d0dda37459dc0b6a48357e13ae5cdc478cea8465d0a87af49a822b0
Instruction Fuzzy Hash: C62122B2508240EFDB64DF10D9C0F2ABF61FB88324F248169EA0E0B356C376D456CAA1

Function 05204F18 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a07d56c7906a1c70f66c608be8ac5c4f22ac4dcef86b1969e2228ab89ac43f6
Instruction ID: b1a5b8dde3ae13f54618261816b743b4bc92ee0ffabcb85f4325d059594349a5
Opcode Fuzzy Hash: 4a07d56c7906a1c70f66c608be8ac5c4f22ac4dcef86b1969e2228ab89ac43f6
Instruction Fuzzy Hash: 8D110B327191125BEB19DA65A844ABFB797FFC4724F10803AF609C7781DF219C0243D0

Function 028F8500 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6338a1037f8a168fc38da3e8bc9d1592ae10b87af5ae3e887734c4252ddc583b
Instruction ID: 36fdcd666e4050f0c2578558430c500c923499b983173a4e05435336bc8782f0
Opcode Fuzzy Hash: 6338a1037f8a168fc38da3e8bc9d1592ae10b87af5ae3e887734c4252ddc583b
Instruction Fuzzy Hash: E42177357092808FDB46AB78E45856E3B77EBCA310755809ADA02C735DDF389C079B92

Function 05BC7B60 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f67ddbbab968c68a90ddff5011f4eac2194172af07885b3422fc819144670880
Instruction ID: f1c2f6966d57bf52abf97209fd11298638d409367f62160827e9454ed54441a1
Opcode Fuzzy Hash: f67ddbbab968c68a90ddff5011f4eac2194172af07885b3422fc819144670880
Instruction Fuzzy Hash: A12167B5804749CFDB11CFA9C9457DEBFF4EB08210F14849AD158A7251C3786909CBA1

Function 05BC1A48 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41d57d441f688cc27c4997725acfebe0fa363e77a6cd497766b0abd1e2d75987
Instruction ID: 6e6bb7e862ea1fcf18cc94b774aa93a21d50475720d0e3efe56812fd42c3a4f2
Opcode Fuzzy Hash: 41d57d441f688cc27c4997725acfebe0fa363e77a6cd497766b0abd1e2d75987
Instruction Fuzzy Hash: D521F530604A018FD324DF19D544E56BBE6FB84324B19CAADE45A8BB62D771F845CB80

Function 05BC759A Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 087efc27768b5ff5b04ef79adbeb88470ac6a61c5b5403b1452b47192b7e318e
Instruction ID: e5e386f85300819a190b2e3e1989b8c0fe3baa3ab4256db06f562b3d739de320
Opcode Fuzzy Hash: 087efc27768b5ff5b04ef79adbeb88470ac6a61c5b5403b1452b47192b7e318e
Instruction Fuzzy Hash: 3711B131A106448BCB84EF78A4456AE7BF7FB84710F4089ADC506DB388EF7569028FD5

Function 028FFB78 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bbd020992366a057de81e21533c8a64abc6e6873ec79c0176167aef157c7ea0
Instruction ID: 529103599d3880a206c1d34cd469fdd6d53bae377618471054d09538ac29e25d
Opcode Fuzzy Hash: 6bbd020992366a057de81e21533c8a64abc6e6873ec79c0176167aef157c7ea0
Instruction Fuzzy Hash: 201129366082459FC702CBA8D850946FFB5FF4A32071682E7D658CB691D731DC06C7D1

Function 05BC1B18 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6d330018a845b3ec96628e9319a017959ec8fc7caaeab554ab4e6b4f4dfb646
Instruction ID: 316f62b31bb2e34110e4c15a14f4169945e990c0af9ac39e832af326ad944624
Opcode Fuzzy Hash: d6d330018a845b3ec96628e9319a017959ec8fc7caaeab554ab4e6b4f4dfb646
Instruction Fuzzy Hash: 67112B713042409FD724CB2DD888E53BFEAEF89314B5489EDE14ADB252E770E846CB64

Function 028F8530 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07fa9d582e1fe6c727f4ebbf470eb5cd783f91e63a8ab1ef8d529c9085bde76b
Instruction ID: e967f74f1d7023773d098a4387a1f5e695b1a7170081d0bff107f4f2e48770ae
Opcode Fuzzy Hash: 07fa9d582e1fe6c727f4ebbf470eb5cd783f91e63a8ab1ef8d529c9085bde76b
Instruction Fuzzy Hash: A11181397041448BDB89BB68F05856F7BA7EBC9700B54C069DA068734DEF389C078BD2

Function 05BC75A8 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a69368229b27b0c9f1b1626f6e2ab4768f31a39fccf86f06e6cd15e3bacca80
Instruction ID: 54da5c60c30be2caecccd316b28b087bc56988703cb53c62ceb76770d4b6ecc9
Opcode Fuzzy Hash: 0a69368229b27b0c9f1b1626f6e2ab4768f31a39fccf86f06e6cd15e3bacca80
Instruction Fuzzy Hash: 8E119030B002448BCB54FF69D4456AE7AB7EBC4710F4085ADD6069B388EF74AD028FD5

Function 05BC3D32 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64e396408ec035cdbf4df3214925e16bc8d88aac04b8e3d42f23eec27ac1d014
Instruction ID: 86dad6143beda315fcb00ef819b45882d0f9786b9aba1893b50312476bdf7535
Opcode Fuzzy Hash: 64e396408ec035cdbf4df3214925e16bc8d88aac04b8e3d42f23eec27ac1d014
Instruction Fuzzy Hash: 6B11BF35A042548BDB55AB28C4557AE7FB3EB89300F60419DD202AB3D5CF755C028BA5

Function 027FD5AB Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4588955892.00000000027FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_27fd000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b345096828ea680ad398d5c9b11c0cf1b1d16bf789b3b128222face058b314cc
Instruction ID: 7aa96bf42fe3995b6b774806905eaf2c06c0fb8b4ca5ac6b30088349a13c6665
Opcode Fuzzy Hash: b345096828ea680ad398d5c9b11c0cf1b1d16bf789b3b128222face058b314cc
Instruction Fuzzy Hash: 09118176508284DFCB15CF50D5C4B16BF72FB84314F24C5A9D9094B656C33AD456CBA1

Function 051E8C8B Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2eb7ede5475405f775f387d17e4ddf3c6f15a4a4eda9689cf4f54df835050909
Instruction ID: 0c84af7359d045b421129cd8e626ee1ab2e2940245cb86e431f121406aead148
Opcode Fuzzy Hash: 2eb7ede5475405f775f387d17e4ddf3c6f15a4a4eda9689cf4f54df835050909
Instruction Fuzzy Hash: 65110472704200ABE705DE54E881AABBBEAEBC9720F14842DF44987356DB329C07C7A1

Function 05205EF0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d4121481984ad8881d55d49ece30767fb5546bc36ca2c362429c21a45494626
Instruction ID: 0677e02e86f7a97625804a445af2cdbb2041e917e332d79bdcbf1f00e3927154
Opcode Fuzzy Hash: 8d4121481984ad8881d55d49ece30767fb5546bc36ca2c362429c21a45494626
Instruction Fuzzy Hash: D1119E35A102499FC744FFBCF4495AE7BBAEB89300B50456AE506E3348EF70590A8BD2

Function 050B7C44 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4598842964.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b17bfd944a3b5581f2286eafef69b16da3eeca51d0a3a27b198ab924e3e8a540
Instruction ID: 1e9fd263e13b491f7787a868e3f8c7f9f253a0cc62aa754c3d0235d97b207ba9
Opcode Fuzzy Hash: b17bfd944a3b5581f2286eafef69b16da3eeca51d0a3a27b198ab924e3e8a540
Instruction Fuzzy Hash: 8011BF71E046288BDB5A8B60F8953FD7BB2FB80302F0505AED606A7285CBB54D46CB81

Function 050BD5C4 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4598842964.00000000050B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7697509fd4cc7b387221105bd6bb67f11e3c7398ddec44156a89633a3d0e5420
Instruction ID: ee93c724897d7ca4e2b3c7c9b68d67968226476802bc2b3b6ade87121be5b8e8
Opcode Fuzzy Hash: 7697509fd4cc7b387221105bd6bb67f11e3c7398ddec44156a89633a3d0e5420
Instruction Fuzzy Hash: AF010472A042118BEB144A59E8907FEFBFAEB85614F14817AD519E7285DBB14C018AA1

Function 051BC480 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66c0b9cbd416714fc885312c4bb5925719a05ad6a65acae4b924087a67e27af7
Instruction ID: 00f96cc2f6f1f71e46098dd35986f0979f72412cc5fa6f2791572bb908b04922
Opcode Fuzzy Hash: 66c0b9cbd416714fc885312c4bb5925719a05ad6a65acae4b924087a67e27af7
Instruction Fuzzy Hash: 061186312001059BD715EF58D880FEF7BABEBC4310F40852CB6059B659DE74AD468B90

Function 028F64C0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef0a8d4dd0bb71856f0bef38b556b0740704bae32237a197c71dbbe6dafffa4a
Instruction ID: de5a340ff87182c77cc05b455bcda8bdd1c017e6c801a76060cb254ba3a0128e
Opcode Fuzzy Hash: ef0a8d4dd0bb71856f0bef38b556b0740704bae32237a197c71dbbe6dafffa4a
Instruction Fuzzy Hash: 2C114C71B082849BC74AEB68D8613AD7B7AEB81300F54C0D9D105CB3AAEE399D03D741

Function 05BC0BB0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9587797f676a92cb415bbeef463b5bb783ca17d0bfda0793b91e601b9580db7a
Instruction ID: ab439b711098d9f9412f01c591fe2ffdaa2d6bad669593f1df9729c4fdc1c36f
Opcode Fuzzy Hash: 9587797f676a92cb415bbeef463b5bb783ca17d0bfda0793b91e601b9580db7a
Instruction Fuzzy Hash: 5301D27A7042048FC7108B29D898D7ABBF7EFC936571844AAE549CB351DA71EC01CB50

Function 051BF998 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3133d928315ea40ea517664e32db34ef2ca8251fd34e0b184551cd0f394d13ee
Instruction ID: 22d0e340ec4babfe569e6b825632fe3a9ebb5a41ca7ebb4ef3226abd3e2aa00a
Opcode Fuzzy Hash: 3133d928315ea40ea517664e32db34ef2ca8251fd34e0b184551cd0f394d13ee
Instruction Fuzzy Hash: 4701F775608240AFEB158B28DC44EEA7BA9FB8D370F058166FD089B381D7719C02CB60

Function 05BC3D52 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3df4a40244bc7c9e13637a595d8685c5071e742f7416e53d2a8661ae29cd05
Instruction ID: a056aa30ad8a2aebd6170ba6cbd7417d0d3cd6595fdd17c2180c6955bfa80883
Opcode Fuzzy Hash: 9e3df4a40244bc7c9e13637a595d8685c5071e742f7416e53d2a8661ae29cd05
Instruction Fuzzy Hash: 0711BC35A002148BDB58AB28C4147AE7BB2EB89300F6041ADD202AB3C4CB755C028BA5

Function 028FB370 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b62b8d808fc449c5cef4cafe553be5462a5182717a26ebca5820a24d3cf2ba7
Instruction ID: acb113d0a8f6a3d2f2df30ae78860fc144b67f070fa99a898a6c6cd93251d482
Opcode Fuzzy Hash: 9b62b8d808fc449c5cef4cafe553be5462a5182717a26ebca5820a24d3cf2ba7
Instruction Fuzzy Hash: B51182347141588BDB59AB58D4587AF7BB3EBC8705F508029D603A7388CF784C079BE1

Function 05205F00 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30472ae64f0805a3713a696f7794dd3dc1a6406022f78a659e69904f31455403
Instruction ID: 68a44f910def18067c6aeb88d750a606f7e386bbf4ed1280611c08cbc5a74fa0
Opcode Fuzzy Hash: 30472ae64f0805a3713a696f7794dd3dc1a6406022f78a659e69904f31455403
Instruction Fuzzy Hash: EE118E31A101098BC744FBBCF8495AEBBBAEB89300B50456AE606A7348EF7059068BD1

Function 028FD960 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 098fa68fa7f90fb3a42afc35ea1401b661be3b7c1feba5367377b081e80e18d1
Instruction ID: 4cd8fde494abd1b8ec881361add6bbc7b037c4b5184e5fea70c8eb7b4535fcc9
Opcode Fuzzy Hash: 098fa68fa7f90fb3a42afc35ea1401b661be3b7c1feba5367377b081e80e18d1
Instruction Fuzzy Hash: 2F018436305145AB8B166E99EC848AFBF6BFBC82607408039FB09C7314CE358C169B90

Function 05BC3D60 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c204906e7a1e0064760a051f68e739afd17b1e3b0ed806b061c2fe24a0fda5d
Instruction ID: 57f03ff62728c0b7429de3befe32db8ab54d29e60cd500564612b94fe4cc795d
Opcode Fuzzy Hash: 7c204906e7a1e0064760a051f68e739afd17b1e3b0ed806b061c2fe24a0fda5d
Instruction Fuzzy Hash: BD01C034B002189BDB58AB28C4557AF7BB3EB8D700F60415DD602AB3C5CF745D028BEA

Function 05206DF0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de80ebb56130874cc0b400c899517cb71815ec235d82b8d72ee2631c950c11e0
Instruction ID: 014a4994b002c4cccc0a5ad16657e1fa9b8c868cf18f11dca6378ff7f295ae70
Opcode Fuzzy Hash: de80ebb56130874cc0b400c899517cb71815ec235d82b8d72ee2631c950c11e0
Instruction Fuzzy Hash: 4911A175A041409FE785EFA8E5057AF3BB6EB48700F404554EA16C73C9EB345942CBA1

Function 05BC0BC0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20f1da5c351f18d45cddb917d85f763435d112fec1e3043c58fd4144a13319b7
Instruction ID: 3558b2ab50ca4897aa28d1d80fcebeabd1a6b1c27f0d0fc72a433b40ffb260c2
Opcode Fuzzy Hash: 20f1da5c351f18d45cddb917d85f763435d112fec1e3043c58fd4144a13319b7
Instruction Fuzzy Hash: 87018B397042048FC710DB69D898D3ABBEBEBCD26571444A9EA49CB311DA71FC01CB50

Function 051BA620 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6573147a1a0889044dbb52f513e7b0a630c7e17a55d6c6afcfef2f7f7b27cc7
Instruction ID: c2a0768a7383df9bc45919f022ab95243a97342000c791600505299f78b341e7
Opcode Fuzzy Hash: f6573147a1a0889044dbb52f513e7b0a630c7e17a55d6c6afcfef2f7f7b27cc7
Instruction Fuzzy Hash: FA01D2346082489FC755EBB8D8506AE7FF6EF45600B1084FFC109D7292DF305D058B81

Function 027FD01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4588955892.00000000027FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_27fd000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4124d0a5fb61e38b411a4c4807ed3e6ad286f35cbe7c4934a6dbe0ceb2e63eb
Instruction ID: 40f17f632acf8446fcfaa54b5d14c5c6e361c9e2370c1e0efb994d8926ae1901
Opcode Fuzzy Hash: d4124d0a5fb61e38b411a4c4807ed3e6ad286f35cbe7c4934a6dbe0ceb2e63eb
Instruction Fuzzy Hash: 5B01F27150C340EAE7604A65C984B67BF88EF41364F08C51AEE091B782C7B99842C6B1

Function 051BA7F2 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28ddbc2f292b25b253ee3f12076d90e77caf9b8782ea97652b9e9335a7e40799
Instruction ID: 4ad93dd2197256385035b02698c7db54325784c050b1ac06fb68f42df9ca9216
Opcode Fuzzy Hash: 28ddbc2f292b25b253ee3f12076d90e77caf9b8782ea97652b9e9335a7e40799
Instruction Fuzzy Hash: F1F04C7270414017E321955EDD85BE7BB9ADBC5610F688079F20DC7385DA25DC03C750

Function 05BC7B90 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2256ad61852daa1f7239782ca077461863545ded9a6a9cfd649c3fd5d19f8c06
Instruction ID: 2be385369922e3034aaf8bc84cad514df62734c624496fdabafbb928207e5a75
Opcode Fuzzy Hash: 2256ad61852daa1f7239782ca077461863545ded9a6a9cfd649c3fd5d19f8c06
Instruction Fuzzy Hash: 341100B5900349CFDB20DFAAC984B9EBBF4EB48324F208459D519A7310C778A944CFA5

Function 027FD007 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4588955892.00000000027FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 027FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_27fd000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf832ceb9af17b15f31467bca71149a874a09789803f5033ad8a7f6e8ad997b9
Instruction ID: 79c50b23ae800fb26265c7e673d80d5bdacba290aac1ca7cd2f5887d92111bb7
Opcode Fuzzy Hash: bf832ceb9af17b15f31467bca71149a874a09789803f5033ad8a7f6e8ad997b9
Instruction Fuzzy Hash: 96011E7140E3C09EE7128B259894B62BFB4EF43224F1981DBD9888F6A3C2695849C772

Function 05206E00 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a413462c32fb6492025e9b4de1795504e5dc13dec3710f95d95acf75d785659
Instruction ID: 9b9698db0e942c36332b3933bbb3ae1bd50b7fa935164e1c6ba39b143e3c83b7
Opcode Fuzzy Hash: 0a413462c32fb6492025e9b4de1795504e5dc13dec3710f95d95acf75d785659
Instruction Fuzzy Hash: 1E01B570A041449FD785EBACD4057AF77BAEB48310F404114E70AC73C8EB345D418BA1

Function 051B2259 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa1ed2a314a4f0d9e3e746acd491b0209f1e3fdddd40cfad6e36d83a652e9763
Instruction ID: bb5fd4e175212a5cdb00e5ecc5854c65cc80df0bb3dd6ea1afae3956c770effd
Opcode Fuzzy Hash: fa1ed2a314a4f0d9e3e746acd491b0209f1e3fdddd40cfad6e36d83a652e9763
Instruction Fuzzy Hash: 6CF0F07A600158AFCB00CEE9E811BFA7FE8DB89210B088096F958D7201CA35CB019BA0

Function 051E51A0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b12fd6da25c925a41e978e2e7a36d18f17857ea596dd5545bb047a53df03814
Instruction ID: 4ddec131ac9bb696fc247ea25c025c37361fa3caa0795a219abe23545359f5f3
Opcode Fuzzy Hash: 0b12fd6da25c925a41e978e2e7a36d18f17857ea596dd5545bb047a53df03814
Instruction Fuzzy Hash: 62F0E9347047089BEB2576A8EC0477F73A7EB84655F11402AEB068B284FF61DC02CB91

Function 05BC75EF Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37de33f12f60f23d7005aea1445a49fc27453c208a22deee43cc5ac29bfe3276
Instruction ID: 0449080af348da8290fe0be37cbd0b111ac8d868a0e5b517f3801c7ec4ab5759
Opcode Fuzzy Hash: 37de33f12f60f23d7005aea1445a49fc27453c208a22deee43cc5ac29bfe3276
Instruction Fuzzy Hash: 95F022317002008BC748FB38E48079E7BA3EBC4350F404AADC6028B384EFA06E024BC6

Function 05BC6BE0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ba5cde276e88ffa541a61c4341bfcf5156143a0f441eef526038b3a045f14fb
Instruction ID: f5d8d95e962648d4fe97af75654d0f3240cefca7eeceb5827610c4af4fe4744d
Opcode Fuzzy Hash: 6ba5cde276e88ffa541a61c4341bfcf5156143a0f441eef526038b3a045f14fb
Instruction Fuzzy Hash: AAF08C6644FBC45FC743C7B05A21AD97FB0AE0364038A1BE7D048DB2A3DA291B0D9322

Function 050E9A70 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc72b412c8af6200ce5728a2c1135944be993a1fa288585fcde7a98d1f46dcb6
Instruction ID: fbbe4ba443612307adde89f96825484b4ef730c8524c739cd5f0e00114c7b05a
Opcode Fuzzy Hash: cc72b412c8af6200ce5728a2c1135944be993a1fa288585fcde7a98d1f46dcb6
Instruction Fuzzy Hash: D3F0FF72104198BFDF438F94CD10CFA7F7AEF0D251B099086FDA495161C276C961EB60

Function 051B5FF1 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8676a12728615b0c0aeb135b5173589ebd6151b2f0adcef1fa4a63ad0e4f07b5
Instruction ID: 94d20435878a98f27b4cf9f2098679638789280e4cf1a14357b22298ae2323eb
Opcode Fuzzy Hash: 8676a12728615b0c0aeb135b5173589ebd6151b2f0adcef1fa4a63ad0e4f07b5
Instruction Fuzzy Hash: 41F082B22080509FC255DA5CE891EAFF7EADBC8600B58C55EF245D738ADA65DC03CBA1

Function 05BC3172 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e21afeae749799c3df0ba63438f4bb754fe21a937345544f53ea7afd652bfe8e
Instruction ID: fe85dce7b8894cbb36a23a945ccf7f0e947a68ae8e3322087f9908e19b52314e
Opcode Fuzzy Hash: e21afeae749799c3df0ba63438f4bb754fe21a937345544f53ea7afd652bfe8e
Instruction Fuzzy Hash: 0BF0B47154A3889FC703CBB099515C93F719B07200B8654D7D448DF1A3DA294B0AAB52

Function 051E5190 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61258b09cb0a6470be9710811f2b86c26f5dbba52835a0597e0ff52ec78f4d71
Instruction ID: a88e500df93652f2e461c898672802edbebef317f48083b12646dfbaf7969f59
Opcode Fuzzy Hash: 61258b09cb0a6470be9710811f2b86c26f5dbba52835a0597e0ff52ec78f4d71
Instruction Fuzzy Hash: C1F050343087808FEB366764AC107BF3763AB84219F154056EA028B2D5FF648C03CB51

Function 0520B1E1 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c5c9bd772191dffa781a5a4a817be5b06258b232d7ddf6fa00029cb3f6f5122
Instruction ID: f8f0452767a33d218903b8b94ff9b1466c82ecdc150ed2654be19320e4f99998
Opcode Fuzzy Hash: 3c5c9bd772191dffa781a5a4a817be5b06258b232d7ddf6fa00029cb3f6f5122
Instruction Fuzzy Hash: 0CF0B4355593C89FC712CB749C516C93F74CB03510F4406E6D484DB1D3D62A2A0BDB52

Function 051B6A50 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d44a1ae70c3015e83130996692fe05f87f8c986ae0f6e8686e1638db14dc9923
Instruction ID: 7beb43c9910f7df3843657bbbb1898d4f9b93e9b8314fdfaec5abba921df1d8b
Opcode Fuzzy Hash: d44a1ae70c3015e83130996692fe05f87f8c986ae0f6e8686e1638db14dc9923
Instruction Fuzzy Hash: 92E061B630B1110BD733242C6C4477FABA5DFC1550370413AEC05E7385CB548C428B91

Function 028F6DD7 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26d784cb3c92f2ac9d1a0cf5821ee072fc9186a998b587a80c577c82d15bd173
Instruction ID: 776064d0acb72c3758155a70f4f3744dc5d05084b900d0f36112448c8826aefb
Opcode Fuzzy Hash: 26d784cb3c92f2ac9d1a0cf5821ee072fc9186a998b587a80c577c82d15bd173
Instruction Fuzzy Hash: 7BE09A6280E3E26EC70293709C263843F2ADB03248F0881EB9186C6553F92DA40687A6

Function 051BDD09 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcb3e8ac3458e2642e96c5d32e4d0e7f5cd3f7285476b7423ec5120bf03e5f31
Instruction ID: 3ae104ce4f5521dd07a802af4115becb25fd00b980f360d19437c394fc464a26
Opcode Fuzzy Hash: dcb3e8ac3458e2642e96c5d32e4d0e7f5cd3f7285476b7423ec5120bf03e5f31
Instruction Fuzzy Hash: E0F09837110114BFCB069FC4DD41DA5BB66FB88320B09819AFA189B232C737D921EB50

Function 05BC0C78 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4abc8dc3c7aa85659d8809a2f0bd955a2e9c3cbac1fd2d83268aa3a3073d001
Instruction ID: 8403eb7074984a3833d3dbebcadd46962941b63a55f8445a30f5e19333269e16
Opcode Fuzzy Hash: c4abc8dc3c7aa85659d8809a2f0bd955a2e9c3cbac1fd2d83268aa3a3073d001
Instruction Fuzzy Hash: 62E02B63B0D2814FE70657786C581EE7F62DFA12A471904EFC205CB341E8A58405C306

Function 050E8500 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f61957ff00dea76f59b460873824edf51cf6cd75dfdb5912bfa97f2d0cabc280
Instruction ID: 6e7ddd64d4dd08e3829c3548d9d82774d56bf58d2156c5be84d995126f6b89bd
Opcode Fuzzy Hash: f61957ff00dea76f59b460873824edf51cf6cd75dfdb5912bfa97f2d0cabc280
Instruction Fuzzy Hash: 7FF0A7313142045BCA5066ADF804B3E76ABEF85650F244019A705DB284DD6098078761

Function 050E84F0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55a3e4bf1f01586482e8897402dfe9d523075d9da69f435991271b49a4e8ad24
Instruction ID: f38bfbc93bfff6b5d0d47ad9a63bd14069e147e62ce7a8ec34d025cb4b4c3447
Opcode Fuzzy Hash: 55a3e4bf1f01586482e8897402dfe9d523075d9da69f435991271b49a4e8ad24
Instruction Fuzzy Hash: 29F027723083409FCB569B6CE81177D7BABBF46210F2940AAE605CF1D5CE208807C722

Function 0520D718 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 154a0b342251013a81c7ac7fddf5e26cd1e4e96e0eb59519a4bdd6b2c3477412
Instruction ID: 8bc9a2b17d34cc57d1ffd9fc54dda580209ace8c49951e38cd144915293bc33a
Opcode Fuzzy Hash: 154a0b342251013a81c7ac7fddf5e26cd1e4e96e0eb59519a4bdd6b2c3477412
Instruction Fuzzy Hash: 60F05EBA801148EFCB45CFB4D51019D7FF1EF4620075059EBC108D7250EA314F05AB82

Function 05BC4B78 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18eaba005648c3e6c50af2ea611196d92938c86c7aa629100ae026cbb942525e
Instruction ID: 10d827159805e07e288b9f9b0fdb86004e7288ca53147a5bdce5baefa9fd5f84
Opcode Fuzzy Hash: 18eaba005648c3e6c50af2ea611196d92938c86c7aa629100ae026cbb942525e
Instruction Fuzzy Hash: 50F0A076304101DBDB14DA48F990EAFF7B6FBD8211F10845EE60593355CB319917CBA5

Function 050E3758 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09bc8b6f70cfb7f8bf315baef30dd52184169b0b8453e52db4a0aa75ceca16bb
Instruction ID: 2a610bff4e0e42fb66c679642b51792b5009d526854f716fa971cf9daab1df22
Opcode Fuzzy Hash: 09bc8b6f70cfb7f8bf315baef30dd52184169b0b8453e52db4a0aa75ceca16bb
Instruction Fuzzy Hash: C0E0D8397092501FD30616A9789447FBF7BDBDA2A131905A7E508D3395CD154C03D7B1

Function 050E9C68 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8390d432d810ba89e999d4ada2b59998407574b86176e09827cb976e48fca002
Instruction ID: bbbbc444afcecb0865876810f111cff6f39b56b4b991162aac2565fa37401940
Opcode Fuzzy Hash: 8390d432d810ba89e999d4ada2b59998407574b86176e09827cb976e48fca002
Instruction Fuzzy Hash: F9F012711042987FDF428E94DC11CFA7FB9EB4A264B0A8086FD9496152C636DD22DBB1

Function 051E8CC8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4036b1236bc753ff7889c0a919ad8589df83015d0f91d7da382c034362d8f6e8
Instruction ID: 340ef862cee2bfd662b23d5c5a71bfc19858adb32cc35d2cfebd262b786b67fd
Opcode Fuzzy Hash: 4036b1236bc753ff7889c0a919ad8589df83015d0f91d7da382c034362d8f6e8
Instruction Fuzzy Hash: CDF06576300104ABD705AA49E884CAF7BAFE7CC760750C13DF60A87355DF719C569BA1

Function 05207820 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2681a1d1b158b6012b29e3364dde440390c95444ca07530fc014ba699eb38f66
Instruction ID: ef0d2dcbc8fc64c52ba258bcaff1e9d59c9720cb1008d13148980dea7cb38323
Opcode Fuzzy Hash: 2681a1d1b158b6012b29e3364dde440390c95444ca07530fc014ba699eb38f66
Instruction Fuzzy Hash: 5FE0C2A615E7C10ECB4312781C650D42F35DA6352434B26C7C1A4CF1F3E009194ED322

Function 051B2291 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d654e1831ae76276e956493cedeea135e2fd61d7882e3ff1a24adba4218d8a32
Instruction ID: aeec4fedeb8886f7c39f39b8dac1692680d30b4cec7b9c5b48acaccc59edaec9
Opcode Fuzzy Hash: d654e1831ae76276e956493cedeea135e2fd61d7882e3ff1a24adba4218d8a32
Instruction Fuzzy Hash: 52F0A0721000982FCB018E85DC51EF77FACDB4D111B088046B9A4C6241C569CA119BB0

Function 05BC4DD0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0558a999600268fe925682927af58ca0e9cd6da9051f686b287cbe7c4f904401
Instruction ID: 60438b1bd2c4e29cb6311e35ba7a98eb84f3366d12c4950153d3b26bf0893f29
Opcode Fuzzy Hash: 0558a999600268fe925682927af58ca0e9cd6da9051f686b287cbe7c4f904401
Instruction Fuzzy Hash: 3FF082B61093814BD343CB54D960A80BF61EF96204B1A889AE88587292DB22DD07C720

Function 051E26BB Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80ec1a0701aa5aa050b5cc0d4f3c2cae4889814720f187c26f21319867b50802
Instruction ID: a3222ff7a4aeb85093b834d847870d4ad1bfe79c5594467507f333ef9c732c45
Opcode Fuzzy Hash: 80ec1a0701aa5aa050b5cc0d4f3c2cae4889814720f187c26f21319867b50802
Instruction Fuzzy Hash: D6F05E315106089FCB01AE68D8019E97B79FF4A310F01825AFC0467210EB32E995CB91

Function 028F0860 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f59114708d28515eb13a1d4f2730c16f59002e706e22633a5ae52d91d25cc5bf
Instruction ID: 595513e660520e7e233cfc7370630ff28437e635704d9f064d7af6f07f364d8c
Opcode Fuzzy Hash: f59114708d28515eb13a1d4f2730c16f59002e706e22633a5ae52d91d25cc5bf
Instruction Fuzzy Hash: 5CF0395984EBE21FC35307782C70794BF705F53129B0A03C3C8C5CA1E3D609096AC3A2

Function 028F17E7 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed959440557674f1d5c229b8db6378281f24142aef1d1b3d302ac0ba1cff1c37
Instruction ID: 46be142de28f945dac005eec80524ac9de91b7d6476c409ba7df32b0e717dad0
Opcode Fuzzy Hash: ed959440557674f1d5c229b8db6378281f24142aef1d1b3d302ac0ba1cff1c37
Instruction Fuzzy Hash: 6FE0E532B412009FC7409BA8D899FB93BF9EFC8220F0940A5E506C7282CD6158028F50

Function 051E7B93 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4d24b7db45b640f33ba7a2aac070a3823640e0ed135c6a2fccc31ffbbc0fc7
Instruction ID: edeb13d25ab48613c0a6d8f1dfe8d152c9a2158df2b75ed62296731d4f133557
Opcode Fuzzy Hash: 0b4d24b7db45b640f33ba7a2aac070a3823640e0ed135c6a2fccc31ffbbc0fc7
Instruction Fuzzy Hash: BBF01C721041987FDB428E95CC10AFA7FADEB8D215F088056FD98C2141C53AD921ABA1

Function 05203C00 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3650e5a5abf74a47f891fa72cb58e8acc5d516ad4238f63fd6fd90f9726300b
Instruction ID: ea668aea05364083f4f53eeabc47a060dea2c2535baa652632574d129333f0c1
Opcode Fuzzy Hash: b3650e5a5abf74a47f891fa72cb58e8acc5d516ad4238f63fd6fd90f9726300b
Instruction Fuzzy Hash: 8DE06D359181049FD741CF54E901A6AB7E6EF85B00F0086AEB80493210DB328D16CBA2

Function 051B1FB8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c7055548c9641f9b3252a2890aa9051bdd5dbce14335ca48999c4e5ce36d319
Instruction ID: 4b1d31cb67f5eb94d60a74fbc0819f4ec3bf380b4222cd531ed3b742214cc92e
Opcode Fuzzy Hash: 4c7055548c9641f9b3252a2890aa9051bdd5dbce14335ca48999c4e5ce36d319
Instruction Fuzzy Hash: A0E0867310419C2FC761D999DC51BF6BBECCB4E122F08C157F999D6341C969DA0297B0

Function 028F71A8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f410aa49ae7286518105a7a454732b95593d6613079f5a553ce05c8204922c11
Instruction ID: f2bbec793f2d453c1543a129807492dfa03a408d36f7a088c3da13b7dfc90cdf
Opcode Fuzzy Hash: f410aa49ae7286518105a7a454732b95593d6613079f5a553ce05c8204922c11
Instruction Fuzzy Hash: A0F03074514148AFCB44EB78E95165E7BBAFB86300F000598D6099321AED742D01EB81

Function 050EFCD0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1aa9aa37b27720ca3cab4e25c23b33dab7bae09cf969bb085a57d64ee271d14
Instruction ID: d3f30bc3091b0dbefb51a81d9cbc39f9a60eb24f9e1156e57127f46135567b3a
Opcode Fuzzy Hash: c1aa9aa37b27720ca3cab4e25c23b33dab7bae09cf969bb085a57d64ee271d14
Instruction Fuzzy Hash: 43E09A37100119BFDF068EC4ED41EEA7B6AEB5D360F04851AFE1896211CA76D962EB90

Function 051E7BA0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
Instruction ID: 704a75d8dcbbdfedf44427af84db028faf61110e9c107736e094e3b967943e86
Opcode Fuzzy Hash: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
Instruction Fuzzy Hash: 81E0ED721041987F8B41CE95CC10CFA7FEDEB4D265B088046FE98D2151C576DD21EBB0

Function 05203B58 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 901208e2a5158e575b5ee23ee8e5b2d081b201ab359b640f9ce2d39ea09771ad
Instruction ID: 1a5d0fea409a70ee50fdadc5b113c72f2697ceac24ed25399a44ea99cc99e541
Opcode Fuzzy Hash: 901208e2a5158e575b5ee23ee8e5b2d081b201ab359b640f9ce2d39ea09771ad
Instruction Fuzzy Hash: 52E0923A504104DFCB00CF94E900A6EBBF5EF88700F00899FA80493210DF329D16CFA2

Function 051BC568 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d957b31fd468c962ca3985c86f5131f8ecba61f8d60a2e04344e392982ca784a
Instruction ID: fb05824ec443cbdca531b1281f4bf236d0c0c35a6aa9c38e72b8752a63497f89
Opcode Fuzzy Hash: d957b31fd468c962ca3985c86f5131f8ecba61f8d60a2e04344e392982ca784a
Instruction Fuzzy Hash: 86E0DF731000186FC700CE84CC01BF63BADDB99221F08800AB948E2241C636DD22DBA0

Function 051BF59D Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bdcd2d55273ac2f955e4291a569dee4000823ad68de31966b5a5cfe4f718c7c
Instruction ID: d685b04cc6c722aad40256b8a8f0329b45a2da46e714b1778bfde171cf080e12
Opcode Fuzzy Hash: 6bdcd2d55273ac2f955e4291a569dee4000823ad68de31966b5a5cfe4f718c7c
Instruction Fuzzy Hash: C9E02B3260D2405BD302DE3CE8564DCBF70AFC6220B248D8FC8C057162DB525447C341

Function 050E3768 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4902b682811475e46042b991490d4d44bb0d83d18cb14575c3da08b9c6ee6a9e
Instruction ID: a1e8e22955d6df723ad5384ada7eb1c75e877dfe960b5ef8572e19192bc26e48
Opcode Fuzzy Hash: 4902b682811475e46042b991490d4d44bb0d83d18cb14575c3da08b9c6ee6a9e
Instruction Fuzzy Hash: D7E0C239701114274205219AB88483FBBAFEBC86B0304402AFA08C3344CE115C0287F1

Function 051B22A0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
Instruction ID: ab42ce4db648e4beb32346b8b6c2f302b8672c3b12da0919521848ec76e6fc6f
Opcode Fuzzy Hash: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
Instruction Fuzzy Hash: 83E04F721040A87F8B41CE99CC10DFB7FED9A4D111B08804BFDA4C2242C57AD922EBB0

Function 051B5F68 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b73429b099e1dee994e3923bb82c1e2f72c40e1246c9f5f2c040602275adab2d
Instruction ID: 2cd9e0d4f10bce4c99b6ee1ebecffa91cb1820a66cad7476edd7746cd6cb0aee
Opcode Fuzzy Hash: b73429b099e1dee994e3923bb82c1e2f72c40e1246c9f5f2c040602275adab2d
Instruction Fuzzy Hash: 6FE092A26481815FDB56CA1CE84077FB7E69B89210F5484A9E141C765EDA28D8028B50

Function 028F1841 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ba58e01dd86821cc8487cb650b24e1a79cff897b24f71830556e7a4593e9e63
Instruction ID: 61b7315b31db1c6ae7a4ca644511df1588073490345c08171d9a8cc0ce8870d1
Opcode Fuzzy Hash: 2ba58e01dd86821cc8487cb650b24e1a79cff897b24f71830556e7a4593e9e63
Instruction Fuzzy Hash: 49E09A39A401908FC7859BBCE0A9AE83FF0EF4E21474604E9E44ACB363CA209813CF50

Function 028F5FB7 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f799511eeb21dd98db77a8b378c81c1f3452f49d22aa1a66e07b5c327beff745
Instruction ID: 06a9ad0247da98e73d8e23e2db2b0d94cb445e260b3792873774ee416c4376ea
Opcode Fuzzy Hash: f799511eeb21dd98db77a8b378c81c1f3452f49d22aa1a66e07b5c327beff745
Instruction Fuzzy Hash: 8EF0C279A00128CFDB40CF94D885A9CFBB2FB84308F9580A6E329EB625E7309951CB50

Function 05BC6389 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cd7306bc37c1886a90f5fcd9288dba1bfefbdf6866bb82442b5a1e44e1a6733
Instruction ID: 97fb6646b18fe1a3171a6f18e4ef422b54ec9f59d9960f7f7e2c733eb0309344
Opcode Fuzzy Hash: 7cd7306bc37c1886a90f5fcd9288dba1bfefbdf6866bb82442b5a1e44e1a6733
Instruction Fuzzy Hash: 35E086716182404EC342D738D9124D9BBB0DF97500715888BD4C49B293E720994BC7D3

Function 05206FA2 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c7df2adfa1e2c55bb6307693051c7137472f7ec2fb18c70666fd62398011666
Instruction ID: 6bf06cfc1c5994269ab7fd37740340e218dbec4edcda89fa453b012e138c0284
Opcode Fuzzy Hash: 8c7df2adfa1e2c55bb6307693051c7137472f7ec2fb18c70666fd62398011666
Instruction Fuzzy Hash: BEE086721052486FD703CE94CC00C957F7AEF96250B09848BFC4497252C672DC22D790

Function 051BDEE9 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f31eb4670498f6cb6b6aa2cd610c8ca3a68780a2da6f58df59589c200d6e361
Instruction ID: 70ebf7f01d19cecdc9370470d2e8211b6f2422c4d9f6cf17729cc421f8d2113a
Opcode Fuzzy Hash: 9f31eb4670498f6cb6b6aa2cd610c8ca3a68780a2da6f58df59589c200d6e361
Instruction Fuzzy Hash: 69D01772804108AFC721EBE8D9417DEBFBADB48210F9002B59508E7300EE399B005B82

Function 028FBB80 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bf10cfe04e2a9181f82dfa961e17d7d64c4ef20d3eebed2eada6afccec5bfd0
Instruction ID: cee333c716e631492687869fbd5974989b713b5a5f9ca3b0cdf6497c0c1f9363
Opcode Fuzzy Hash: 8bf10cfe04e2a9181f82dfa961e17d7d64c4ef20d3eebed2eada6afccec5bfd0
Instruction Fuzzy Hash: 92E01234A14148DFCB44EF68E94056E77BFEB84314F104169D6099735DED755E01DB81

Function 028FD0C8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d9c0265f41835a27caa45e721fbdc525870519a3fdba4ed2c8e98a1e7343f97
Instruction ID: f7b65813363d2730356425aa75aaf2f23e6464a428a7d98ebb4167cf0942b443
Opcode Fuzzy Hash: 6d9c0265f41835a27caa45e721fbdc525870519a3fdba4ed2c8e98a1e7343f97
Instruction Fuzzy Hash: 34D01272314114B7C745698DE844EBF7B5EF7C8721F448026F60687255CE759C125BE1

Function 051EAD0B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe881f4e538d5261b30772029c5381cb629c382349b6402aedb8cbd5e39ba98
Instruction ID: fafb2e647375dd22451c62ca28c0693e46e82c48a8265b657a8fc6403ae5c6df
Opcode Fuzzy Hash: 8fe881f4e538d5261b30772029c5381cb629c382349b6402aedb8cbd5e39ba98
Instruction Fuzzy Hash: EFE08C36100158AFCB01CE88CC11AA67B69DB89220F28845AFD5487342C6B2EC22E7A0

Function 028F0888 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab993ca3392ba00684e8199018ecfbc90759cfe7da44dcbe12e379bfeb85cc0
Instruction ID: ef375f5e5fd289e34cc66eb48a997dc5aa680b0ed841ac1f66eb21ab91e1fa8a
Opcode Fuzzy Hash: 6ab993ca3392ba00684e8199018ecfbc90759cfe7da44dcbe12e379bfeb85cc0
Instruction Fuzzy Hash: ABD02B3DB542288F42C966298C0442933E6AF8522130100A0E709CB325CE30DC0187D0

Function 028F71B8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c09b2c04bf732da8be79d638c06d291f5b5375c4677637b784cab53a705dc0e4
Instruction ID: 66013fa5446a0e7b0420302bf8538341108268d10fd35ea1e91293013e37491b
Opcode Fuzzy Hash: c09b2c04bf732da8be79d638c06d291f5b5375c4677637b784cab53a705dc0e4
Instruction Fuzzy Hash: 45E01A74A10248EBCB44EF68E94185E77BFFB85304B0005ACD609D7219EE356E01DB81

Function 05BC69E1 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5e59b8efd7e34e4abfad44d9717fb0393e72a79bc0010d1afb5a767b15ac834
Instruction ID: 705f0078b334818ac7f5062e05b34312e034a33de89de983546bae77f88fb8a2
Opcode Fuzzy Hash: f5e59b8efd7e34e4abfad44d9717fb0393e72a79bc0010d1afb5a767b15ac834
Instruction Fuzzy Hash: 60D012B11092415FC242CE60FA108C5BFB1AF85910B05984AF54097252D5218E1AD722

Function 050EEEF0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f9df7d23d3ff62be1ec1828b2ca0ce6e3fff1a88b8c0e528fbd93a257b631b0
Instruction ID: ced920b7686ca326a57e486edb1093d83b039fcbc5bcb23aad0851c5ce8ebd8d
Opcode Fuzzy Hash: 9f9df7d23d3ff62be1ec1828b2ca0ce6e3fff1a88b8c0e528fbd93a257b631b0
Instruction Fuzzy Hash: 7FD0177290420CABCB51DAE8E9817CE7BE9DB49310F9092A6DA08E7200EE359B415781

Function 051E9F7B Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a083cd00efe4be53ee8b7e05b7e74de310f5699a162a8be76d169c4d7d218f2
Instruction ID: fc77f0bbc0caf7a03fa5c4c5482bdf7ecef8c23246a373d97fe4661206165144
Opcode Fuzzy Hash: 9a083cd00efe4be53ee8b7e05b7e74de310f5699a162a8be76d169c4d7d218f2
Instruction Fuzzy Hash: 33D05EBB81010CABDB41EEA8CE4175EBFFAEB45200F9409A59518E7311FB399B116792

Function 051BC578 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
Instruction ID: b7c15f5d6199f36f7ff641d71568f529fc96a3582e1d2df4f696ef0e7959edf5
Opcode Fuzzy Hash: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
Instruction Fuzzy Hash: 05E0EC721041586F8B41CE89D811CB67BADDB89260704805ABD5486251C672DD229BB0

Function 051B1FC8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
Instruction ID: 5ffbf746aedd02beee038126ebb7434ed0446538cd87c6cc494697cfdbe4e50a
Opcode Fuzzy Hash: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
Instruction Fuzzy Hash: 3FD012721041A82F8750CA99D810DB77BEC9A4D121708C05BB994C7242C565DD1197B0

Function 028F1888 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51c048f26328648f05115275cd9c91523af11beb99c8a08288bbc5f75e247140
Instruction ID: 8ec29200a95fe45c66e9724024790196ddba86e3ea115ab632a140e51776c1a3
Opcode Fuzzy Hash: 51c048f26328648f05115275cd9c91523af11beb99c8a08288bbc5f75e247140
Instruction Fuzzy Hash: C5E02B357891944FE7015F74D8680893FB1AF4B21270800E2E049CF276EE248C018B90

Function 050EFCE0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bd5e710004956d66dfe3e2215aab6d0f81319c1ea20041723a612196364da64
Instruction ID: 0e78a27741c7657a89158647ee5ee4e5ddb29d7e211c5697c5f048b27a1ad32d
Opcode Fuzzy Hash: 5bd5e710004956d66dfe3e2215aab6d0f81319c1ea20041723a612196364da64
Instruction Fuzzy Hash: 1BE02636100119BF9F059E84DC41CEA7B6AEB99664B14805AFE1556221C673D932EB90

Function 050E0AE8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4ff5c89c3a92077e02c36c182c87d37f4c7ba90893ecab1104a409af139eeb1
Instruction ID: 99f73414a989cfc59830cfc58bd890d6cfc7d5aee366c7617fcba6f42f252bf5
Opcode Fuzzy Hash: d4ff5c89c3a92077e02c36c182c87d37f4c7ba90893ecab1104a409af139eeb1
Instruction Fuzzy Hash: 24E05EB110D3D01FC746C6A48864892FFF5AF9B31070A98CFE094C7297E625C80BD722

Function 051EB801 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f5c32e9fe8212dd49fe97684ffc297851536a19be29a2149bc0db7369fc2bfb
Instruction ID: b6acc2481f8812790ce91fb51abe7291185ac6594d398df8ced266e3c11530e0
Opcode Fuzzy Hash: 7f5c32e9fe8212dd49fe97684ffc297851536a19be29a2149bc0db7369fc2bfb
Instruction Fuzzy Hash: 25E0C234B045508BC70DD728D814A08B7A3FBC9244F58D2AD9014CF2AAEB31DC038B40

Function 05207128 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a60707a7d2d9adbe8a50515796caf9f412044b681ccb72a3ec1b16472cd2155
Instruction ID: 83a7b3d573b3d492f684c31f5ca01ea78127ff1b405458757b4b0f9ce0e98be8
Opcode Fuzzy Hash: 2a60707a7d2d9adbe8a50515796caf9f412044b681ccb72a3ec1b16472cd2155
Instruction Fuzzy Hash: 97E086351082946FD746CF54D9509A67FB5EB45214704C49BF895C7153C6728D22EFA0

Function 051BF559 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f88a6081c7b9d1d35f84f8a16a5147ee3227c5e301f81bdf8519b9df63361026
Instruction ID: c0f7bd7456a58de2f8d94fe7786f8dfdadb350ba88d33c38d5cd3b7aec1b4fee
Opcode Fuzzy Hash: f88a6081c7b9d1d35f84f8a16a5147ee3227c5e301f81bdf8519b9df63361026
Instruction Fuzzy Hash: 08E086325181448BC301DB2CC851B95B7B4DF86200F0C899EE44067210DB61E845C751

Function 050EF328 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 019a99c2cc678a59d547d2a381b57131e659bee868d5ba61dff76f9d7e45dbfa
Instruction ID: e88149448296f32f21d8dda59b5b64b1a835bcb830bee6188182b2835c42f0f1
Opcode Fuzzy Hash: 019a99c2cc678a59d547d2a381b57131e659bee868d5ba61dff76f9d7e45dbfa
Instruction Fuzzy Hash: C8D05E722181911BC340CB58C8A2AB6FBE9EF8A119F2C8C8EE5D0C3341E656DC17C7A0

Function 050EFBF0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20076753e69b011dc86b85813a2bc0613a8038750905c703323434c2be2d9112
Instruction ID: 6128555c3d1ad7edfe3d187c0c038e1a82638814deed9ef7dfa789c804f0ddf0
Opcode Fuzzy Hash: 20076753e69b011dc86b85813a2bc0613a8038750905c703323434c2be2d9112
Instruction Fuzzy Hash: 21E05B361081529FD302CB54ED41E5ABBE5DFD5710F19844EF4409B351CA62DC17C7B2

Function 050E7BF1 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faf0fc620be67ed4cced94c3a55170b3795467c2b1cf1db7afaba107f87b0c62
Instruction ID: abd5c303fa299d7c62d7dfe8d135b659876685040d5c022295355389b88a29d4
Opcode Fuzzy Hash: faf0fc620be67ed4cced94c3a55170b3795467c2b1cf1db7afaba107f87b0c62
Instruction Fuzzy Hash: 4FD05EF66082819BD741DA48F840B89FB71FBD5214F54885BE951C731AC632E85BC751

Function 051E2680 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8f1167c609ecd4425a1ee4aa94ccbad1844665f040a524688587afd8ba06885
Instruction ID: 01da69f019a8d255466e9e617402c2597b98cad57bde91a2ffaefb1bf78eaf50
Opcode Fuzzy Hash: e8f1167c609ecd4425a1ee4aa94ccbad1844665f040a524688587afd8ba06885
Instruction Fuzzy Hash: 6BE0C2B5904308BFC701DFB4991086E7FFADF0620078001EB9608DB191EA314A149B82

Function 051EA6D8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
Instruction ID: 74bd5e682b91a2d78f462f720d40d5774850364329bd47b2e62bddd07364fa43
Opcode Fuzzy Hash: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
Instruction Fuzzy Hash: B2D012321001187F8B01CE84DC01CA67B6DEB89260704C056FD1487211C672DD22DBE0

Function 05206D09 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c60a704ef1626963a63f137d4959bf871652333cdb206336b00e47869390c8bb
Instruction ID: 3a650636752adbe3aaa9dd9fcd47a44dd0cc13e0c99513b4f7f3c1d523ed9760
Opcode Fuzzy Hash: c60a704ef1626963a63f137d4959bf871652333cdb206336b00e47869390c8bb
Instruction Fuzzy Hash: B5D05E7150C3C14FC382DA64D8109C1BF72EFD6A0470A8C8AE88087253C7229C0BC761

Function 05206F38 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23eff9baeda3ebf7225464ffe4e76638ce36b95c14eef2696aa629267cbdfd54
Instruction ID: 15bcb119607ec2a6f6a33acd040aad27a708a17b0c4b7d7c1f379ecbc21b5d9d
Opcode Fuzzy Hash: 23eff9baeda3ebf7225464ffe4e76638ce36b95c14eef2696aa629267cbdfd54
Instruction Fuzzy Hash: 85D05B765093405FC241DA68E8504857B71ABD6504B468C87E4C0C7253C712DD0BC751

Function 05207138 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0

Function 051B44D2 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3728e011a1dda245ff9fc019e50e5d28c50abfa0a0d610ebfc682eac9ff980b3
Instruction ID: 1182bd25ddb15af4e0751e2bfb34b075934452663300e1b07f80ad1f71804999
Opcode Fuzzy Hash: 3728e011a1dda245ff9fc019e50e5d28c50abfa0a0d610ebfc682eac9ff980b3
Instruction Fuzzy Hash: A7D05E361081109FD201CE84E981FABB3A6DBC8610F14850EB404A7350CA62DD038772

Function 051BA719 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7764683b25881c61871bdb29846b5931d43ed2daf19639c241a53cf4c1f56d3e
Instruction ID: 943ddf35b64e1a72d5f5fe6904b31aff43c52e1195d7f08a6c2a6ea40e473e1f
Opcode Fuzzy Hash: 7764683b25881c61871bdb29846b5931d43ed2daf19639c241a53cf4c1f56d3e
Instruction Fuzzy Hash: 49D05E73644110AFD200DE44ED41E66B3E6DFD8610F15880EB444A3341CA66DD06CBA2

Function 051BE1B0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6887ccb028643a4c443e635698d4006f1c1a0c4fb43e505dcbfc06c17841b75f
Instruction ID: 7a895c9ebdecc57dee4977f909741762689f248a7a050ba296b5687d2f56d7e7
Opcode Fuzzy Hash: 6887ccb028643a4c443e635698d4006f1c1a0c4fb43e505dcbfc06c17841b75f
Instruction Fuzzy Hash: 66D0A7771042106BD210E948DA81AEAB365EBD4310F048D0EE80497301CF65DD038750

Function 051BD268 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61b032d2d03be3a4aa7b84ad7c6622e7d050db5eefa14ef0536810e66d520bd4
Instruction ID: 19a03fa9889e24c6eae177eee956dc67bcd8efc4b6bce5e5524446493c8c2b7e
Opcode Fuzzy Hash: 61b032d2d03be3a4aa7b84ad7c6622e7d050db5eefa14ef0536810e66d520bd4
Instruction Fuzzy Hash: 0AD0A7372043209FD210D994D881BE6B3E5EBC4230F08884FBC0597301DB67DE46C750

Function 051B3898 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c68e897984b04eddfd5f5066b68bdd916212957d909d64746a72c61dc1fed20
Instruction ID: 1e1bb07972f51837cdd4fd4b2316e8caa7930675778f8381604cf029943fc649
Opcode Fuzzy Hash: 4c68e897984b04eddfd5f5066b68bdd916212957d909d64746a72c61dc1fed20
Instruction Fuzzy Hash: 2BD05E771081109BD205CE44E982F9AB7E5EBC8A14F18885EB840A7351DA62DE07CBA2

Function 051B9BB8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd795f379187ff13f96dd93760cbf874003250858f0577b09462948f837b1796
Instruction ID: 71ea9e22e5b5bcede5a91188036e15d94900d58a8a2ac73c94f108568396bab5
Opcode Fuzzy Hash: bd795f379187ff13f96dd93760cbf874003250858f0577b09462948f837b1796
Instruction Fuzzy Hash: 38D05E726042116BD351E984D881AE6B765EBC4210F19C91EA804A7342DA66DD02CB91

Function 028F1850 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd2e5d83982a2e50d5749f310d965511d97b0dfc0ebccb1571d5d00716946ef3
Instruction ID: 424bd267f64ff7f7baad7fa2e93aacf7abe5ac27f872b96d0799e88ed9b2d45d
Opcode Fuzzy Hash: cd2e5d83982a2e50d5749f310d965511d97b0dfc0ebccb1571d5d00716946ef3
Instruction Fuzzy Hash: 97E012396401149FC784EF6CE558E5977E8FB4D22178240A5E50AC7355CA249C018F91

Function 028F0E6B Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dade25ac65c97da493d90846c8d1fa723682e0aec6e7dc3a65cd28becf13c8d
Instruction ID: 81ea53d26c7bf13ca519769ce2a4e9b665c21d2116898f28c355773554137b6f
Opcode Fuzzy Hash: 8dade25ac65c97da493d90846c8d1fa723682e0aec6e7dc3a65cd28becf13c8d
Instruction Fuzzy Hash: A3E0867DD48290CBD3819FA9945C3267791EB48615F4681B5CA4DD728ADB3848028B91

Function 05BC2A8A Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bc508af6b8959f4a33672a71e85245d0a07dbd72c3a415f1f03a33378d3f7bd
Instruction ID: 87ceba927a471962740afccb811a0f32e66b86881a9ccf373f431ffe387b2813
Opcode Fuzzy Hash: 0bc508af6b8959f4a33672a71e85245d0a07dbd72c3a415f1f03a33378d3f7bd
Instruction Fuzzy Hash: 6BD05EB110C3805FC341CB348894896BBB6EBD6644B1A888AE480872A2D722CC0BC721

Function 05BC2681 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9d6122319bd3be18ec38e43cb612999222e426d817af547439d02c9961dc8eb
Instruction ID: 8441013c853904180fec3dc92e4b4dd873495c464a36882671675cb71e5e380e
Opcode Fuzzy Hash: e9d6122319bd3be18ec38e43cb612999222e426d817af547439d02c9961dc8eb
Instruction Fuzzy Hash: B6D05E722083804FD642CA58E850995BB71AFC6510B0A8C9BD8808B292CB22C90BC721

Function 05BC32EA Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c84ce807fe2fc02b0ae1a12a3c2c2fb53d6fb96f855b437bf7c5422fbd687c06
Instruction ID: 887acdafde8dba585e517c49a64a9364cc897223fd714052e896ef13b96867b3
Opcode Fuzzy Hash: c84ce807fe2fc02b0ae1a12a3c2c2fb53d6fb96f855b437bf7c5422fbd687c06
Instruction Fuzzy Hash: 56D012A262A1400FD342C2309D565D1BFF5DB9315235ADAD7C048CB6A3DA26DE078761

Function 050EF3E8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5193238d05072252e0b47feae9d2f4a5ec82dd08e26df83404e70e6f0562eb14
Instruction ID: b8becae2a91d9b5b0d1631ee2249f806f7c27bdc7a2f39aaf987798729fca8c4
Opcode Fuzzy Hash: 5193238d05072252e0b47feae9d2f4a5ec82dd08e26df83404e70e6f0562eb14
Instruction Fuzzy Hash: 69D05E761142119FD344CB08CC82F96B3AAFFC4308F28C84AE88083304D775EC22CBA0

Function 050E0850 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68963a6e966138ded1ef3834d19236bb532a872228d191ea61c15eec8faa33a8
Instruction ID: 3c584a746e0f9ac4ab1792fb93f55e2d98b7a5742b70a114725c6ce410ac79e2
Opcode Fuzzy Hash: 68963a6e966138ded1ef3834d19236bb532a872228d191ea61c15eec8faa33a8
Instruction Fuzzy Hash: 39D05B7550C3905FC702CB5094944527F71BFF73047069C8AE49087296C715CC07DB61

Function 0520B6BA Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44520da1409ea99b7b509d91e5f78382f9378be2ddcac3a39d9b2c990974c00a
Instruction ID: a45e0597b30923474e898aa4060810df7b70c881bb066e5864eae9a7c35d08de
Opcode Fuzzy Hash: 44520da1409ea99b7b509d91e5f78382f9378be2ddcac3a39d9b2c990974c00a
Instruction Fuzzy Hash: 8BD0C9A661D2801FD342C2708D2A4907FB1EB5714476AD9DAD488CB2A3D5269E078726

Function 051BDD90 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d4885a0315d9020d71f4db030c16b7af1f3381586551c846d634979119c8807
Instruction ID: a2bd5404d406c0a2cd2029eba1221d6d6d1344232ff8f21e7c907a7a3fa2b31d
Opcode Fuzzy Hash: 2d4885a0315d9020d71f4db030c16b7af1f3381586551c846d634979119c8807
Instruction Fuzzy Hash: DDD012323040005BC254C644CD82B55F3A1DBD4214F14C03C648DD7395DF39FE038751

Function 028F5388 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17889f3a61143fa59a0ea3994df1e3149921d230357c09b93a8a2dec0467bdfe
Instruction ID: 3aad35e4ae837a9f86ab5d662b09da9814e3d7e2cbbb25f4257e2bddbdb62d29
Opcode Fuzzy Hash: 17889f3a61143fa59a0ea3994df1e3149921d230357c09b93a8a2dec0467bdfe
Instruction Fuzzy Hash: 4EE0C231C09204DFCF02CFA4DB1019D7FB0FF4920171404EBD505D7220EA324A14EB02

Function 028F7FB0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00e074ef363a7cf40d10dbccaf41cc048c9c31407a2d0809b8ae3c9783022029
Instruction ID: ac6e204b91904ca17243fcc6aa96f3d27a96c344f2ef38d1395bb13d85e39057
Opcode Fuzzy Hash: 00e074ef363a7cf40d10dbccaf41cc048c9c31407a2d0809b8ae3c9783022029
Instruction Fuzzy Hash: AAE0177A9092889FCB16DFA89A1009EBFF1AF0520175045EBD909DB161FA364E589B82

Function 05BC78A8 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c2874d96c66456d9abdc76cc96b6e347ea59a1cfc27726bfb8c9e62ae5d107b
Instruction ID: afaba58a8d758d36d863d4a67e54005d36e39d1a139227f4b1b91472643423da
Opcode Fuzzy Hash: 8c2874d96c66456d9abdc76cc96b6e347ea59a1cfc27726bfb8c9e62ae5d107b
Instruction Fuzzy Hash: 81D05EB51483415FC302C729C820653BFA5AF96220B18C49A9849CB3A2EA32D916CA11

Function 05BC4CF0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e876925b0fb3113cbfd9b1490a010a0836f9c374dc4704a0335f980b7422b06
Instruction ID: f1b0105b0e13a130d47c9bb2fc1cd61a1e3b7b0a2def2e0f093310fef2d52ae1
Opcode Fuzzy Hash: 4e876925b0fb3113cbfd9b1490a010a0836f9c374dc4704a0335f980b7422b06
Instruction Fuzzy Hash: B3D0127610D2505FC742CF90E950885BFB29F86910B09888AE44097253C5228E0BCB62

Function 050E8098 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efa9c8a56637b66c0fcf8555fc68df02a4a52bb13bd9d19fb2188c2c17c3dcd6
Instruction ID: 53d2050c2af4350ad1c65cf5937283ee5bc9c436bf58b44ee846ab10b7ca2c5e
Opcode Fuzzy Hash: efa9c8a56637b66c0fcf8555fc68df02a4a52bb13bd9d19fb2188c2c17c3dcd6
Instruction Fuzzy Hash: 7DD0127110D2819FC302CB54D954856BFB1AFD6704716948EE4909B2A6C6628C17D727

Function 051E8D68 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90

Function 05203378 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24a412affb1a3b3c233b4ef67e58a19e11521b0304703af9d7c9e71110e4c7ea
Instruction ID: 6eb62ed0db8aeba5944c5ecce968a7fd5c8cec5fc581b6397df71b0026d34998
Opcode Fuzzy Hash: 24a412affb1a3b3c233b4ef67e58a19e11521b0304703af9d7c9e71110e4c7ea
Instruction Fuzzy Hash: 3AD0A7765042105FE340CE44C841AA6B3A5FBC4704F28881EF80083300CB62DD07C750

Function 05204AB3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f186b76789304b315fa1f7bc539a45b2980e49ce43efc04394f41d3d73e7dee
Instruction ID: f78a3ccc174b61766d05b9116f76ee6639dfc391791c18d96618e26e15acbbb9
Opcode Fuzzy Hash: 9f186b76789304b315fa1f7bc539a45b2980e49ce43efc04394f41d3d73e7dee
Instruction Fuzzy Hash: A8D0A77680010CEBC701EFB8C94056E7FF9DB4420078041E6A504F3200FF354E0057D1

Function 05BC69B3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 953413600e8e7c99ac8497d495efb273f446227ec239cbbe33c2920c42db2b77
Instruction ID: b94b52a2b4027d36fa9f996d15c6c84af2a3f509b6f28a693d22860cd70d8989
Opcode Fuzzy Hash: 953413600e8e7c99ac8497d495efb273f446227ec239cbbe33c2920c42db2b77
Instruction Fuzzy Hash: 7CD0927690110CAB8B40EEE8CA4159FBBF9DB49200B9049A69609E7211EB369A105B92

Function 05BC55A8 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51e781a7a62b42565176e28d8c341d5e98dc92e9312293968ac679fa8512f02c
Instruction ID: 86c22ac0de09e702438488850bd66d7f6a4017fd4dc588a39d9c7804624f547c
Opcode Fuzzy Hash: 51e781a7a62b42565176e28d8c341d5e98dc92e9312293968ac679fa8512f02c
Instruction Fuzzy Hash: 8AD0127120C2405FC741CE54E990D9ABBE59B95614B05488FA880D7646C526DD16CB72

Function 05BC2958 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63c7f35df6d07c48a5db65fc2099d9eb8dd79a93e6c1dfc92083b2ddc928c064
Instruction ID: 9e1aa4b51792eb1c80f6b695e1eac99466bbdacf72fc3a4f2f2508f68c3a5076
Opcode Fuzzy Hash: 63c7f35df6d07c48a5db65fc2099d9eb8dd79a93e6c1dfc92083b2ddc928c064
Instruction Fuzzy Hash: DDD05E76A082505FE244CB04EC82B56B765FBC5200F08884EE85053301CB61EC42CBA0

Function 05BC7F78 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74097733751dafee84d79bf7acc05f12ed3b7e685db7597bd363274605e8c764
Instruction ID: f8329779668df87ff8de6958941406d5f553330e9482f9f3447359cbde853f73
Opcode Fuzzy Hash: 74097733751dafee84d79bf7acc05f12ed3b7e685db7597bd363274605e8c764
Instruction Fuzzy Hash: 28D0A9A692D2800FC3028A308C221C4BFB1EB5304070988D6C089CB2A3CA2E8B0BC722

Function 051E55D1 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b30043610113ac1ae1c52aefba5170a79ec335e22683c0b3e62044c6a2778121
Instruction ID: 7925895959e2cfdbe8242facf7ea485dc86374aab37b418f6ff0f7ce7ce21718
Opcode Fuzzy Hash: b30043610113ac1ae1c52aefba5170a79ec335e22683c0b3e62044c6a2778121
Instruction Fuzzy Hash: 4CD0C93AA150148AD745CB68F891688B371FBC86A9F1482AAE918C7151EB329517CB41

Function 0520CDD9 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd5758bfc5cfa7dfa9467da1b0fb4e832c92ec3ad06885b6f5b151b7bb4f15d8
Instruction ID: 5f3f91f09950f187879c0727d18530e7f853fec065ae461be8903072c316440f
Opcode Fuzzy Hash: fd5758bfc5cfa7dfa9467da1b0fb4e832c92ec3ad06885b6f5b151b7bb4f15d8
Instruction Fuzzy Hash: C5D0C97570A2805FC346C664CC65811BFB1AFDA100729C4EFA488CB3A3DA36DD47CB52

Function 0520D728 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adab83dfc63a4d6feabb4524e343fa8f9f6f61931d031a0db40f631eb01dba11
Instruction ID: 4ed0d45bcd4ba97de154d0f8bc353032743607267d344e332afeb87f9f04fa6f
Opcode Fuzzy Hash: adab83dfc63a4d6feabb4524e343fa8f9f6f61931d031a0db40f631eb01dba11
Instruction Fuzzy Hash: 18D0C97590110CEB8B40DFA8D91059EBBF9DF49200B9045EA9608D7210EE315A106B92

Function 0520B210 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a23aa2d40f397c3cbb54b05320e4e9158f44a87e7de5c691b8ed676398edcdc0
Instruction ID: 99f48905c6e92c423fae2826e10bcf59eec6e58e52a7328b3d9f9199cd95c91f
Opcode Fuzzy Hash: a23aa2d40f397c3cbb54b05320e4e9158f44a87e7de5c691b8ed676398edcdc0
Instruction Fuzzy Hash: C8D0C97A94110CEB8B41DFA8890059EBBFDDF49200B9046E69608E7210EE315A105B92

Function 05204AB8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbe2a24ea69e0af51ce73bbe567d8e37eae4e8dabcaff131a7bd6c602555b79c
Instruction ID: cb35c21b7e9230fa834cf6502c19fd4ff0bc70184169e25a79d7d736256db8fd
Opcode Fuzzy Hash: cbe2a24ea69e0af51ce73bbe567d8e37eae4e8dabcaff131a7bd6c602555b79c
Instruction Fuzzy Hash: 22D0C9B690110CEBCB41EFA899005AEBBF9DB49200B9045E69608E7210EE315E145BD2

Function 051BDEF8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55f7377fab40577541cdf4d9d6c1a6aa38efc960756aa99856057c3fefcac234
Instruction ID: ccf4af1c609997406c17521d1520ff63c2ef9b55b8209a808073d00b3d6c5417
Opcode Fuzzy Hash: 55f7377fab40577541cdf4d9d6c1a6aa38efc960756aa99856057c3fefcac234
Instruction Fuzzy Hash: 32D0C97590110CEBCB41EFA8990059EBBFADF49200B9046E69608E7210EE315A146BD2

Function 051BE9B0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8179cbff29ae22e2b9fb09b656978abb7d36131cb3e2ea1afaca8869f4ca66fa
Instruction ID: 8c3528b762a912d0deb74afab60a5ebac44ab53032d4040f8dd552f579a6ef07
Opcode Fuzzy Hash: 8179cbff29ae22e2b9fb09b656978abb7d36131cb3e2ea1afaca8869f4ca66fa
Instruction Fuzzy Hash: D5D0C9713412009BC344CA24C896B25B3A1EBD5324F24C47CA808CB360DB3EEC0BDA10

Function 028F5398 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8156ba081538105339a1bbdbd7ed05d0de95dc2fbdd9e4237a0b6463a6eeb7bb
Instruction ID: 2acb35cf1601ebf3ea3f041e05d0728255d2495d8ffffc36f254d6656cc276fe
Opcode Fuzzy Hash: 8156ba081538105339a1bbdbd7ed05d0de95dc2fbdd9e4237a0b6463a6eeb7bb
Instruction Fuzzy Hash: 85D0C97190520CEF8F00DFA4E90159EBFF9FB49200B1045E6EA09D3210FE315A14AB91

Function 028F7FC0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15615aeeac8adabdbe4389674724d91e9bd26fe022f5d14f56738962860d221b
Instruction ID: c36fe1f864c234414a9c9e05d5d4dfe7efcdc75fd7e752d6eec3908c86311403
Opcode Fuzzy Hash: 15615aeeac8adabdbe4389674724d91e9bd26fe022f5d14f56738962860d221b
Instruction Fuzzy Hash: C8D0C97590110CEB8B55DFA9D90059EBBFADF49200B9045EA9A09D7210EE325E106B92

Function 05BC69B8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a49340da5534b0d6d51e8a25f19672dc6596791c39132489de2ac21c920b84
Instruction ID: 9f28563c38c505582598f31e968c4919d957abf4116f2410bc4d4f97bc8f7de1
Opcode Fuzzy Hash: e9a49340da5534b0d6d51e8a25f19672dc6596791c39132489de2ac21c920b84
Instruction Fuzzy Hash: 72D0C97690110CEB8B40DFE8C90059EBBF9DF49200B9049E69609E7210EF315A105B92

Function 05BC31A0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 043c1c1627df397fc319cc69c196eefaa04e25a97c2b4c450bb9807df84df701
Instruction ID: ed39535795f6041eea5bd659eb9707171610bfaa27cf3b71ee06f2c05238927a
Opcode Fuzzy Hash: 043c1c1627df397fc319cc69c196eefaa04e25a97c2b4c450bb9807df84df701
Instruction Fuzzy Hash: A9D0C97590110CEB8B40DFA88A5059EBFFADB49200B9045E69608E7210EE315A106B92

Function 05BC6C10 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ece1bb58a6d2e3eeaf07fb0c89142087c0398a1f9a4ac4dea1f708beacd1e85
Instruction ID: 11662c2aba7e491a4d9604bf4c56f6afa140441bba6346e27a94361ff57fbc56
Opcode Fuzzy Hash: 1ece1bb58a6d2e3eeaf07fb0c89142087c0398a1f9a4ac4dea1f708beacd1e85
Instruction Fuzzy Hash: D7D0C97590110CEF8B40DFA8891059EBBF9DB49200B9046E69608E7210EE355A105B92

Function 050E84C8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76894bfe8213688ea941a8c8e58ce039034e9e190cc3dd42a39c603ab0833c29
Instruction ID: ed790f4a8eae486265ce56123d254d5795f50d85ac9d790743cde5402b05e62e
Opcode Fuzzy Hash: 76894bfe8213688ea941a8c8e58ce039034e9e190cc3dd42a39c603ab0833c29
Instruction Fuzzy Hash: A3D022B291A8400BC302C338CC03484BFA19B6320079EC6F9C00CCB3A6E626AC078B91

Function 050ED0C0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03dc111c9b117bdd2442a4c414f30ac3cace52cedb2e6f3027d49d35c4659a5a
Instruction ID: db0a2b079468a7d226a1e82aa8bbb22091fb0bd6002ec21cf1cbbcb08cef19b6
Opcode Fuzzy Hash: 03dc111c9b117bdd2442a4c414f30ac3cace52cedb2e6f3027d49d35c4659a5a
Instruction Fuzzy Hash: 4FD012B63000005BC3A8C648E8C2B96B3A1DBD8224F18C02CE80DCB356EE3AEE43C700

Function 050EE290 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bcd77c2dd88e77c367848df4d09e5b443f321b20ec15ee8e4fcb24005e0ad7e
Instruction ID: 804b326842207439140f829c1a43da635d5f1786e38386a31445eb3e29024553
Opcode Fuzzy Hash: 0bcd77c2dd88e77c367848df4d09e5b443f321b20ec15ee8e4fcb24005e0ad7e
Instruction Fuzzy Hash: 1ED0C971200101ABC394C618CC86B96B3A1DBD4214F58C029E889C7756DB36ED43CB41

Function 050EEF00 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42f7c605e8effa0a1990e07ab803fb71995d7c5c5adaa06e7c0562b5df2f8af3
Instruction ID: 2e9bba5e3bf2aa1c91e4ae1eee5c768af8e0ae87290a15c8e57df12a00cc939f
Opcode Fuzzy Hash: 42f7c605e8effa0a1990e07ab803fb71995d7c5c5adaa06e7c0562b5df2f8af3
Instruction Fuzzy Hash: 9FD0C97590510CEB8B40DFE8D90059EBBF9DB49200B9045E69A08E7210EE315A105B92

Function 050EBB88 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43553b814a40d6aa67539dfd874986a7b992a8c042022ce23459c70ade29c98d
Instruction ID: d730afd46857cd10e1e72d271d9bc6ef765f2456aaa498569751f0edbc87d074
Opcode Fuzzy Hash: 43553b814a40d6aa67539dfd874986a7b992a8c042022ce23459c70ade29c98d
Instruction Fuzzy Hash: 7BD05B7560D3415FD355C714C8508267B61FFD5304B15889EE46487697CB66CC07C721

Function 051E9F88 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ef3e7f4a6da8483599a52375733e520fefefcdd36769c7fb3c6dd6f8235036a
Instruction ID: e9cadb9aba7273eaa171df154469e16e383842c04872f870c659082da4ba1447
Opcode Fuzzy Hash: 4ef3e7f4a6da8483599a52375733e520fefefcdd36769c7fb3c6dd6f8235036a
Instruction Fuzzy Hash: 63D0C97A90110CEB8B41DFA8890059EBBF9DB49200B9046E69608E7210EE319B106B92

Function 051E2690 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7079f67f5ffad7f88f53c1c58dd2e13350365c124833c4942a80e74ea5a4b4ad
Instruction ID: b8409faf5d182c06d72639dd57fee06a267bf196f3b357f10fbd3c8d18ee6929
Opcode Fuzzy Hash: 7079f67f5ffad7f88f53c1c58dd2e13350365c124833c4942a80e74ea5a4b4ad
Instruction Fuzzy Hash: C4D0C97591120CEF8B50EFA8990059EBBF9DB49200B9045E69608E7210EE319A105B92

Function 051E2BE0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45484448cb64b18c793ac27b05560e87250e296b9481d277c4ab2c2644560e83
Instruction ID: 74ff0dd41168a834d856d54cb322de3ae3944ed96fa5ad578d28e1e6d844ba79
Opcode Fuzzy Hash: 45484448cb64b18c793ac27b05560e87250e296b9481d277c4ab2c2644560e83
Instruction Fuzzy Hash: 53D05E7910D3815FD341DA64E910892BB61ABC5204B15884FE88083286C622C91BCB71

Function 052075D8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3adbd3f34ed2185ea416d2e1d9cb2c72271ed0cb4a69ac46c066166e1c4edb2f
Instruction ID: 6b9e96b88ef95d88876d1a3a59e0f645fb9460123b5c5b566098515222817e1e
Opcode Fuzzy Hash: 3adbd3f34ed2185ea416d2e1d9cb2c72271ed0cb4a69ac46c066166e1c4edb2f
Instruction Fuzzy Hash: A1D012B16794941BD341C6348C159857F61C776A01714C9B6D095C7186D523D91BCB50

Function 05206250 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2457000044b733863783434f81916ab2dbc23f028c56789057cd29c88d422d9a
Instruction ID: 6b1d9a582f920b3751d0490c0f826f253aab0b9e42d1d713c3ddde024f89c908
Opcode Fuzzy Hash: 2457000044b733863783434f81916ab2dbc23f028c56789057cd29c88d422d9a
Instruction Fuzzy Hash: 38C012347104008FCB48CB38D9027B5B3E2AB88200F54C0AEA48CC3A18EB328C0B8B52

Function 051B8CB1 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266f517ccb2be3d25262ad00eb0343974c301d24679b10f3f199e5faa431a54
Instruction ID: 2045d4688e49b5de95a37dc1696799341fb021f30e8a5eb60e235cd8d45443fc
Opcode Fuzzy Hash: 3266f517ccb2be3d25262ad00eb0343974c301d24679b10f3f199e5faa431a54
Instruction Fuzzy Hash: 20D0227282490047D300EB78CC01784BB71FFA2200F54C36EE4809A282FF22E54AD700

Function 051B9F02 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d13f782d0313dbcd102866581dd919f847da997545b007343640e85d80431b61
Instruction ID: 76b25ddae073b4120654af9c61039577a242b938972378f4e923146789f663b1
Opcode Fuzzy Hash: d13f782d0313dbcd102866581dd919f847da997545b007343640e85d80431b61
Instruction Fuzzy Hash: 3BC012323000005BD324C648CCC2BAAF3A2DBD8224F98C02C640DEB3A0DE3AEE43CB10

Function 051BEB58 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e55fc6264d638cf95df2c6d050f9366b3590aff03b52688d4a950743e630372
Instruction ID: 5a2a01988f8153f763100be9cada0298e6e68f1d08446351e97a815d9347a3dd
Opcode Fuzzy Hash: 6e55fc6264d638cf95df2c6d050f9366b3590aff03b52688d4a950743e630372
Instruction Fuzzy Hash: 33D0C9353051005FD344C62CC856B66BBA2DF99214F28C5ADA488C7361DA37E843CB00

Function 05BC5230 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37e317599bf02be17ffe3beae10f5ada6394719d10f39b349ff10220d2102afc
Instruction ID: f29ed2a27ff4dd7de872fdb952ac918f7d48f0def45fe03bb6a40e8c5c1bf322
Opcode Fuzzy Hash: 37e317599bf02be17ffe3beae10f5ada6394719d10f39b349ff10220d2102afc
Instruction Fuzzy Hash: F3D0A9A264D2809BC341D2308C6A886BFA29F53201308849EC4488B2A3E622A927C356

Function 05BC3631 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 469d5d443eb1f63ee643bea8ad2b02fccb03c82f98eeb648152561391bab7274
Instruction ID: 3fc4d9780d560537d9cb9008abaac54c6477e55e75d59480568c22e93df2bd80
Opcode Fuzzy Hash: 469d5d443eb1f63ee643bea8ad2b02fccb03c82f98eeb648152561391bab7274
Instruction Fuzzy Hash: 47D012711092414FC74AD774C964400BB70EB4210472694C7D044CB192D72299078759

Function 050E6CC8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b318f28300575c0f9d81a3c35a9343e7fc727a8b6ed46dd0c5d9d9e60607f2fa
Instruction ID: bc26dee98905dc21ca87a70ba22b3e84e091260fdb88bdbd9d066c2bd2b333a4
Opcode Fuzzy Hash: b318f28300575c0f9d81a3c35a9343e7fc727a8b6ed46dd0c5d9d9e60607f2fa
Instruction Fuzzy Hash: 19D0C96165A2841FD301C3648D1AA49BFE19F9325571DC4DAC9888B2ABDA259807CB15

Function 051E3591 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57ade709de8550919e80493a0e658b43c11ef741c1bdf70a1c4bfec234482138
Instruction ID: 2847a2b36c61b717c9750f66a5ed37734faa5e150f9d21dc6189e91dbfe088c9
Opcode Fuzzy Hash: 57ade709de8550919e80493a0e658b43c11ef741c1bdf70a1c4bfec234482138
Instruction Fuzzy Hash: 96D0A7B510C3C04FD241DA50E420542BB61EBD5604B068C4FE44083243C622DC1ACB60

Function 051E5C20 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
Instruction ID: 1d2c5b51030abd186a83bee4b09449a282c16bbf154cb9b97365610c327b5c4c
Opcode Fuzzy Hash: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
Instruction Fuzzy Hash: B8D0C9712081219F9244CA48E950C6BB7E9DBC9A10B14884EB88493241CA62DC16CBB2

Function 051E5169 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc2acfff769c119e0f8281efa4c560d5d331f9ca1fd80cb8e09d066d4db29f42
Instruction ID: 05910b7e78a1093a961243e34042d5637d8bdadf9c86d65e49c2ff6599085096
Opcode Fuzzy Hash: cc2acfff769c119e0f8281efa4c560d5d331f9ca1fd80cb8e09d066d4db29f42
Instruction Fuzzy Hash: E4D0C9346102009FD384CB28C842B25BBE5EFD9604F14C02EA449C7390EF329C43CF11

Function 05206DD1 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d9cb163e4675db80697868e6077fb7df0480367e27f4c1520c32246cce33eb1
Instruction ID: 6d49529f9a031cd9d980277c2c507ac2635c79cb4f77d8abf2df8faf8601d550
Opcode Fuzzy Hash: 5d9cb163e4675db80697868e6077fb7df0480367e27f4c1520c32246cce33eb1
Instruction Fuzzy Hash: F2C0127440A2804FC38296208C10C90BB30AFE2A0831AA4DED404CA2A3C623A80B8611

Function 05203628 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
Instruction ID: 805465856a0e97f1801a7b9e58a9ccc16fe6aa036e262aa7ced1ad80dc8590cd
Opcode Fuzzy Hash: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
Instruction Fuzzy Hash: 59C012752142125BD254DA04C841D66B3A6FFC8314F14C86EE85083345CF76DC07C7A0

Function 0520C931 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1f5269d9c2cb84cecd5196c39f20f7078b8098e3b06a29fde1ceb1034b1c943
Instruction ID: 1a588d84adf7e6ba15c1a81888aa6b26e639bcf80f6f7bf8ab965db3895a8116
Opcode Fuzzy Hash: a1f5269d9c2cb84cecd5196c39f20f7078b8098e3b06a29fde1ceb1034b1c943
Instruction Fuzzy Hash: 95C0027510A2818FC3868B709869440BF70EF8360973AA5CED4858B2A7DB26990BDB56

Function 05204070 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f81ffda9770564412da37cbf47386c95ca19164b66d465b9a77f0f81d7f58547
Instruction ID: a44d9ac060220f98f2b9bd7b112e4ab7ec1d88bd908cbc73574f3a541aea9d74
Opcode Fuzzy Hash: f81ffda9770564412da37cbf47386c95ca19164b66d465b9a77f0f81d7f58547
Instruction Fuzzy Hash: 3AD0C9396011009FD344CB38C941A52F7E1EB98604F20C42DB408C3350EB329D07CB42

Function 052062B0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00a2144d046120ea4d6cb658985dbdef2ddc33cb10a43bf9f5d9e79b39d81e92
Instruction ID: c13a5e5470af475477c57acaf27dc62d6e58401a0f53596798ed9145a11ecb85
Opcode Fuzzy Hash: 00a2144d046120ea4d6cb658985dbdef2ddc33cb10a43bf9f5d9e79b39d81e92
Instruction Fuzzy Hash: EAC012B11062409FC74A8630C8644547FB0DB4320875654CEC000CF1B2C6235907D701

Function 051B91C1 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c234ee24acbd5fe56b7bc528ac65c3998659f24fef7d90c1815ee2e3193b46e
Instruction ID: 816638c5e214ed8ff266f8ffa6f677cf40b915dded6ca3a40b298ecea05314f9
Opcode Fuzzy Hash: 1c234ee24acbd5fe56b7bc528ac65c3998659f24fef7d90c1815ee2e3193b46e
Instruction Fuzzy Hash: 3DD0A7752083C19FD241CA18E410755FBA1FBD5200F188C4ED44043302C723DF16C7A0

Function 051B82E8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 051B6F69 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1344c665282f6213cc9577e8ec30e3d9ec850a9f3e6b8b825a525f1eea63710c
Instruction ID: 60ffaab5c4ee66526ca02b38a33e70376d0011fd77c775d99e50a6b44c15e042
Opcode Fuzzy Hash: 1344c665282f6213cc9577e8ec30e3d9ec850a9f3e6b8b825a525f1eea63710c
Instruction Fuzzy Hash: 06C012B65051804BD341C264CD52B44BB51D741215F19C0EE84449B203D922DB078750

Function 028F08C0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34272eed9e53df692bc8be6204ee986d8c83a68f19f09d1a06f3850bf36c352e
Instruction ID: cb15cba21ea8fc629e59453eb9129620699c274c452e2889fbae384a54f83278
Opcode Fuzzy Hash: 34272eed9e53df692bc8be6204ee986d8c83a68f19f09d1a06f3850bf36c352e
Instruction Fuzzy Hash: F3C012A248CBCA4FD3830BA06C25381BF905B13222F8802C2C2A8481D3E66902808743

Function 05BC69F0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 05BC4D00 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 05BC2FA0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 898f9d61ca7356faa84892202c37157221684acb6bd5fc2fba12c2f52c5d3264
Instruction ID: 6abdc9f5e60e6413cbb5312a71ffe2cbb138503c2edc9f6286e1af17012ca9d6
Opcode Fuzzy Hash: 898f9d61ca7356faa84892202c37157221684acb6bd5fc2fba12c2f52c5d3264
Instruction Fuzzy Hash: 2FC0807151D2404FC382C354DC515407F719F4220470F80CAE544CF1D3DB26C9178710

Function 050E67D8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 551de7098e4aa305bd460134bc73461dc81d5f2e9a0478849397784e6d537775
Instruction ID: 94f640b0d549df034ff0b16b0ff36d7df8af74c55ab73d1913cc7ec2b976c7f9
Opcode Fuzzy Hash: 551de7098e4aa305bd460134bc73461dc81d5f2e9a0478849397784e6d537775
Instruction Fuzzy Hash: B0D0C9752092805FC302CB60C861555BFB16BA7244B1AD89AD4D8DB2A7CF31D903E711

Function 050ECC68 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 050E0AF8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0

Function 051E4018 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 051EEB10 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd451bc7cccd177471409f3a52ba81dcb4ea58801ae84ab75e529a258c043428
Instruction ID: 5861a9ff287bc0a999bbd30a8443f70c9adc21d559f91a9ba71c798b3d06a292
Opcode Fuzzy Hash: cd451bc7cccd177471409f3a52ba81dcb4ea58801ae84ab75e529a258c043428
Instruction Fuzzy Hash: 60D05E7560C3C15FC342CB68E420466BF61FB8A610B148C8EE89087252C726981AC752

Function 051E1249 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f591725e525a5a8d5fb20c672e80e8395c365615b67196758a872fb710af336
Instruction ID: a28cb1c66dbc58e9e7558d1b0d5c16990dfc430a726eee5a7e56de5a4b475ddd
Opcode Fuzzy Hash: 3f591725e525a5a8d5fb20c672e80e8395c365615b67196758a872fb710af336
Instruction Fuzzy Hash: A9D0C9387011419FD344CB29C952B21BBA2EF8A344F18C4ADA498C7351DA32E843CF00

Function 05203DCB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc51c27a393ef13df97fbf430050db0a95fe8d6fd93d22599a5dbbc42a19b9b0
Instruction ID: 61307fb49b1e292039a8d53f39c6cf82a49b17aef03e20d10aada2b8f1679019
Opcode Fuzzy Hash: cc51c27a393ef13df97fbf430050db0a95fe8d6fd93d22599a5dbbc42a19b9b0
Instruction Fuzzy Hash: C9C012367005009FD344CA28CC92B22B7E2EBD8201F24C02DA408C3395EA32EC03CB04

Function 0520CF41 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ead69c8035044a7d984d01ccbfdc78b0b0aca329d1a0dafe93488ea631a2da88
Instruction ID: f5a5b9108f67fd6faf1cd964d169299653cfceab1792cf2a00b534ddde3cd144
Opcode Fuzzy Hash: ead69c8035044a7d984d01ccbfdc78b0b0aca329d1a0dafe93488ea631a2da88
Instruction Fuzzy Hash: 4EC04CA101E2D00EC782927488558913F319B9741931F99EED0C58A5D386074D1BC712

Function 05204AA8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ee2624259ac747c948dcd9081b7c1fffedb6ca768743c7d7abc9464da3f11c9
Instruction ID: c713742b5c2006220725e1a36fb03fbbf5dbaf79dc1359ea4e24c27995985102
Opcode Fuzzy Hash: 9ee2624259ac747c948dcd9081b7c1fffedb6ca768743c7d7abc9464da3f11c9
Instruction Fuzzy Hash: A9C08C7A81640CEE8B62DBA494214EDBBB6DF0120079003E2D508A3020DE320B249BCA

Function 05204AAB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e69153d8291dedb2ee787c7ca9d6b354c81732b90c7aa1edbb7e5f9cea3d51f0
Instruction ID: 0885502819043f428973457173692076a1641d65007e087e7e24855880be2a90
Opcode Fuzzy Hash: e69153d8291dedb2ee787c7ca9d6b354c81732b90c7aa1edbb7e5f9cea3d51f0
Instruction Fuzzy Hash: 3DC09B3E42540C95CB40E680D9117687756EF45310F9413D1591D55171DA15472557C3

Function 051B14D1 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd69c7413fc943c2e9cbb6ea06ccc2150a187c3a33a8a5475f53dee3b2172e79
Instruction ID: 956662e632d5cecc68c1a610f6c9f846c2eee92878ba35cbbb1e78e54a31aa69
Opcode Fuzzy Hash: fd69c7413fc943c2e9cbb6ea06ccc2150a187c3a33a8a5475f53dee3b2172e79
Instruction Fuzzy Hash: D1C09B3620410047C255C584E9D17C4F361D784214F18D16C941CDF345CF27D7035740

Function 051B7601 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d29816a7d3719e638f80fde27d4cd852ded07a525bab08f772e4948efc79efd6
Instruction ID: 8202a870a6c55bea4b8ee3035a54428b6817a8cb71847e87f7ef41f824c9310d
Opcode Fuzzy Hash: d29816a7d3719e638f80fde27d4cd852ded07a525bab08f772e4948efc79efd6
Instruction Fuzzy Hash: 6BC02B331011004BC315C588DCC1380B351C780611F0CC258100CDB3C1CF2AC7034700

Function 051B91D0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 051B5E10 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c720d009b2293b657886baadcb720498e0cae87a03c6921057911d601bfc8f55
Instruction ID: 49974a57ba2caaff26ac796c16f81937c7af50417bf651258e0129edc6b310cd
Opcode Fuzzy Hash: c720d009b2293b657886baadcb720498e0cae87a03c6921057911d601bfc8f55
Instruction Fuzzy Hash: 1AC04C7394540097C65595D8E9C17D47751A78A229F588259D40CDB245CF2ED6439A40

Function 051BA9B0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e7d991f0b2dcfc3fe858156bf9652d3c5f05602a7eec2e19eeb1516df3013e2
Instruction ID: 40e0c6bf016b682277c5c16f891e11ae5c8e87de5e6ebe48197e039c682ef9ab
Opcode Fuzzy Hash: 5e7d991f0b2dcfc3fe858156bf9652d3c5f05602a7eec2e19eeb1516df3013e2
Instruction Fuzzy Hash: 4CC04C71208D069BC754DA14CD96715B375EF84314FB8C4A9B425D728ADB3BD8139A44

Function 051BAB50 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acbc5064bcafa1b46951cce082d66cc7d28f96665e881dc3a407825d7732b066
Instruction ID: 0e1274fb30daa58329cd88a0e8c398606635fe091169b7a0cc9f50d39b3543bf
Opcode Fuzzy Hash: acbc5064bcafa1b46951cce082d66cc7d28f96665e881dc3a407825d7732b066
Instruction Fuzzy Hash: 92C08C3220808217D3229A08D882740FB60CBC1200F2CC4989018CB242CF2AC5538B00

Function 028F645A Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9b6cee9b27d8866ab259ddd71b60b9f2f58d14451fba52960413659aebd2547
Instruction ID: 731b8527068e3391176b184c8d9caf992cc8375fa3ddf3fc85be403b561de385
Opcode Fuzzy Hash: f9b6cee9b27d8866ab259ddd71b60b9f2f58d14451fba52960413659aebd2547
Instruction Fuzzy Hash: 20D012713081805FC704C718CCA5B15FBB19FD5205F18C49DA889CB356DA31EC03D715

Function 05BC6DE0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e5998b63271d4fbf0ec898a047613b80f7cafae26bcefcb99590b41f0191d15
Instruction ID: cd9aab24d68a0fbc00139cc7f483cf08111bc9e487261c1da9fe1dabe9abfaff
Opcode Fuzzy Hash: 4e5998b63271d4fbf0ec898a047613b80f7cafae26bcefcb99590b41f0191d15
Instruction Fuzzy Hash: 51D0A97150A1880BC381C3208D223C5BFA18B92205F18C09E88488B253D6229A0BCB22

Function 05BC6930 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 056ed8def60b60c839fc30cb6f4d5d9c65fb1faf190ec09da90fa760c7da952f
Instruction ID: b872c984c2d5610a7b3fadc1e61f3cb9ce6c5bf0826b87010ec6b25adb18adfe
Opcode Fuzzy Hash: 056ed8def60b60c839fc30cb6f4d5d9c65fb1faf190ec09da90fa760c7da952f
Instruction Fuzzy Hash: 3BC012E244A2808FCB82C6208894080BF30DB6B10030BA8CAC0608B1A3CA178A0BE702

Function 050E05A8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45228304303c7280959582f4f669394f00125076f2740b54917b382897826058
Instruction ID: 4307e18c8a92a47140a0683c9bafe2772f6126ba22b9fade80de2906f9b80aee
Opcode Fuzzy Hash: 45228304303c7280959582f4f669394f00125076f2740b54917b382897826058
Instruction Fuzzy Hash: 91D0C93820D2815FC341EB64C960816BFB15F8B319B19C89A94C48BA63CE35D903D719

Function 050E0860 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 051E4520 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 051E2DFB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a0542805eb1c17f10d089303f1794b317cb4307e86741a0df48a6a6d4036042
Instruction ID: 73b3982373deb122314108fc87b8200cf68f29d90dce39dac4eaddf76c7f5931
Opcode Fuzzy Hash: 0a0542805eb1c17f10d089303f1794b317cb4307e86741a0df48a6a6d4036042
Instruction Fuzzy Hash: E0D0C9342011009FD348CA28C842B16B7E5EFD8610F14C42DA488C3351DB31DC03CB10

Function 051E1670 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 05205EB1 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e11360f6b4157e46ff6d73649aa0e6bab9c92664ed19fcd2f65d983cbfc6a61
Instruction ID: 4ba94d22791f430612b8eda6292e2f50d7a9bd1f622d29853b314006fd88296b
Opcode Fuzzy Hash: 9e11360f6b4157e46ff6d73649aa0e6bab9c92664ed19fcd2f65d983cbfc6a61
Instruction Fuzzy Hash: 61C04C759141009FD345CBB4D8917147BB1FF85604F55C06DA805C7219DB3BA9078F41

Function 052033A8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae948d99bc1f1d373088a518726d6802ed9e68ae0283efa762f38181b4f23d47
Instruction ID: 0835571904a86911aeef7479e3560dee6cbb0285f37d8a39f6c32b9dcae0ee95
Opcode Fuzzy Hash: ae948d99bc1f1d373088a518726d6802ed9e68ae0283efa762f38181b4f23d47
Instruction Fuzzy Hash: A7D0C93C1001009FC745CB60D590B61BBA6EF98614F14C59DA80887251DB36980BDF41

Function 050E42D2 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0caa1c6902aa20d9cc5d70d8e944b199aaf084f702140f8e3496ea1e14b43e6
Instruction ID: bf2180df072430e37fcc1d543c88f09c20b00e31220b946115ec07c492de9a47
Opcode Fuzzy Hash: b0caa1c6902aa20d9cc5d70d8e944b199aaf084f702140f8e3496ea1e14b43e6
Instruction Fuzzy Hash: B2C012B250D2800FC702C224C850404FF72AB8220434EC0CE9488CB293CA2A9806CB90

Function 05203F80 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17ecd67ba88299163addf91bf1a094607f93fd1b7f2e319ee096ee21c0815165
Instruction ID: c2668dbb283a02f9f630b10ed92ffe6a0e8af95727c49c3586412286116d5963
Opcode Fuzzy Hash: 17ecd67ba88299163addf91bf1a094607f93fd1b7f2e319ee096ee21c0815165
Instruction Fuzzy Hash: 70C04C395441448BD749CF34D89565477A3FF86608F14C26DA404C7555DF37D51BCB41

Function 05204EEB Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56bb2ee8fbfbd11e23919eb8dbd9be9b93ca3a5a901a5c3fcdd7df279b8b401a
Instruction ID: 1e3f8298eca5368d7112699c88a74482743591fab844153e7b6828cf06fb2daa
Opcode Fuzzy Hash: 56bb2ee8fbfbd11e23919eb8dbd9be9b93ca3a5a901a5c3fcdd7df279b8b401a
Instruction Fuzzy Hash: A1C04C753001005F8244C618C995926F7A5DBD8218B54C46D7449C7355DB32EC03C654

Function 028F4264 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f1346073ab6a6e6e797a8cb502f6d5a9c4392e523e9054ceb6a678217b8c06c
Instruction ID: 08bb8f92eadf0625f5791df69fad659bf68d71811eb4a081ce7ba3de08ed4e73
Opcode Fuzzy Hash: 1f1346073ab6a6e6e797a8cb502f6d5a9c4392e523e9054ceb6a678217b8c06c
Instruction Fuzzy Hash: E5C0123CA80028AFDF812A90E8949AC7A33FF88300F000024EA02A2A98CA210C14AB00

Function 028F9608 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4df840ecf439dee68febe601433ef41e0efe1aa7854c1b59b6aea46a011b7ba
Instruction ID: 8add3b899420f84305f6aa7709a56d5ffa0c9c0d60325c157f88aaf394c28ac1
Opcode Fuzzy Hash: d4df840ecf439dee68febe601433ef41e0efe1aa7854c1b59b6aea46a011b7ba
Instruction Fuzzy Hash: 17C01238A00108ABCF192AA0E8549ACBB33FB48200F008016FA02A2264CA324C219F11

Function 028F6E51 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 701ba3243aa9e3437e5e7401c7c2b481dee01b30d693ddfc0d138f452aa2a8f0
Instruction ID: 0a7dc6064f348d9bc68d43351f2f207a6e709a65c255cf3d6b7beaa1199328b5
Opcode Fuzzy Hash: 701ba3243aa9e3437e5e7401c7c2b481dee01b30d693ddfc0d138f452aa2a8f0
Instruction Fuzzy Hash: 47C09B311572977DC7461370381635DBF5C674770CF88D054B1C8C7147CA1854035245

Function 05200C50 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 051BD438 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 051B6919 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88735df12e085b2b97654ff4a6e06f651bc8416268058a7aeddeac1572aa49e9
Instruction ID: b67edad61f67ff568fde2caf817f453d02283590140e4fa4748c5a486eb2fbb9
Opcode Fuzzy Hash: 88735df12e085b2b97654ff4a6e06f651bc8416268058a7aeddeac1572aa49e9
Instruction Fuzzy Hash: 27B092762080114B824AC648EC8145CB362DAC4214718C0A96409DB74ACF22DA038750

Function 051BA800 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 028F83F0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12cd6ae82860ac040d0b17f7124a98af403a49524f2b3c833711adbc953d8a19
Instruction ID: 2046d23edc7a545d79ceefcdd1372ebb1b6b91132fbc16b175a824efe61602fa
Opcode Fuzzy Hash: 12cd6ae82860ac040d0b17f7124a98af403a49524f2b3c833711adbc953d8a19
Instruction Fuzzy Hash: 95C09B741150D04AC6458775DC51B94FF60EB47215F1CE8C8D8C44631ACE279403F610

Function 05BC5240 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 050E84D8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 050E67E8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 050EAA50 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 0520BA10 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b84d1ed15a146e6cb9b99b32c2be9574260746a6e72685950fade66c0e5d8b05
Instruction ID: 9ffac89394e409cfd1eee2c19bdc4576c6987de2f266d78dfcfc184ffe651575
Opcode Fuzzy Hash: b84d1ed15a146e6cb9b99b32c2be9574260746a6e72685950fade66c0e5d8b05
Instruction Fuzzy Hash: 46C092341102009FC344CBE0F8D2B09B720FB8F308F18C089E60947325DB3AA903EE10

Function 051B4C1A Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b43bfa6236dfbef9f934aa871e1d87731abecd0771831421cb5c042d5f6cfbf0
Instruction ID: 7ea8824d6f70fad09dfa5cc30e288f1b27f5b609e2a46740cc315baf510d125c
Opcode Fuzzy Hash: b43bfa6236dfbef9f934aa871e1d87731abecd0771831421cb5c042d5f6cfbf0
Instruction Fuzzy Hash: D5B012312080016BC345C648E8C1448B361DBC4204318C0AD680CCB345CF33DB039784

Function 028F8670 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
Instruction ID: e80b9cbb32ce7aa80f269217a2acaa4f8c5de131eb2df65f765f3a476441bad2
Opcode Fuzzy Hash: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
Instruction Fuzzy Hash: 3DB002747054005B8748D65DD951515A7D29BC9215728C4AD641DC7355DE22DD039644

Function 050E7DB9 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f0e7621c2d01c4ab853e9ef9e13ee9c360e0aa7659e3b9f1a23860f5f0378ce
Instruction ID: ee8ae6d2d40f5b90836fbac1c1b0577be1ebb91d62a36a66eabf0a197ef18d6a
Opcode Fuzzy Hash: 5f0e7621c2d01c4ab853e9ef9e13ee9c360e0aa7659e3b9f1a23860f5f0378ce
Instruction Fuzzy Hash: 95B012B16040009BC344DA08D891608B362EFC4605328C09CA409CB346CF33D9038B50

Function 0520B190 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 0520B1F0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 0520B250 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 051B6810 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 051B4AA0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 028F08D0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2f3759229300dec757fee1718a97d8dedc57cc463ac104ccefe4c12e4fd5589
Instruction ID: b8cf5549d0562b279d6a7c7eba1ce00091888a6def954c16ff9804c8e3f74e6e
Opcode Fuzzy Hash: c2f3759229300dec757fee1718a97d8dedc57cc463ac104ccefe4c12e4fd5589
Instruction Fuzzy Hash: CB9002354C460CCB568027D67449555775CA6445157840551E60D416455E65642045A5

Function 028F6E60 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1d46ffd48cee63b4da7d377437fbf0f52809e4478e32e261b0ddc3712206fdf
Instruction ID: 9bf526e9f13b919e1e956769d0fce80ed20b033337fab5bf5671ada5fefea3e4
Opcode Fuzzy Hash: e1d46ffd48cee63b4da7d377437fbf0f52809e4478e32e261b0ddc3712206fdf
Instruction Fuzzy Hash: 9590223000020E8B00002380300A008BB0CAB00008380C000B20C802020E282800008A

Function 05BC39C0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 05BC3D40 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 05BC6890 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 050E30F0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 051E4670 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 05204EE1 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d5b74a3464112a6765594da12762a2de9f77794b0177741cb28ff480b004387
Instruction ID: acd3410c80573a7207a281af457919074a4e447733e77b34a4a54a48cf18abb7
Opcode Fuzzy Hash: 9d5b74a3464112a6765594da12762a2de9f77794b0177741cb28ff480b004387
Instruction Fuzzy Hash: 52A00271122044568604E694C955C25B6166FE1205B34D16952164A5A6CF629D12D698

Function 028FBB60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

Function 05BC2CB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4602974967.0000000005BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5bc0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

Non-executed Functions

Function 0520D0E5 Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

@, xrefs: 0520D49D

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 25b50cbc4652ba1c707ceb98bea4a216015523d790fefd6d40518693639fa495
Instruction ID: e04448e5204e624206c97005bac3ff9a3ca399c764662a4f77d0f74a6f4aa4d3
Opcode Fuzzy Hash: 25b50cbc4652ba1c707ceb98bea4a216015523d790fefd6d40518693639fa495
Instruction Fuzzy Hash: ACA1FE386110408FD785EF28E59596A37BBFB993047014159D606DB3BBEF78EC02CB91

Function 050E9CC0 Relevance: .8, Instructions: 818COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c39eaaaa9866540df98ce851b58f312d3617c1309507e669579d98e799ee78
Instruction ID: 29961ceaaae7013abe77e8a333dff148fc990efa1dbcd6806dbf262c33fcdfca
Opcode Fuzzy Hash: d7c39eaaaa9866540df98ce851b58f312d3617c1309507e669579d98e799ee78
Instruction Fuzzy Hash: AE723E74B001459FDB45EF68E894ABF77B6FB88300F548159E606A7399EF389C02CB91

Function 05200040 Relevance: .7, Instructions: 675COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8afccbc053f5e2b9139090a9e1b37250ddd1e9e3ac56114479b50db8ff59676c
Instruction ID: 7219dd8336326be5cefb7fdac628f53a13ea9805276f9760d118a2699e7e9b0e
Opcode Fuzzy Hash: 8afccbc053f5e2b9139090a9e1b37250ddd1e9e3ac56114479b50db8ff59676c
Instruction Fuzzy Hash: F0521C34B002058FDB15EF64D894BAE77B2FB89300F5045ADD60AA73A6EB71AD46CF40

Function 05201F60 Relevance: .6, Instructions: 646COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ae1c38380819385cb46f776545a9ff341e75f6eefba5b7d0b803942f6d9d59d
Instruction ID: dccffe3dcd1e1fa5761cf3a3390679777cd9e6e4933ad36d6b265db40d77fb4a
Opcode Fuzzy Hash: 5ae1c38380819385cb46f776545a9ff341e75f6eefba5b7d0b803942f6d9d59d
Instruction Fuzzy Hash: 1D521C34B00205CFDB15EF64D894AAE77B2FB89300F5045ADD60AA7366EB309D86DF50

Function 05200007 Relevance: .6, Instructions: 632COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a26eb9c34f4f8c0ac192e516874d783897d3c01766c76137f490abffc381e32
Instruction ID: 4885c69de56955b9150128c59af75eef60da41668c24d575da558db4cf341d31
Opcode Fuzzy Hash: 6a26eb9c34f4f8c0ac192e516874d783897d3c01766c76137f490abffc381e32
Instruction Fuzzy Hash: 25421A34B006058FDB15EF64D894BAE77B2FB89300F5045ADD60AA73A6EB319D86CF50

Function 05201F50 Relevance: .6, Instructions: 599COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d32e97c26c1b97439ee36ba500061f3205cd2d35b95c55977d2c3b92ee9289c3
Instruction ID: f8a5edcb28e9304e79ed5ac0448206ff16b35b16791f0c7a7558d045d795e26c
Opcode Fuzzy Hash: d32e97c26c1b97439ee36ba500061f3205cd2d35b95c55977d2c3b92ee9289c3
Instruction Fuzzy Hash: 4B421C34B006058FDB15FF64D894AAEB7B2FB89300F5045ADD60AA7366EB309D86CF50

Function 052040A8 Relevance: .4, Instructions: 417COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecb8bb182a8ce3f0a0180942e0fa56275ce028df4726f2483fa1112a882b5a93
Instruction ID: 97f1cfd532b4670410636c632366ac2906b86ce2f88fbbeda350d7b50cb2698c
Opcode Fuzzy Hash: ecb8bb182a8ce3f0a0180942e0fa56275ce028df4726f2483fa1112a882b5a93
Instruction Fuzzy Hash: 87025BB0A112168FDB59DF68C494A7FFBB2FF88300F108629D65A97795DB30A941CBC0

Function 051EE330 Relevance: .4, Instructions: 401COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 380d4a913ec4f505d72d74bcf9a32259590f777ced57d41108f8f559544b1cf6
Instruction ID: 378bac97fa4f3ceb1b69e86455749f2d0790d9a7acd0ae0ce48ddc363c48fcbe
Opcode Fuzzy Hash: 380d4a913ec4f505d72d74bcf9a32259590f777ced57d41108f8f559544b1cf6
Instruction Fuzzy Hash: EFF1DC74B101149FDB05EFA4E894AAEB7B7FF89300F108519E505A73AADF70AC42CB50

Function 050E6D00 Relevance: .4, Instructions: 395COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4599268672.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e39ac6927a9fdc13cad911bafb232a715b93d5572b4b04a128ebc23682e61bbb
Instruction ID: 7e3def14473f6e03e1bda779833194376c0ec1db06c946c4eb4cc76437f320f2
Opcode Fuzzy Hash: e39ac6927a9fdc13cad911bafb232a715b93d5572b4b04a128ebc23682e61bbb
Instruction Fuzzy Hash: 59F15B34B052559FCB45DFA8E484AAEB7F3FB88300F65C059E906AB359DB34DC428B91

Function 051EE320 Relevance: .3, Instructions: 324COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da0f669acd889d68653ae62082ea84d46c481095ccfe2fb445b314f36030b84d
Instruction ID: 61d9e7f9cdd1c6f022a5206ff80e0a4a97e1e376c048067e6b27cb2aa1c9e2c5
Opcode Fuzzy Hash: da0f669acd889d68653ae62082ea84d46c481095ccfe2fb445b314f36030b84d
Instruction Fuzzy Hash: B4D1CE74B101149FDB45EFA4E894AAEB7B7FF89300F108519E505A73AADF716C42CB50

Function 051B6260 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600013838.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 303932a69178f7e5b6382f6f7726dd2225200a2d072079ab478e13e832f677aa
Instruction ID: 292cce780c8994c27296c66162b9ef4cf45017f8f43d999035dd8d2708b2b832
Opcode Fuzzy Hash: 303932a69178f7e5b6382f6f7726dd2225200a2d072079ab478e13e832f677aa
Instruction Fuzzy Hash: 89C1B0346001059FDB05EF28D494AAE77B7FF98300F158629E90A9B3A9DB74EC42CB91

Function 0520F54E Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67e6e9ec95f83560ed0aaa0dad5e2c9f51e06fd647fa749ed959a733537d010b
Instruction ID: a7b6ce94e9c87d97db53b6b85980617f7bfd53c79243689c450487ecab5e9f34
Opcode Fuzzy Hash: 67e6e9ec95f83560ed0aaa0dad5e2c9f51e06fd647fa749ed959a733537d010b
Instruction Fuzzy Hash: B2D10C74B101558FD799EF28D598A6E77F6FB88300F5040A9960ADB3AADF349C42CF81

Function 0520F557 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d761e706273063f94f84168a8f70973c8e85db4c4bb11ee7675d53cb20c7ec7
Instruction ID: 71ade3c0882b9a99e1e864348f1c2b3c1a347bf07b7954c672085f7b8945b295
Opcode Fuzzy Hash: 7d761e706273063f94f84168a8f70973c8e85db4c4bb11ee7675d53cb20c7ec7
Instruction Fuzzy Hash: 67D11D74B001558FD799EF28D598A6E77F6FB88300F5040A9960ADB3AADF349C42CF81

Function 028F5AD2 Relevance: .3, Instructions: 293COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ea203111635978605cfa156a6549aa2276c6cfee00d6441564be0526fffa5c6
Instruction ID: e14c7f5192ce7b7c50782045cdaf64c8e63cdcc6cbe3b19c83c2b3ba61befcba
Opcode Fuzzy Hash: 5ea203111635978605cfa156a6549aa2276c6cfee00d6441564be0526fffa5c6
Instruction Fuzzy Hash: F7C17639A006188FDB54DB68C984BADB7F2FF88304F5181A9D11AEB361DB34ED41CB80

Function 028FAF80 Relevance: .3, Instructions: 283COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe58cb6fbe1273ad5abde955ac5f540661a9d7965341042638855cf2054a684
Instruction ID: d88f9cb1325458ccde7d4af2e0dd015509a2fac197923a1cc517e68d4b410e84
Opcode Fuzzy Hash: 8fe58cb6fbe1273ad5abde955ac5f540661a9d7965341042638855cf2054a684
Instruction Fuzzy Hash: 9BB17079E001298FDB45CBA8C9806ADFBF1FF88304F688669D559EB201D734ED46CB90

Function 051E8E28 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600240634.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5ffbae85d72ad2189715985ee08346646d4b7dd6efe6551ce47059804a85b93
Instruction ID: 29a2730b666d3307645894a65d113f143a81a994fc7dde296282760f1bf78929
Opcode Fuzzy Hash: a5ffbae85d72ad2189715985ee08346646d4b7dd6efe6551ce47059804a85b93
Instruction Fuzzy Hash: 3BA110347001059FDB45FF28E894A6E77B7FB99310B508129DA069B3BAEB349D02CB91

Function 028F4A30 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9628a0ad99d4fad8bee33520e550495ec08608fc04d2aafc213b76006276fd03
Instruction ID: e14a076df409d2e5fc1c228d0da6e7adf6a2d50b97c8e4d35e613fc87f6ddfb8
Opcode Fuzzy Hash: 9628a0ad99d4fad8bee33520e550495ec08608fc04d2aafc213b76006276fd03
Instruction Fuzzy Hash: ABB18F79E005298FDB55CBA8C8806AEF7F1FF88300F14866AD655EB206D734ED52CB94

Function 0520F63D Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4600487533.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8820d94653a0981c0c5f321a8d52bac18c298b76a433000c1a566368d256dcb8
Instruction ID: fdd349207b362f7d712741b06501660333b9fd5e80bc073abc992a9bbde5e699
Opcode Fuzzy Hash: 8820d94653a0981c0c5f321a8d52bac18c298b76a433000c1a566368d256dcb8
Instruction Fuzzy Hash: E0B10D74B001558FD799EB28D598B6F77F6EB88300F5040A9960ADB39AEF349D42CF81

Function 028F4981 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01e2513cf12392788620115ba7466945539747c8cd8c50ab51687aae30117b4c
Instruction ID: 1e564620c747fc56e7758add7e2b180ec43ea52bdbd36c0695cab84239d3d9a6
Opcode Fuzzy Hash: 01e2513cf12392788620115ba7466945539747c8cd8c50ab51687aae30117b4c
Instruction Fuzzy Hash: 4D91B67AE0025ACFDB45CFA8C8806AEFBF1FF45314F148169D554EB206D7349956CB90

Function 028F4A09 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a033a7c5f9424acc9542da17c28be29573477cd636d4bf4cd7f7ba7f6d66cda2
Instruction ID: 629981664bcb0abb40f4feb31f69a9fd385b7f5ce90cf9b86d8634292f9a77b0
Opcode Fuzzy Hash: a033a7c5f9424acc9542da17c28be29573477cd636d4bf4cd7f7ba7f6d66cda2
Instruction Fuzzy Hash: FA81B479E046298FDB45CFA9C8806AEFBF1FF84300F14856AD655EB242D334E956CB90

Function 028F1AF7 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e925183616386e6273ab0f7bdeee599b6a90fe08fab2937589ef05e0a6af929b
Instruction ID: 85e6c67fefd7b6015cc8c1876edb70431770ff158f4bdd3b2a5df93e86e85f98
Opcode Fuzzy Hash: e925183616386e6273ab0f7bdeee599b6a90fe08fab2937589ef05e0a6af929b
Instruction Fuzzy Hash: 58611075E445458FEB4AEF6AE98468EBFA3EFC8300F14C56DC1049B29CEF7458168B50

Function 028F1B08 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8b7492b203b93fa314ba95769eeac3a55e2189b56f46f78b4ae35cfaecf67b2
Instruction ID: e5798cb19140f858bb842215ee76e9c99f7f270b8b635edead7b4d0780cdc6e2
Opcode Fuzzy Hash: a8b7492b203b93fa314ba95769eeac3a55e2189b56f46f78b4ae35cfaecf67b2
Instruction Fuzzy Hash: 19511074E405458FDB4AEF6AE98465EBFA3EFC8700B14C56DC1049B29CEF7458168B50

Function 028F6E71 Relevance: 5.1, Strings: 4, Instructions: 135COMMON

Download Yara Rule

Strings

e'o, xrefs: 028F6F08
&(,k, xrefs: 028F7044
}IIS, xrefs: 028F7156
('Y{, xrefs: 028F7054

Memory Dump Source

Source File: 0000001F.00000002.4589577448.00000000028F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_28f0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: &(,k$('Y{$e'o$}IIS
API String ID: 0-1374273654
Opcode ID: 796a7602b2dab2945f9eae1b16ba5ede69f307974c8da78fae40a5bba298439d
Instruction ID: c28f3233c7f2179af7196433c0642c405e6d01a73d55e122ee277c7e4d8a2d33
Opcode Fuzzy Hash: 796a7602b2dab2945f9eae1b16ba5ede69f307974c8da78fae40a5bba298439d
Instruction Fuzzy Hash: BE8144B0805A44CED349CF1A9589BE5BBE1BF89350F1A86FAC15D8F236EB708045CF95

Analysis Process: BtowsPlayer.exePID: 6036, Parent PID: 4004COMMON

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	15.5%
Total number of Nodes:	97
Total number of Limit Nodes:	10

Executed Functions

Function 02410E61 Relevance: 7.6, APIs: 5, Instructions: 100
threadprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,024109A7,?,00000001,?,81EC8B55,000000FF), ref: 02410E9F
Thread32First.KERNEL32(00000000,0000001C), ref: 02410ECB
Wow64SuspendThread.KERNEL32(00000000), ref: 02410F1E
CloseHandle.KERNELBASE(00000000), ref: 02410F48
CloseHandle.KERNELBASE(00000000), ref: 02410F7C

Memory Dump Source

Source File: 00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2410000_BtowsPlayer.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreateFirstSnapshotSuspendThreadThread32Toolhelp32Wow64
String ID:
API String ID: 2720937676-0
Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
Instruction ID: 82ffae0a5bb33a7a1f09c72904040bb63053f57f2f93c70d1811c8f63b8960cd
Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
Instruction Fuzzy Hash: 02411C71A00109AFDB18DF98C491BAEB7B6EF88300F10C069EA159B794DB74AE85CB54

Function 02410D11 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 02410DDD

Strings

,, xrefs: 02410E29

Memory Dump Source

Source File: 00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2410000_BtowsPlayer.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID: ,
API String ID: 2422867632-3772416878
Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
Instruction ID: 3e757c12948c851e1a1f2533fd467d981d08e08801305985ca228f3559a73c4e
Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
Instruction Fuzzy Hash: F241B474A00209EFDB14CF99C994BAEB7B1FF88314F208199D915AB391C771AE91CF94

Function 050E4E58 Relevance: 2.7, Strings: 1, Instructions: 1495COMMON

Download Yara Rule

Strings

4, xrefs: 050E5D9F

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: c43b497dd5c33b3c6cd967360ab79d1c8f033a30783582ffb58548412cab62f0
Instruction ID: 7254b842efc13e1089eaf1378a986f770ca5709638de74255022d050d394e334
Opcode Fuzzy Hash: c43b497dd5c33b3c6cd967360ab79d1c8f033a30783582ffb58548412cab62f0
Instruction Fuzzy Hash: 96E24078A00118DFDB55DF68E994BAEBBF6FB88304F508095E906AB354DB349D42CF90

Function 050E5345 Relevance: 1.9, Strings: 1, Instructions: 696COMMON

Download Yara Rule

Strings

4, xrefs: 050E5D9F

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: 4
API String ID: 0-4088798008
Opcode ID: e274ff586e27a7f1db0673cc6989b1b1df910770d040fc37be2a0b0828dfd8a8
Instruction ID: 8db3a6b4c5c9b2f0b00c5a1ad2ce55b380d38853d95d8b59907ea31cab641e9d
Opcode Fuzzy Hash: e274ff586e27a7f1db0673cc6989b1b1df910770d040fc37be2a0b0828dfd8a8
Instruction Fuzzy Hash: 97627274A01218CFDB65EF58E994BAEB7F6FB89304F508099D90A9B358CB349D42CF50

Function 02410751 Relevance: 1.9, APIs: 1, Instructions: 399
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 024109F4

Memory Dump Source

Source File: 00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2410000_BtowsPlayer.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: ab5d47d79a2d43a5b885d4cd1ac6413eb39dbc8d65d1c3a23088184392affe3b
Instruction ID: 7f4f696130917f73e5e70a92c368e10fcf56ab85376052f0401b988cb459f989
Opcode Fuzzy Hash: ab5d47d79a2d43a5b885d4cd1ac6413eb39dbc8d65d1c3a23088184392affe3b
Instruction Fuzzy Hash: EC12C6B4E00219DFDB14CF98C990BADBBB2FF48304F2482A9D915AB385D7356A85CF54

Function 050EC008 Relevance: .7, Instructions: 704
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec373a0a96563883f3167e89d400e06223b0256556131f1d62e14815fa61ab77
Instruction ID: b6b5e14f0b2e63596dba7c41dbdc5536a77930fb3b5808e1628abb90d4ec27bf
Opcode Fuzzy Hash: ec373a0a96563883f3167e89d400e06223b0256556131f1d62e14815fa61ab77
Instruction Fuzzy Hash: AA528275700144DFDB15EFA9E598AAE77F3FB88304F648029E9069B789CF359D028B90

Function 02855B30 Relevance: .7, Instructions: 683
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a76500a13c89717288d8255e8760bb0187226b33104d04fd0cf69153973cfb9
Instruction ID: e6b31db33f8f0b2816afa0676ef5514bfddcb174f913145d0cbe92a6c47e8f60
Opcode Fuzzy Hash: 7a76500a13c89717288d8255e8760bb0187226b33104d04fd0cf69153973cfb9
Instruction Fuzzy Hash: D8520439A00524DFDB15DFA8C984A69BBB2FF88304F5581A8E509DB272DB35EC51DF40

Function 051B50A0 Relevance: .6, Instructions: 559
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 332c900ef4b75de358a23d3cdf6854c83b3e8e5e7e286221c915df1bedb8ddfb
Instruction ID: 83f2b8fa29b477c4ca98673f569b2a40e74f16762e20be0ce9235a9124a3de33
Opcode Fuzzy Hash: 332c900ef4b75de358a23d3cdf6854c83b3e8e5e7e286221c915df1bedb8ddfb
Instruction Fuzzy Hash: 53327D34B00208CFDB25EF65E998AAEB7B3FB88304F608068D50697799DB749D46CF51

Function 051E1AA0 Relevance: .5, Instructions: 503
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c443f74cc665ef8391fc3de8da5241b0f0b705e0cc5b52d0f78ebd127985e6cc
Instruction ID: 162d4d9cf8988899166f26acb4adc9751b04c2c408e413b9e347ed43bf6e4529
Opcode Fuzzy Hash: c443f74cc665ef8391fc3de8da5241b0f0b705e0cc5b52d0f78ebd127985e6cc
Instruction Fuzzy Hash: F9126138B00204DFDB15FF68EA949AEB7B7FB89304B508528E406A7799DF349D45CB84

Function 050EBB50 Relevance: .5, Instructions: 487
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14bd7d9fb5cfb581aa47801fd85c77e63beca04b22b7dd02ec6c3a3e33dd4392
Instruction ID: 6cd3b93488b0c80a099dbc28c80332077a94f8613d7694231879ba526ba4c972
Opcode Fuzzy Hash: 14bd7d9fb5cfb581aa47801fd85c77e63beca04b22b7dd02ec6c3a3e33dd4392
Instruction Fuzzy Hash: EC12B075700144CFDB19EFA9E598A6F77B3FB88304F648028E9069B789CF359D068B90

Function 02851D80 Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8190b7eec92f6a294e8f0eba6d26f0165b1ac8508e474ccde3c8333bacb919cf
Instruction ID: 68fc66dc1c175e7172847091a05140f9cc023359103d9331dacc570c34a267dd
Opcode Fuzzy Hash: 8190b7eec92f6a294e8f0eba6d26f0165b1ac8508e474ccde3c8333bacb919cf
Instruction Fuzzy Hash: E9E1C239A00752CFCB06DF78D455B99BBF2FF89310B1581A9E845DB256DB31AC42CB50

Function 051EA710 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6c4557f9d254c63cd398f579fbb98bcd5b442a98562422b30d8774c51a7d88
Instruction ID: 5a64f6d804c75d5b220c9b53a071eb76316aaa79f98ff1cf50e91a121e558c6b
Opcode Fuzzy Hash: 6b6c4557f9d254c63cd398f579fbb98bcd5b442a98562422b30d8774c51a7d88
Instruction Fuzzy Hash: E3D19038B002149FDF09FF68EA549AE7BB3FB88304B508519D806A7799DF349D42DB85

Function 051EA6FF Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e34f1425e2f469ad2f87f3ca442348c92a3d7e6ef578a3c46532d27c847d949a
Instruction ID: cfdf0030b027e7ac00408fb7d6ab30075527d86db25822d1f0ccc0423cdad9a1
Opcode Fuzzy Hash: e34f1425e2f469ad2f87f3ca442348c92a3d7e6ef578a3c46532d27c847d949a
Instruction Fuzzy Hash: CCD1A338B006149FDF09FF68EA549AE3BB3FB88304B504519D806A7799DF349D42DB85

Function 028553C0 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b63462270ee026e0aeb7034aba288f3e55c28f2842fe592e682183df111224
Instruction ID: 2f91bcd65a617c2ad530de64b843ece25e32c1141d4c646a55e07c626498b63d
Opcode Fuzzy Hash: c2b63462270ee026e0aeb7034aba288f3e55c28f2842fe592e682183df111224
Instruction Fuzzy Hash: 76516A74A11245CBD70CEF6AE94669E7FE3BBC8304B00C929D008EB668EF7909068F45

Function 028553D0 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0784a0ed2d3c91e6ee3838549dbb1447359335df08d82395e49ea12bcfb60ee7
Instruction ID: 0538669eda659fbaeaf47de1238df8660fe8a4a0acadb47b90ada582f43a3ae6
Opcode Fuzzy Hash: 0784a0ed2d3c91e6ee3838549dbb1447359335df08d82395e49ea12bcfb60ee7
Instruction Fuzzy Hash: 7F516A74A11245CBD70CEF6BE94669E7FE3BBC8304F00C929D008AB668EF7909068F45

Function 0246F866 Relevance: 6.1, APIs: 4, Instructions: 99
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02471A84: LoadLibraryA.KERNELBASE(00000000,?,?), ref: 02471B16

VirtualProtect.KERNELBASE(00000000,0000000C,00000040,?), ref: 0246F8C1
VirtualProtect.KERNELBASE(00000000,0000000C,?,?), ref: 0246F8F4
VirtualProtect.KERNELBASE(00000000,0040145E,00000040,?), ref: 0246F927
VirtualProtect.KERNELBASE(00000000,0040145E,?,?), ref: 0246F951

Memory Dump Source

Source File: 00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2410000_BtowsPlayer.jbxd

Yara matches

Similarity

API ID: ProtectVirtual$LibraryLoad
String ID:
API String ID: 895956442-0
Opcode ID: 2e97600cb857c96b3e27a7ca78dc6b50189988e4741ea1636e9ebab3cfc04358
Instruction ID: 163bf1402bf706ccec3a7f330587d87a6c5b68b56beeec46673801f389ae8d7f
Opcode Fuzzy Hash: 2e97600cb857c96b3e27a7ca78dc6b50189988e4741ea1636e9ebab3cfc04358
Instruction Fuzzy Hash: 7C21B5B220420A7FE310AA669C48FB77A9CDB45304F04043FFB9AD1550EB69A90D8672

Function 02856D97 Relevance: 5.2, Strings: 4, Instructions: 176
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

('Y{, xrefs: 02857054
e'o, xrefs: 02856F08
}IIS, xrefs: 02857156
&(,k, xrefs: 02857044

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID: &(,k$('Y{$e'o$}IIS
API String ID: 0-1374273654
Opcode ID: 3610c231db04957df8d5f3d036c43e96dd905f891b44acdaf0bf74ae1700d3a6
Instruction ID: a36a7382ba530bd3ab9c87b00d9d7ee67adca3871da447ca29759396a4748366
Opcode Fuzzy Hash: 3610c231db04957df8d5f3d036c43e96dd905f891b44acdaf0bf74ae1700d3a6
Instruction Fuzzy Hash: B4A197B0806A448ED349CF1A9599BE5BFE0BF89304F5A81FAC14D8F236EB718045CF95

Function 02471A84 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(00000000,?,?), ref: 02471B16

Strings

.dll, xrefs: 02471ABB

Memory Dump Source

Source File: 00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2410000_BtowsPlayer.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: .dll
API String ID: 1029625771-2738580789
Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
Instruction ID: 8b1986b4a8d9f9723bd9aeb5cd95bc2a9b796ba23d7f200cab8078716016a1cf
Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
Instruction Fuzzy Hash: DC21E4326002858FD722DFADC884BAE7BA4EF05224F0940AED82D9BB41E730E845C750

Function 0246F961 Relevance: 3.0, APIs: 2, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02471A84: LoadLibraryA.KERNELBASE(00000000,?,?), ref: 02471B16

VirtualProtect.KERNELBASE(00000000,00000004,00000040,?), ref: 0246F999
VirtualProtect.KERNELBASE(00000000,00000004,?,?), ref: 0246F9BC

Memory Dump Source

Source File: 00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2410000_BtowsPlayer.jbxd

Yara matches

Similarity

API ID: ProtectVirtual$LibraryLoad
String ID:
API String ID: 895956442-0
Opcode ID: 31a2c6fb5a155253d75781cd9ceba9c7cc267d2f06376007566f6440306b8afe
Instruction ID: 916934e443107a002c81704ad7471e7ecf99985b5eca5c12bc65cf359ed9403f
Opcode Fuzzy Hash: 31a2c6fb5a155253d75781cd9ceba9c7cc267d2f06376007566f6440306b8afe
Instruction Fuzzy Hash: E8F081F22406047EE6119A65DC45FFB33ACEB45A14F00041AFB5AD6080F765E649CBB1

Function 024704C7 Relevance: 1.7, APIs: 1, Instructions: 183
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 02470658

Memory Dump Source

Source File: 00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2410000_BtowsPlayer.jbxd

Yara matches

Similarity

API ID: ArrayCreateSafe
String ID:
API String ID: 37945469-0
Opcode ID: 3a71c02433a8139c968cc3f30c4dd14e73a6b67554079fc4c70d085402dfb9e4
Instruction ID: f922a679b4b7497cb11a9d9a34f88cacb8e100b453ed7feec4897355d283a80d
Opcode Fuzzy Hash: 3a71c02433a8139c968cc3f30c4dd14e73a6b67554079fc4c70d085402dfb9e4
Instruction Fuzzy Hash: 08614971201246AFD724DF61C884FE7B7E8BF49705F04866AE969CB241DB30E949CFA1

Function 024706D6 Relevance: 1.6, APIs: 1, Instructions: 325
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 02470750

Memory Dump Source

Source File: 00000020.00000002.2514018725.0000000002410000.00000040.00001000.00020000.00000000.sdmp, Offset: 02410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2410000_BtowsPlayer.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
Instruction ID: 950c2e93dc9e543d186be273e1605b80e7b8479911ba98c4066e703638106ca3
Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
Instruction Fuzzy Hash: 56B1E072602A06EFDB21AE60CC80BE7B7E9FF55314F14152FE9A992240E731E550CFA1

Function 051BAF90 Relevance: .8, Instructions: 799
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b02e0aab4622159542b6eefb9fa4a8e4b15232a4f9e0a55c8af831586dfdf016
Instruction ID: 0be0d9b88f6945505d168a4a539f8b79e14dd03b6357845deb15d920a0ecdf2c
Opcode Fuzzy Hash: b02e0aab4622159542b6eefb9fa4a8e4b15232a4f9e0a55c8af831586dfdf016
Instruction Fuzzy Hash: 6582F874A00228DFDB65DF68D994BAEBBB2FB88300F5081D9E409A7355DB709E85CF50

Function 051B2AF0 Relevance: .5, Instructions: 476COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd3ccac5a329ab33ce502d88455e8d81974f81a695a40cbae3252727ef04381e
Instruction ID: b743f144eb2e443e3e858de52c3c2b911b39668ebf5ce87c9419d1f593f1270f
Opcode Fuzzy Hash: cd3ccac5a329ab33ce502d88455e8d81974f81a695a40cbae3252727ef04381e
Instruction Fuzzy Hash: B402BC783041458BEB18EF69E85967F77E7FB88300F518428E916CB789DF799D028B90

Function 051E1A90 Relevance: .4, Instructions: 359COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13a18680a4bce8aff8c70cb602a2bd27e157b129ea1d4f1bf544dfc384bfb945
Instruction ID: 6905857cf8febe0d3b9646c782a6c2a89cd5804a0360befbdcd99d6764ec1d34
Opcode Fuzzy Hash: 13a18680a4bce8aff8c70cb602a2bd27e157b129ea1d4f1bf544dfc384bfb945
Instruction Fuzzy Hash: C2E19038B00204DFDB14FF68EA949AEB7B7FB89304B508528E406A7799DF349D45CB85

Function 051BAF82 Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7722eebc74fb3c8f6821b8e3723035aeb343cbf4afc196b80da61d76e0d7468
Instruction ID: bf8e75acae355e71a74778f69c52ffc98d4f46e5316895723567ed588f97e82c
Opcode Fuzzy Hash: a7722eebc74fb3c8f6821b8e3723035aeb343cbf4afc196b80da61d76e0d7468
Instruction Fuzzy Hash: B7E14B74A00218DFDB25DB68D944BEEBBB6FB8C300F508099E509A7395DF749E858F90

Function 02858690 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3c2f25def7b0630c5684818273171ce248fd584fc5fe95e384d136f021ed05f
Instruction ID: 6d38690f0a7d04431ea196f0da410ded736a00d9dcdc4b6c4b9a3f688d28418d
Opcode Fuzzy Hash: b3c2f25def7b0630c5684818273171ce248fd584fc5fe95e384d136f021ed05f
Instruction Fuzzy Hash: 16B18B38A00614DFDB04EF29D584A59BBF2FF88314F11856AE809EB3A5DB71EC41CB94

Function 0285FC18 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e465de792fc69deb1f02ad88cf5cf8889e21f43709e95d95417cd9bbd97f666d
Instruction ID: 88427c081dd31fb554af6324e9ef009cf97edcc923de7d14899989fcaa29edf1
Opcode Fuzzy Hash: e465de792fc69deb1f02ad88cf5cf8889e21f43709e95d95417cd9bbd97f666d
Instruction Fuzzy Hash: 60A16D79600114CFCB15EF68D584AAEB7B6FB89314F508119E9069BB58CF34ED42CF90

Function 051EA2A0 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e1d81f1f920d1893637a84e7a831e5dedb49b9c7895deb4bc4d4625ecad8e56
Instruction ID: fc52e06d1328d27972c12abb16f494e5b4d6f791f0dc05d3ad52336fb4a86b07
Opcode Fuzzy Hash: 2e1d81f1f920d1893637a84e7a831e5dedb49b9c7895deb4bc4d4625ecad8e56
Instruction Fuzzy Hash: BF91AC38B006099BDB05FF68D698AAEB7B7FF88304F108529D40267789DF749D46CB85

Function 05204D3C Relevance: .2, Instructions: 215COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ef305fddde65885b1b8cf26775e8eb7625751bc0c243a566809e57fc2835e63
Instruction ID: f69721e10e50779c2b0b12a08be6b23281b4992e2ac64d7a061e2578d01c9ad8
Opcode Fuzzy Hash: 1ef305fddde65885b1b8cf26775e8eb7625751bc0c243a566809e57fc2835e63
Instruction Fuzzy Hash: D4B012B101A1804AC702D25088109517F516FB2204725C19E81458A4B3DB124D02C2A4

Function 050EE2E5 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3bc66835f39234667267e2f19689835025fd273000a091db5705491c5f7b6b70
Instruction ID: 719666bf5b3e4fc780be8aea8cb83e2bcbebd95c7b0ffebef8ddc490c0e7833b
Opcode Fuzzy Hash: 3bc66835f39234667267e2f19689835025fd273000a091db5705491c5f7b6b70
Instruction Fuzzy Hash: CF71C770315084EFC759AFA8E96957F37ABFB89204B908469E107DB7C9CF388D068B51

Function 051EA29B Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03720b8b11e7af071b1714e30deecc28adf2a01f65b191b85046e897b8ecc5e1
Instruction ID: 46f1d0e3a0171c49ea80629e80ec91978ec073dedc11690f4ad063baa4daf685
Opcode Fuzzy Hash: 03720b8b11e7af071b1714e30deecc28adf2a01f65b191b85046e897b8ecc5e1
Instruction Fuzzy Hash: 7671AD38B00A059BDB05FF68D6985AEB7B7BF88304F108129D40267B98EF749D46CB85

Function 051BEB90 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f9f91bf928987277d018a419234c87ae8f5d56cc91c888ed8eb31f75e2aa4ab
Instruction ID: 351a98f4aeb65a60063761084648693e1a636cc29f030ef20c99971a9a1d287e
Opcode Fuzzy Hash: 8f9f91bf928987277d018a419234c87ae8f5d56cc91c888ed8eb31f75e2aa4ab
Instruction Fuzzy Hash: CD81283A114500EFEB5AAF84DA48C95BFB7FF4C31470A8194E2055B236C773D8A2EB55

Function 050E3730 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfe7172a486f3af4414aaa320b0f08ef6bf3e723ba753cccb8209aa0773f00f1
Instruction ID: c9375d15aed9a3981e7fe872067bbd2440a13c66f7d59e385fc268e1fc939dae
Opcode Fuzzy Hash: bfe7172a486f3af4414aaa320b0f08ef6bf3e723ba753cccb8209aa0773f00f1
Instruction Fuzzy Hash: 6F51C1747002449FD708EF69E49866F7BE6FBC9314B50886DE506CB389DF389D028B91

Function 02858682 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e46d7be5ec25838d22fff395013121371ba8cbea0f5355f123870ec99db4427
Instruction ID: a8d62697d6be92f180d283928365a270e8e9011c85d5f8a16d137494bc1e5178
Opcode Fuzzy Hash: 1e46d7be5ec25838d22fff395013121371ba8cbea0f5355f123870ec99db4427
Instruction Fuzzy Hash: B5619D39A00614CFCB04EF29D588A59BBF2FF89314B158569E80AEB365DB31EC41CF94

Function 050E05E0 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eef84f07010c2be58c1a89cebffdc11cd12f2b862dc266a7cfe8cfc3f74f3a1
Instruction ID: 2d68ef5ad86002822fb51c309e5105c18e1bdf56840bd22f3666607181b41d86
Opcode Fuzzy Hash: 0eef84f07010c2be58c1a89cebffdc11cd12f2b862dc266a7cfe8cfc3f74f3a1
Instruction Fuzzy Hash: A35183347002449FDB14EE69E998B6F77B6FBC9314F508029E906D7788CFB49C058B91

Function 0285C770 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfefd4f32db4bf0431fce5e0f83008706cfcfe52fec0ff65e1260ef59a0d451e
Instruction ID: b5e634f78581e8ba041aaf2b4042733501b1390112453339672ac3004229800e
Opcode Fuzzy Hash: bfefd4f32db4bf0431fce5e0f83008706cfcfe52fec0ff65e1260ef59a0d451e
Instruction Fuzzy Hash: 63511E76200100EFCB49AF98D949D6E7FB7FB8C3147558098E6068B37ADB35D912EB50

Function 051BD2A8 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c2ac1a7b44f609c2872e2965f655effbb6fe03ce39d125e66c6554c5f258f82
Instruction ID: c85283bcd20dd54a853c7f7ca7e72889e73ef387bd457806a0aa0a47980238d3
Opcode Fuzzy Hash: 0c2ac1a7b44f609c2872e2965f655effbb6fe03ce39d125e66c6554c5f258f82
Instruction Fuzzy Hash: D4315079700104AFDB09EF54E944EAE7BB7FB88314F148564E9069B36ADB71E901CB90

Function 051B6F90 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bed69f8272d3e64b4d522474ffec271eced8aa34750dec17241d16cd3ef19ab9
Instruction ID: fcd59a5963a8b295967d4062892fa6b653ff277bed6f1be0a9278d5d277a9dbe
Opcode Fuzzy Hash: bed69f8272d3e64b4d522474ffec271eced8aa34750dec17241d16cd3ef19ab9
Instruction Fuzzy Hash: E741BD79700100DFDB16EFA8D989AAE7BF7FB8C700B048054E606A7398CB348D018F95

Function 051B6FA0 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ff7061398f24971cdb5607870af3dd1db5ac52346125a01c95a1ac3e8d015c3
Instruction ID: c2edecfc09dfeb540f8ea44fe5f2b607912acd90899cdfa645628b323f716cf2
Opcode Fuzzy Hash: 9ff7061398f24971cdb5607870af3dd1db5ac52346125a01c95a1ac3e8d015c3
Instruction Fuzzy Hash: 77418C38700104DFDB16EFA8D949AAE7BF7FB8C700B448058E606A7399CF358D018BA5

Function 028518ED Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24b55846e4d39385ad51bad62e5b2807e1048fa960737c70a6bc3717d12fcf62
Instruction ID: a7fe70008e6154b964eefd3f945c98066c65da72e10470f70ce72c61bb6acd2f
Opcode Fuzzy Hash: 24b55846e4d39385ad51bad62e5b2807e1048fa960737c70a6bc3717d12fcf62
Instruction Fuzzy Hash: 5D41E538A00118CFCB44DF68D498AADB7F2BF8C311F6640A9E90AEB361CA359C41CF51

Function 051E7AA8 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c910b7d9ea7a81f141e09e73cf50f9d1efe06a75d7a4af19c3354d19e4f0a64
Instruction ID: 819b404794671dee0e9186b83ee45e45fca863e5944db40ca878d84595133869
Opcode Fuzzy Hash: 1c910b7d9ea7a81f141e09e73cf50f9d1efe06a75d7a4af19c3354d19e4f0a64
Instruction Fuzzy Hash: 5F2135367002148FC704EBBAA8405AE7BEAFBC4264B1580BBDA09D7381DF318D0293D1

Function 051E7BF0 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b0674aa6213e447b9cb340887ad6e30432e3f7a2a00c7a375ddc1f1a0e99799
Instruction ID: a364f397e1d4064b3b7fb4ddee8b931c12440da14f6b14c1af990ce1ee6f410d
Opcode Fuzzy Hash: 7b0674aa6213e447b9cb340887ad6e30432e3f7a2a00c7a375ddc1f1a0e99799
Instruction Fuzzy Hash: 3A314F72600159AF8F028ED59C50CFFBFBEEB8D210F044466FA55E2151DA3ADA259BB0

Function 050E9AD8 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7454c2b04b44ebeb81d480cb6f77975066d127536c8886aa600559eae1aa6ea2
Instruction ID: 900ce7cbcf831114258f34e4c4cf0b549ca690dc282ff0f96ef3b96c591db555
Opcode Fuzzy Hash: 7454c2b04b44ebeb81d480cb6f77975066d127536c8886aa600559eae1aa6ea2
Instruction Fuzzy Hash: 4C3187743042899FDB46EE29E985AAF3BEAFF89240B648455FC05C7394CB34DC51DB20

Function 051BD298 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 985c2d2d541cfe5319e4b786f5118201c801f2d8b78294eb124c7bfaa959b578
Instruction ID: 8fb64fd210713477dbeb6d923d9873264e7ebad4d2d678644d79139d3867bb29
Opcode Fuzzy Hash: 985c2d2d541cfe5319e4b786f5118201c801f2d8b78294eb124c7bfaa959b578
Instruction Fuzzy Hash: 4521BD36600104AFDB09EF94E984EAE7BB7FB88310F054164E606AB266DB31D911CB90

Function 0285D180 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fee04fd55301d951d228f8c258b50932744f33ee7722e1a423ad2b3bb015d8c
Instruction ID: e64083a5bdba601abb6220aafe47cb0f3dac26412f1a753ce288c6e05baf8495
Opcode Fuzzy Hash: 8fee04fd55301d951d228f8c258b50932744f33ee7722e1a423ad2b3bb015d8c
Instruction Fuzzy Hash: 81319F75700149EBDB15EE98D8589AF7BBAEB8D314F508118F512E7388CF38AC028F90

Function 051B4A90 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee291e7fb56bc3438f47f1c13b16eca28ad059e03e1e86b8d76606a9c7dbfadd
Instruction ID: cead769ecb368470ab5d2a8e97b8494d006aa7503879a569e297cd5455ffd152
Opcode Fuzzy Hash: ee291e7fb56bc3438f47f1c13b16eca28ad059e03e1e86b8d76606a9c7dbfadd
Instruction Fuzzy Hash: 94316D75A001099BEF14EB54DA85BEE77F3FB8C304F508194E602A779ACBB59D01CB94

Function 0285F2E8 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d3d6aac78697788e4a97e2216836a47bd010feb330f0c3cde988349f917e523
Instruction ID: 49811f1963023069987c2894ec9bc3e96f5cc4a5e93fffd62ce728e338fb61ad
Opcode Fuzzy Hash: 6d3d6aac78697788e4a97e2216836a47bd010feb330f0c3cde988349f917e523
Instruction Fuzzy Hash: 2421E5387012449FDB10AA69D8457AF7BE2EB8D704F108028EA06C7789DF388D02CBA1

Function 05204F18 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83f94f93ee25b9c5b07486c5ec0cf5b4aa07c0d5408acef265f5bfb97e6cac5a
Instruction ID: 86e752fa6ae4122ab205af64dd8e6c1d604ccfa0e34dfbf2deb1748a92332f28
Opcode Fuzzy Hash: 83f94f93ee25b9c5b07486c5ec0cf5b4aa07c0d5408acef265f5bfb97e6cac5a
Instruction Fuzzy Hash: 0F110B327161125BEB19DA65A844ABF7796FFC4B24B10803AF609C7681DF219C0643D0

Function 02858500 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 017116858c283c7efd4785442002f5054ed99ab81effdbed606351f72804a6d7
Instruction ID: 3afe77450db5affce2d7a55aa6989930013ce27af4145507a1a9809273d9db38
Opcode Fuzzy Hash: 017116858c283c7efd4785442002f5054ed99ab81effdbed606351f72804a6d7
Instruction Fuzzy Hash: 4021C4397052808FDB06AB39E45916E3BB2FBCA314755809AD802CB78DCF3C4C078B96

Function 0285FB78 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8ed85482c3cfb0d57420623c004c5a340f745122eac0be53fd29295b7052f5d
Instruction ID: 9e1aa036f9b2aa98f9388fb0bcec2eb0d013e5a7706c13fd942c0d06f9a7d4aa
Opcode Fuzzy Hash: b8ed85482c3cfb0d57420623c004c5a340f745122eac0be53fd29295b7052f5d
Instruction Fuzzy Hash: 021106366086559FC702CBA8D850546FFB5EB4A32070682A7D958CB651C731EC06C7D2

Function 02858530 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f25bbdc6937a58cfdda5cc497a9bfd7413a86f0bdf781df997d9a78c741efb4
Instruction ID: 5d6d73c3b22efc2de774e53713ea0a894bc6d22c315190a6f24767fd44b7fe15
Opcode Fuzzy Hash: 2f25bbdc6937a58cfdda5cc497a9bfd7413a86f0bdf781df997d9a78c741efb4
Instruction Fuzzy Hash: 86116A397001549BDB09AB69E05816F3BA3FBC9714B94C029E906CB78CDF399D068BD6

Function 051E8C8B Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05cfba9eeeb00e836e37f76c7ebf60ddfc2a36631298a93511a5d08a92ca5b1f
Instruction ID: c6de37b2d7b07fa1b644e4f864d5c466a01f4d6c8ff2927eb7f360ec628ac2ac
Opcode Fuzzy Hash: 05cfba9eeeb00e836e37f76c7ebf60ddfc2a36631298a93511a5d08a92ca5b1f
Instruction Fuzzy Hash: DC112676704200ABE705DE58E881AAFBBEAEBC9760F14842DF449C7345DB329C07C7A5

Function 05205EF0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcd04f8176a4963fcbc5f803fd0e10d12d229f3fbfe54fa4105e42206eebd8bb
Instruction ID: 25f385c19143093ebc6f721206904f62361ba33f0f1a1ecda80dd4a1eae9c0da
Opcode Fuzzy Hash: bcd04f8176a4963fcbc5f803fd0e10d12d229f3fbfe54fa4105e42206eebd8bb
Instruction Fuzzy Hash: 0911E035A102489FC704FFBDF4490AE7BB6FF89300B40456AE506E3688EF70490A8BD2

Function 051BC480 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 832e3b30258c9c350718a1f63cdc95c5e06abe08f4716d27c284a66a1aa1e83a
Instruction ID: 33483d5824de92bbc9c6dd6f32bfff0dbbadf3cf6d5e533b5a590608351e62cd
Opcode Fuzzy Hash: 832e3b30258c9c350718a1f63cdc95c5e06abe08f4716d27c284a66a1aa1e83a
Instruction Fuzzy Hash: F911C231200205ABDB15EE48E884FEF7BABFBC4314F408528F6068B659DF74AD458B90

Function 028564C0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455deb2970c1833425912946f7ca7c02b953f0b491611f19874240287a56d8d0
Instruction ID: c6352b49d15bce938ad4bcd4b420c40953774af5b42f6f753253a2bd6c6643b3
Opcode Fuzzy Hash: 455deb2970c1833425912946f7ca7c02b953f0b491611f19874240287a56d8d0
Instruction Fuzzy Hash: 64112975A092849BC70ADB64D8623AD7B76EB81304F54C0D9D405CB29ADE369D02D741

Function 0285B370 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52f6855bdcae50479e2f4177a76bf011a3cd4e5129a66ad8bee308ab9c55e9ce
Instruction ID: f6f5c4c7a0532713e9ee31136b63524b716aa2ef932e08cf1b6d18681649c47c
Opcode Fuzzy Hash: 52f6855bdcae50479e2f4177a76bf011a3cd4e5129a66ad8bee308ab9c55e9ce
Instruction Fuzzy Hash: 45117334710158C7DB15AB59D4597AF7AB2E7C8715F508019E403A73C8CF784D0697E5

Function 05205F00 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22aab271c218c7e9da418dae11aaf37a12024cdee3cae33c928082c03f9b89f1
Instruction ID: caadafe7064c20765c0a9ea07e872b45cc7d322351881faee3a4ff5095dbe510
Opcode Fuzzy Hash: 22aab271c218c7e9da418dae11aaf37a12024cdee3cae33c928082c03f9b89f1
Instruction Fuzzy Hash: 5211E135A101089FC704FFBDE9490EE7BB5FB89300F404569E106E3248EF7019058BD1

Function 0285D960 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3af6f8a3fa9f7c4bda7cad5d119ff7ec2ebe3151ada4a92521440da1b4665903
Instruction ID: 26d34367e6eb3ef9b37e25e97f184fd3dcdab80bc1e856882406aef466544987
Opcode Fuzzy Hash: 3af6f8a3fa9f7c4bda7cad5d119ff7ec2ebe3151ada4a92521440da1b4665903
Instruction Fuzzy Hash: 8C01A736305155BB8F166E9AFC888AF7F6AFBC93247508039FA09C7348CE358C159790

Function 02856DD7 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d46076ffecff8764e932542040eb10e24c956bb73efa3286cd9ffc631b6c27
Instruction ID: cd71345d86f37296e3bc058c7f525a334e4d01270af7f35cb542c2dcd7c3b7f3
Opcode Fuzzy Hash: b6d46076ffecff8764e932542040eb10e24c956bb73efa3286cd9ffc631b6c27
Instruction Fuzzy Hash: 57F0F63240E3F19ED7076B78AC763853F64DF47248F08809BC585C6167EE6D800A87AA

Function 051BA620 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f68dc6cdb86364daa3db1734107afc683311cf4687b9aa22451b211ef6909ee1
Instruction ID: 12bf6c77ce544cf0e754a02bfe29bb49f2b1d71b62fbf25ef7ac5e9ce6ee5652
Opcode Fuzzy Hash: f68dc6cdb86364daa3db1734107afc683311cf4687b9aa22451b211ef6909ee1
Instruction Fuzzy Hash: B501D2347092889FCB15EBB8D8556AE7FF6EF4A600B1084FED409D7282DF305D058B81

Function 051BA7F2 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4de5ef8d0bc2c0442ae61e339ca747bbd1004c06d6fdef9b50fc74d10975f7ec
Instruction ID: b982970a0f8fe0f2ca3ac7540ab49c0a4fcdcfb3de6d1a46a56a3eab8825ebdb
Opcode Fuzzy Hash: 4de5ef8d0bc2c0442ae61e339ca747bbd1004c06d6fdef9b50fc74d10975f7ec
Instruction Fuzzy Hash: 2BF0467270414017E321956EDD86BE7BB9AEBCA610F688079F10DC7786DA29EC03C3A4

Function 051B2259 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebe88cf4ddd7fc7f20875f45b15f9f26f72f72319ce16fa6190efddd7847b7ce
Instruction ID: a963f8baf418d92844cbaf21407d8123f08e40a231245beda15dcb9421433bb2
Opcode Fuzzy Hash: ebe88cf4ddd7fc7f20875f45b15f9f26f72f72319ce16fa6190efddd7847b7ce
Instruction Fuzzy Hash: 2CF0F07A600158AFCB00CEE9E811BFA7BE8DB89210B088096F958D7201CA35CB019BA0

Function 051E51A0 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f03abd67c2b8db78b7572ada7452f2bf52dd2caf78d449f19529155837fbe0e
Instruction ID: 853c5084db7a003d148b1be29a37ca830f13376faa4c9c9741d5d9598185cd87
Opcode Fuzzy Hash: 2f03abd67c2b8db78b7572ada7452f2bf52dd2caf78d449f19529155837fbe0e
Instruction Fuzzy Hash: 54F0E938700758DBEB3576A8EC04B6F33A7EB84659F114026EE0687684FF64DD01CB95

Function 028517C1 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94d27d271ccd5427d8408a46f81b69260d0bf8ab1d26841eed7ea0c9cd08543f
Instruction ID: 96660a0c343e6d3177d09d64ff7a016ae164b08e817fe6edad67e48ce483ab1d
Opcode Fuzzy Hash: 94d27d271ccd5427d8408a46f81b69260d0bf8ab1d26841eed7ea0c9cd08543f
Instruction Fuzzy Hash: ECF0F63A7003449BC7019BA8E809F363BE5EBCA714F0A80A5E506CB3C6CE249802C761

Function 050E9A70 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc72b412c8af6200ce5728a2c1135944be993a1fa288585fcde7a98d1f46dcb6
Instruction ID: fbbe4ba443612307adde89f96825484b4ef730c8524c739cd5f0e00114c7b05a
Opcode Fuzzy Hash: cc72b412c8af6200ce5728a2c1135944be993a1fa288585fcde7a98d1f46dcb6
Instruction Fuzzy Hash: D3F0FF72104198BFDF438F94CD10CFA7F7AEF0D251B099086FDA495161C276C961EB60

Function 051B5FF1 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb9027f6569ae85fec959abadf0054983f3bc6f90324b6e9dd981ebcd7f39523
Instruction ID: c40c524a0ce73fdbae1b7396869fd0b72ea313a4e42d3691b6d018ecc6374a02
Opcode Fuzzy Hash: eb9027f6569ae85fec959abadf0054983f3bc6f90324b6e9dd981ebcd7f39523
Instruction Fuzzy Hash: E1F082B22080509FC255DA5CE891EAFF7EADBC8600B58C55AF145D738ACA69DD03CBA1

Function 051E5190 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bc060f455466971d890f27e4c6c1e3e6cf8ea028a392d1468a6871c0280510d
Instruction ID: 2e1b15708d27ce0f9acbb4025837f1c5f4d9a1dba14b9439635e1f8056e6c6a9
Opcode Fuzzy Hash: 2bc060f455466971d890f27e4c6c1e3e6cf8ea028a392d1468a6871c0280510d
Instruction Fuzzy Hash: D0F05938309780CFEB366764AC14BAF3763BB85219F254066E9028B6C9FF649C02CB45

Function 028517E7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a447273e1ea2da6fb5f5f6dfcd90ecf7f0c06e1b2b162dec7b4654d831c4ea5
Instruction ID: 0acc4bf4c8aa799f56e06d4afc7b20e2ac902db59a0fb78ff10ce29ff406cc24
Opcode Fuzzy Hash: 8a447273e1ea2da6fb5f5f6dfcd90ecf7f0c06e1b2b162dec7b4654d831c4ea5
Instruction Fuzzy Hash: B9F0E9366403445FC2049758EC54F763BA9EFCA619F0940A6ED0ACB283DE555802C7A1

Function 051B6A50 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45ebd25b3f37a4b5437c773e25228150ea534bc540eb249e63310921115a1b95
Instruction ID: c05df46bbd13f4f01544ae3827ba3fcf6f6e0960b67c4703d9a1b230970397f1
Opcode Fuzzy Hash: 45ebd25b3f37a4b5437c773e25228150ea534bc540eb249e63310921115a1b95
Instruction Fuzzy Hash: 3EE061B63071110BD732242D6C4877FABA5DFC5510370413AFC05E7385CB588C428791

Function 051BDD09 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcb3e8ac3458e2642e96c5d32e4d0e7f5cd3f7285476b7423ec5120bf03e5f31
Instruction ID: 3ae104ce4f5521dd07a802af4115becb25fd00b980f360d19437c394fc464a26
Opcode Fuzzy Hash: dcb3e8ac3458e2642e96c5d32e4d0e7f5cd3f7285476b7423ec5120bf03e5f31
Instruction Fuzzy Hash: E0F09837110114BFCB069FC4DD41DA5BB66FB88320B09819AFA189B232C737D921EB50

Function 050E8500 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 451ae619ff46e5bad0493aecc155cd35f6135ea69892f2b692bc4afd2403b581
Instruction ID: 4064a242583c9ac16355a2376296eb3124898eb265d228203d1db1273e76a05c
Opcode Fuzzy Hash: 451ae619ff46e5bad0493aecc155cd35f6135ea69892f2b692bc4afd2403b581
Instruction Fuzzy Hash: D1F0E5323103089BCB60AAADFC04B7F76ABAFC6B54F348025B605DB684CE609803C765

Function 050E84F0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c333a6467b7144baa47b9f2c4a736419a0d5fde548c9bdc44a4a2b1603c3410c
Instruction ID: 42e0261976fc451fa037f583e6827a098285014f7ba8d324b2f600376f6ce3ab
Opcode Fuzzy Hash: c333a6467b7144baa47b9f2c4a736419a0d5fde548c9bdc44a4a2b1603c3410c
Instruction Fuzzy Hash: 97F027723043809FCB229B6CE91577E3BAABF46211F2940AAE505CF0D5CE208807C722

Function 051E8CC8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6afe02c7884c7f19b246d0bd3b5679156e0a55d2830bb9d6938558b5305cebc1
Instruction ID: 8e91c5035d6625951eee4fef71558bcaa790449ba846c71a0383261a26fad21b
Opcode Fuzzy Hash: 6afe02c7884c7f19b246d0bd3b5679156e0a55d2830bb9d6938558b5305cebc1
Instruction Fuzzy Hash: 4AF0E535300104AB8705AA4EE884CAF7BAFF7CC360750C439F50A83744CF319C0587A4

Function 050E3758 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12616b28bc6ecaae2bbc38a7b2519908722129a0ca07676af770d46ad769b103
Instruction ID: b0a2d8b942244aa0bd22f640390a7d33364fc56be4b66391172635e4f9feed36
Opcode Fuzzy Hash: 12616b28bc6ecaae2bbc38a7b2519908722129a0ca07676af770d46ad769b103
Instruction Fuzzy Hash: BFE0D83D70A3501F93061699789447FBF7BEBDA2A531901A7F808D3395CD154C02D7B1

Function 050E9C68 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8390d432d810ba89e999d4ada2b59998407574b86176e09827cb976e48fca002
Instruction ID: bbbbc444afcecb0865876810f111cff6f39b56b4b991162aac2565fa37401940
Opcode Fuzzy Hash: 8390d432d810ba89e999d4ada2b59998407574b86176e09827cb976e48fca002
Instruction Fuzzy Hash: F9F012711042987FDF428E94DC11CFA7FB9EB4A264B0A8086FD9496152C636DD22DBB1

Function 051B2291 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d654e1831ae76276e956493cedeea135e2fd61d7882e3ff1a24adba4218d8a32
Instruction ID: aeec4fedeb8886f7c39f39b8dac1692680d30b4cec7b9c5b48acaccc59edaec9
Opcode Fuzzy Hash: d654e1831ae76276e956493cedeea135e2fd61d7882e3ff1a24adba4218d8a32
Instruction Fuzzy Hash: 52F0A0721000982FCB018E85DC51EF77FACDB4D111B088046B9A4C6241C569CA119BB0

Function 051E26BB Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80ec1a0701aa5aa050b5cc0d4f3c2cae4889814720f187c26f21319867b50802
Instruction ID: a3222ff7a4aeb85093b834d847870d4ad1bfe79c5594467507f333ef9c732c45
Opcode Fuzzy Hash: 80ec1a0701aa5aa050b5cc0d4f3c2cae4889814720f187c26f21319867b50802
Instruction Fuzzy Hash: D6F05E315106089FCB01AE68D8019E97B79FF4A310F01825AFC0467210EB32E995CB91

Function 051E7B93 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4d24b7db45b640f33ba7a2aac070a3823640e0ed135c6a2fccc31ffbbc0fc7
Instruction ID: edeb13d25ab48613c0a6d8f1dfe8d152c9a2158df2b75ed62296731d4f133557
Opcode Fuzzy Hash: 0b4d24b7db45b640f33ba7a2aac070a3823640e0ed135c6a2fccc31ffbbc0fc7
Instruction Fuzzy Hash: BBF01C721041987FDB428E95CC10AFA7FADEB8D215F088056FD98C2141C53AD921ABA1

Function 05203C00 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d15df50a052d3171278ff228af75fc92f218559544a93709d581e15e7093351d
Instruction ID: e1d99587b000caa8dead3dd9261bc096a1d2add9369c7190eb08efb82e01d0b4
Opcode Fuzzy Hash: d15df50a052d3171278ff228af75fc92f218559544a93709d581e15e7093351d
Instruction Fuzzy Hash: D5E06D359181049FDB01CF54E901A6AB7E6EF85B00F0086AEBC0493210DB329D16CBA3

Function 051B1FB8 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c7055548c9641f9b3252a2890aa9051bdd5dbce14335ca48999c4e5ce36d319
Instruction ID: 4b1d31cb67f5eb94d60a74fbc0819f4ec3bf380b4222cd531ed3b742214cc92e
Opcode Fuzzy Hash: 4c7055548c9641f9b3252a2890aa9051bdd5dbce14335ca48999c4e5ce36d319
Instruction Fuzzy Hash: A0E0867310419C2FC761D999DC51BF6BBECCB4E122F08C157F999D6341C969DA0297B0

Function 051E7BA0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
Instruction ID: 704a75d8dcbbdfedf44427af84db028faf61110e9c107736e094e3b967943e86
Opcode Fuzzy Hash: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
Instruction Fuzzy Hash: 81E0ED721041987F8B41CE95CC10CFA7FEDEB4D265B088046FE98D2151C576DD21EBB0

Function 028571A8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a16640a2b4b051a06f876169206c0b00e427abad8eb9785e8f0532ef5130523
Instruction ID: 67b922be598fbec4b987db5dd6d07a79b4985fe0c0f06ce7f2fc5020eade92f1
Opcode Fuzzy Hash: 8a16640a2b4b051a06f876169206c0b00e427abad8eb9785e8f0532ef5130523
Instruction Fuzzy Hash: C3F030745152489FCB04FB64EA5165E7BF6BB86304F400458D509D3219EE751E01EB81

Function 050EFCD0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1aa9aa37b27720ca3cab4e25c23b33dab7bae09cf969bb085a57d64ee271d14
Instruction ID: d3f30bc3091b0dbefb51a81d9cbc39f9a60eb24f9e1156e57127f46135567b3a
Opcode Fuzzy Hash: c1aa9aa37b27720ca3cab4e25c23b33dab7bae09cf969bb085a57d64ee271d14
Instruction Fuzzy Hash: 43E09A37100119BFDF068EC4ED41EEA7B6AEB5D360F04851AFE1896211CA76D962EB90

Function 051BC568 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d957b31fd468c962ca3985c86f5131f8ecba61f8d60a2e04344e392982ca784a
Instruction ID: fb05824ec443cbdca531b1281f4bf236d0c0c35a6aa9c38e72b8752a63497f89
Opcode Fuzzy Hash: d957b31fd468c962ca3985c86f5131f8ecba61f8d60a2e04344e392982ca784a
Instruction Fuzzy Hash: 86E0DF731000186FC700CE84CC01BF63BADDB99221F08800AB948E2241C636DD22DBA0

Function 050E3768 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d6d073b31663a6186dd206e0fbb00f11ed9b696b0d6c1a908e79f0ebc1a1995
Instruction ID: 0a47c3774fec714d23d9ec2103d09cc2f8dde6f7aeed2662148bfef006ea5fc9
Opcode Fuzzy Hash: 7d6d073b31663a6186dd206e0fbb00f11ed9b696b0d6c1a908e79f0ebc1a1995
Instruction Fuzzy Hash: FFE01239301214675615659AB88483FBBAFEBCD6B53544126F909C3344CE555C1286F5

Function 051B22A0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
Instruction ID: ab42ce4db648e4beb32346b8b6c2f302b8672c3b12da0919521848ec76e6fc6f
Opcode Fuzzy Hash: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
Instruction Fuzzy Hash: 83E04F721040A87F8B41CE99CC10DFB7FED9A4D111B08804BFDA4C2242C57AD922EBB0

Function 051B5F68 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d1d4f4fd15a4e5b3037511be4eaceffdaf56522650e3c0fc4cafb624c680fa4
Instruction ID: ead27ff9bc1a08492f9f596618de90802fd401995ef5d3d69528d17c85b70e82
Opcode Fuzzy Hash: 5d1d4f4fd15a4e5b3037511be4eaceffdaf56522650e3c0fc4cafb624c680fa4
Instruction Fuzzy Hash: 89E022A22480809FCB16CA1CE84072F77E29BC9200F1484A5F041C764ECA28C8028B40

Function 02851840 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a8ab4e011c6a1abf5a1e27f25ca75de00d46c998ad5ddfe9d65d081b07bf536
Instruction ID: bcd5754ccfff168e7ae881fe4f1f3a544ae335e36aaba30f0c5f3b3f042e753f
Opcode Fuzzy Hash: 0a8ab4e011c6a1abf5a1e27f25ca75de00d46c998ad5ddfe9d65d081b07bf536
Instruction Fuzzy Hash: FBE06D39609A905FC3069B7CA85499D7FF0EF4F210B4540EAE44AC77A3C6259C06CF51

Function 02850878 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 734f664c48b59b571cda194a9f0db909db66aee75d0bf81d1f9557b52e9c79fb
Instruction ID: ee6e1a4b121faf92833d0a7beb14c98f412344e1ab4a11bf1220059932a63a84
Opcode Fuzzy Hash: 734f664c48b59b571cda194a9f0db909db66aee75d0bf81d1f9557b52e9c79fb
Instruction Fuzzy Hash: 96D0526A04E7E84F8B1302A42810BA17FA8CD072B930B11E3DC84CF5A3860A8C49C3F2

Function 051BDEE9 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb7eaed84cf765ae4c273d4f5b5fbe9c44b7debea7b744aae3f9eb0e4fbf365a
Instruction ID: 299f591442a5907aa4d2a40bbff0a33f801813ed5824e7223a093473f9103145
Opcode Fuzzy Hash: cb7eaed84cf765ae4c273d4f5b5fbe9c44b7debea7b744aae3f9eb0e4fbf365a
Instruction Fuzzy Hash: BBD01772804108AFCB21EBE8D9417DEBFBADB48210F9102B59508E7300EE39AB005B82

Function 051EAD0B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fe881f4e538d5261b30772029c5381cb629c382349b6402aedb8cbd5e39ba98
Instruction ID: fafb2e647375dd22451c62ca28c0693e46e82c48a8265b657a8fc6403ae5c6df
Opcode Fuzzy Hash: 8fe881f4e538d5261b30772029c5381cb629c382349b6402aedb8cbd5e39ba98
Instruction Fuzzy Hash: EFE08C36100158AFCB01CE88CC11AA67B69DB89220F28845AFD5487342C6B2EC22E7A0

Function 0285BB80 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ba35b7d19d1d781b6c38bee631a43ff5e6c1d761f4f9ba558a0f24780ba4039
Instruction ID: f8dde0ae6b5de70220ddc7f5155df7607295c5d23a366be77766fd386ed7430a
Opcode Fuzzy Hash: 0ba35b7d19d1d781b6c38bee631a43ff5e6c1d761f4f9ba558a0f24780ba4039
Instruction Fuzzy Hash: 02E01238610218DFCB04FF68EA4156E77F7FB84318B504568D909D7649EE725E01DB85

Function 0285D0C8 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05a306bd26db7440935838441e481477cf1844676f1d635c9e4676a8d2862d49
Instruction ID: f7812f24cfdc3acea8607f594a113717b67b3e646b3188e9063bef58abc17616
Opcode Fuzzy Hash: 05a306bd26db7440935838441e481477cf1844676f1d635c9e4676a8d2862d49
Instruction Fuzzy Hash: EED0C236310114B7C705698DE804EAF3B5EF7C9720F448026F20687244CE759C025BE0

Function 051E9F7B Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dffa65568244aaf10789a171cbe68f01f8336b4e407c32ddf52b099325769e18
Instruction ID: f4319d7f01492f1d6ca68ca7514b8fb2a26e72c4e39e3b38f254c3618a96be8d
Opcode Fuzzy Hash: dffa65568244aaf10789a171cbe68f01f8336b4e407c32ddf52b099325769e18
Instruction Fuzzy Hash: 20D05EBB81010CABDF41EEA8CE4175EBFFAEB45200F9409A59518E7311FB399B116792

Function 02851888 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fd5eff70043824f7485fb1a800fdb835f5bfa4ad2bcbe81319f6b2fea4979ba
Instruction ID: 1fa75668eb9dac4adfc6e46e7765aa75bfd573b413d12d296d17a94169c3d677
Opcode Fuzzy Hash: 1fd5eff70043824f7485fb1a800fdb835f5bfa4ad2bcbe81319f6b2fea4979ba
Instruction Fuzzy Hash: 83E02B357893949FC7015B78D81858C3FF6AE4B11134400E2F885CB333EE108C05C7A1

Function 02850888 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5cb54e22d8c2ef7d2bd7f1bfd64796a0ac1c87e32fb7fc9f34ddcb9316c038a
Instruction ID: bf0b7518f5a2066524270a2e517ab52ddb65fa57bf06fefaab50df79357d9715
Opcode Fuzzy Hash: c5cb54e22d8c2ef7d2bd7f1bfd64796a0ac1c87e32fb7fc9f34ddcb9316c038a
Instruction Fuzzy Hash: 93D05B3D74463CCF825957699C04D297795AF8E76530505A4ED09CB321CF38DC41C7D0

Function 028571B8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67c81505362998330a690e26aa589ad8178113264045f56877d6dfa502a77153
Instruction ID: 0d4426653b1c39f564752a83832a6048b1f688de8a1320d264d953252f2fc5ad
Opcode Fuzzy Hash: 67c81505362998330a690e26aa589ad8178113264045f56877d6dfa502a77153
Instruction Fuzzy Hash: B8E01A78610208DBCB04FF68EA4145E77FBFB85308B40046CD909D7208EE322E00DB85

Function 050EEEF0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0dfb7f11d436087bf71c90ea7adbe05cd7052568cdcee48e625c7b8baaf770
Instruction ID: 3b5789103d8dd2e06c0257f85ddd4dae54eba9bd74103c76bac4dba07445c8ea
Opcode Fuzzy Hash: 6d0dfb7f11d436087bf71c90ea7adbe05cd7052568cdcee48e625c7b8baaf770
Instruction Fuzzy Hash: DBD0177290420CABCB11DAE8E9817CE7BE9DB49310F9092A6DA08E7200EE359B415782

Function 051BC578 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
Instruction ID: b7c15f5d6199f36f7ff641d71568f529fc96a3582e1d2df4f696ef0e7959edf5
Opcode Fuzzy Hash: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
Instruction Fuzzy Hash: 05E0EC721041586F8B41CE89D811CB67BADDB89260704805ABD5486251C672DD229BB0

Function 051B1FC8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
Instruction ID: 5ffbf746aedd02beee038126ebb7434ed0446538cd87c6cc494697cfdbe4e50a
Opcode Fuzzy Hash: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
Instruction Fuzzy Hash: 3FD012721041A82F8750CA99D810DB77BEC9A4D121708C05BB994C7242C565DD1197B0

Function 051EB801 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd81b3c2acd30c168c2137dc6ce6b020509d65a1288dd318a0afa3bc86dd234c
Instruction ID: fa04c16f20f0db93b3ae2f10413ade19f22aff519f577c6ad76f14cb408c1806
Opcode Fuzzy Hash: cd81b3c2acd30c168c2137dc6ce6b020509d65a1288dd318a0afa3bc86dd234c
Instruction Fuzzy Hash: 7BE0C234B045508BC70DD728D814A08B7A3BBC8204F58D1AD9014CF2AAEB31DC038B40

Function 02850E63 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81cad3c22591bcbee4294119506999543594bdb1460c99f1343b9f094567c9c8
Instruction ID: 1710684dc2044c6848acd10bc8635f531b97d7cd61e16a1220b4aa4ad2275da8
Opcode Fuzzy Hash: 81cad3c22591bcbee4294119506999543594bdb1460c99f1343b9f094567c9c8
Instruction Fuzzy Hash: 37E09239D056A0C7D7018B69C45D3663790BF49214F0E81F9CC499B246CB3C4802C782

Function 050EFCE0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bd5e710004956d66dfe3e2215aab6d0f81319c1ea20041723a612196364da64
Instruction ID: 0e78a27741c7657a89158647ee5ee4e5ddb29d7e211c5697c5f048b27a1ad32d
Opcode Fuzzy Hash: 5bd5e710004956d66dfe3e2215aab6d0f81319c1ea20041723a612196364da64
Instruction Fuzzy Hash: 1BE02636100119BF9F059E84DC41CEA7B6AEB99664B14805AFE1556221C673D932EB90

Function 051BF559 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f88a6081c7b9d1d35f84f8a16a5147ee3227c5e301f81bdf8519b9df63361026
Instruction ID: c0f7bd7456a58de2f8d94fe7786f8dfdadb350ba88d33c38d5cd3b7aec1b4fee
Opcode Fuzzy Hash: f88a6081c7b9d1d35f84f8a16a5147ee3227c5e301f81bdf8519b9df63361026
Instruction Fuzzy Hash: 08E086325181448BC301DB2CC851B95B7B4DF86200F0C899EE44067210DB61E845C751

Function 051E2680 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 784f8be274ef1ac49c25dbd7220ea4029e3fa91e0c6ef0cb358bfcc869ee4e4b
Instruction ID: 05c1a8287ea7a59a09473987f8c4743c30f38067cc312b55d471dd4b2290e700
Opcode Fuzzy Hash: 784f8be274ef1ac49c25dbd7220ea4029e3fa91e0c6ef0cb358bfcc869ee4e4b
Instruction Fuzzy Hash: 69E0C2B5904308BFC701DFB4991086E7FFADF0620078101EB9908DB191EA314A149B82

Function 051EA6D8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
Instruction ID: 74bd5e682b91a2d78f462f720d40d5774850364329bd47b2e62bddd07364fa43
Opcode Fuzzy Hash: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
Instruction Fuzzy Hash: B2D012321001187F8B01CE84DC01CA67B6DEB89260704C056FD1487211C672DD22DBE0

Function 050EF328 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 019a99c2cc678a59d547d2a381b57131e659bee868d5ba61dff76f9d7e45dbfa
Instruction ID: e88149448296f32f21d8dda59b5b64b1a835bcb830bee6188182b2835c42f0f1
Opcode Fuzzy Hash: 019a99c2cc678a59d547d2a381b57131e659bee868d5ba61dff76f9d7e45dbfa
Instruction Fuzzy Hash: C8D05E722181911BC340CB58C8A2AB6FBE9EF8A119F2C8C8EE5D0C3341E656DC17C7A0

Function 050EFBF0 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20076753e69b011dc86b85813a2bc0613a8038750905c703323434c2be2d9112
Instruction ID: 6128555c3d1ad7edfe3d187c0c038e1a82638814deed9ef7dfa789c804f0ddf0
Opcode Fuzzy Hash: 20076753e69b011dc86b85813a2bc0613a8038750905c703323434c2be2d9112
Instruction Fuzzy Hash: 21E05B361081529FD302CB54ED41E5ABBE5DFD5710F19844EF4409B351CA62DC17C7B2

Function 050E7BF1 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faf0fc620be67ed4cced94c3a55170b3795467c2b1cf1db7afaba107f87b0c62
Instruction ID: abd5c303fa299d7c62d7dfe8d135b659876685040d5c022295355389b88a29d4
Opcode Fuzzy Hash: faf0fc620be67ed4cced94c3a55170b3795467c2b1cf1db7afaba107f87b0c62
Instruction Fuzzy Hash: 4FD05EF66082819BD741DA48F840B89FB71FBD5214F54885BE951C731AC632E85BC751

Function 051B44D2 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3728e011a1dda245ff9fc019e50e5d28c50abfa0a0d610ebfc682eac9ff980b3
Instruction ID: 1182bd25ddb15af4e0751e2bfb34b075934452663300e1b07f80ad1f71804999
Opcode Fuzzy Hash: 3728e011a1dda245ff9fc019e50e5d28c50abfa0a0d610ebfc682eac9ff980b3
Instruction Fuzzy Hash: A7D05E361081109FD201CE84E981FABB3A6DBC8610F14850EB404A7350CA62DD038772

Function 051BA719 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7764683b25881c61871bdb29846b5931d43ed2daf19639c241a53cf4c1f56d3e
Instruction ID: 943ddf35b64e1a72d5f5fe6904b31aff43c52e1195d7f08a6c2a6ea40e473e1f
Opcode Fuzzy Hash: 7764683b25881c61871bdb29846b5931d43ed2daf19639c241a53cf4c1f56d3e
Instruction Fuzzy Hash: 49D05E73644110AFD200DE44ED41E66B3E6DFD8610F15880EB444A3341CA66DD06CBA2

Function 051BE1B0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6887ccb028643a4c443e635698d4006f1c1a0c4fb43e505dcbfc06c17841b75f
Instruction ID: 7a895c9ebdecc57dee4977f909741762689f248a7a050ba296b5687d2f56d7e7
Opcode Fuzzy Hash: 6887ccb028643a4c443e635698d4006f1c1a0c4fb43e505dcbfc06c17841b75f
Instruction Fuzzy Hash: 66D0A7771042106BD210E948DA81AEAB365EBD4310F048D0EE80497301CF65DD038750

Function 051BD268 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61b032d2d03be3a4aa7b84ad7c6622e7d050db5eefa14ef0536810e66d520bd4
Instruction ID: 19a03fa9889e24c6eae177eee956dc67bcd8efc4b6bce5e5524446493c8c2b7e
Opcode Fuzzy Hash: 61b032d2d03be3a4aa7b84ad7c6622e7d050db5eefa14ef0536810e66d520bd4
Instruction Fuzzy Hash: 0AD0A7372043209FD210D994D881BE6B3E5EBC4230F08884FBC0597301DB67DE46C750

Function 051B3898 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c68e897984b04eddfd5f5066b68bdd916212957d909d64746a72c61dc1fed20
Instruction ID: 1e1bb07972f51837cdd4fd4b2316e8caa7930675778f8381604cf029943fc649
Opcode Fuzzy Hash: 4c68e897984b04eddfd5f5066b68bdd916212957d909d64746a72c61dc1fed20
Instruction Fuzzy Hash: 2BD05E771081109BD205CE44E982F9AB7E5EBC8A14F18885EB840A7351DA62DE07CBA2

Function 051B9BB8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd795f379187ff13f96dd93760cbf874003250858f0577b09462948f837b1796
Instruction ID: 71ea9e22e5b5bcede5a91188036e15d94900d58a8a2ac73c94f108568396bab5
Opcode Fuzzy Hash: bd795f379187ff13f96dd93760cbf874003250858f0577b09462948f837b1796
Instruction Fuzzy Hash: 38D05E726042116BD351E984D881AE6B765EBC4210F19C91EA804A7342DA66DD02CB91

Function 02851850 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc6244d6649cd924680f17f2056abf042c81cdde01b9d0e18bab8f99d808a1cd
Instruction ID: 3a25404cb4b2828acab35ecd2ec6bbb84b1b81c44cecc2dd028cdae99d5fe1e4
Opcode Fuzzy Hash: bc6244d6649cd924680f17f2056abf042c81cdde01b9d0e18bab8f99d808a1cd
Instruction Fuzzy Hash: CBE012396009149FC744EF6CE55895D77E4FB4D26174140A5F50AC7361CB209C01CF91

Function 050EF3E8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5193238d05072252e0b47feae9d2f4a5ec82dd08e26df83404e70e6f0562eb14
Instruction ID: b8becae2a91d9b5b0d1631ee2249f806f7c27bdc7a2f39aaf987798729fca8c4
Opcode Fuzzy Hash: 5193238d05072252e0b47feae9d2f4a5ec82dd08e26df83404e70e6f0562eb14
Instruction Fuzzy Hash: 69D05E761142119FD344CB08CC82F96B3AAFFC4308F28C84AE88083304D775EC22CBA0

Function 050E0850 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68963a6e966138ded1ef3834d19236bb532a872228d191ea61c15eec8faa33a8
Instruction ID: 3c584a746e0f9ac4ab1792fb93f55e2d98b7a5742b70a114725c6ce410ac79e2
Opcode Fuzzy Hash: 68963a6e966138ded1ef3834d19236bb532a872228d191ea61c15eec8faa33a8
Instruction Fuzzy Hash: 39D05B7550C3905FC702CB5094944527F71BFF73047069C8AE49087296C715CC07DB61

Function 051BDD90 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d4885a0315d9020d71f4db030c16b7af1f3381586551c846d634979119c8807
Instruction ID: a2bd5404d406c0a2cd2029eba1221d6d6d1344232ff8f21e7c907a7a3fa2b31d
Opcode Fuzzy Hash: 2d4885a0315d9020d71f4db030c16b7af1f3381586551c846d634979119c8807
Instruction Fuzzy Hash: DDD012323040005BC254C644CD82B55F3A1DBD4214F14C03C648DD7395DF39FE038751

Function 051E8D68 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90

Function 02855388 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56fa200a2890df18119aee28597718e98d02e18e444a9df98dcf69e622c90ef4
Instruction ID: 3aad35e4ae837a9f86ab5d662b09da9814e3d7e2cbbb25f4257e2bddbdb62d29
Opcode Fuzzy Hash: 56fa200a2890df18119aee28597718e98d02e18e444a9df98dcf69e622c90ef4
Instruction Fuzzy Hash: 4EE0C231C09204DFCF02CFA4DB1019D7FB0FF4920171404EBD505D7220EA324A14EB02

Function 02857FB0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4c75a47d650b2ae83965348e9ba1a74e5f2aa91b7eda46df554ab341aad1280
Instruction ID: 07284411d2a5caba40adac574a1abc43b82e3b29de16b1adb5e62cb19ded06f7
Opcode Fuzzy Hash: c4c75a47d650b2ae83965348e9ba1a74e5f2aa91b7eda46df554ab341aad1280
Instruction Fuzzy Hash: 7CE0C77A9092888FCB06CFA89A0008EBFF1AF0520074004EBC808CB161FA324E089B82

Function 050E8098 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efa9c8a56637b66c0fcf8555fc68df02a4a52bb13bd9d19fb2188c2c17c3dcd6
Instruction ID: 53d2050c2af4350ad1c65cf5937283ee5bc9c436bf58b44ee846ab10b7ca2c5e
Opcode Fuzzy Hash: efa9c8a56637b66c0fcf8555fc68df02a4a52bb13bd9d19fb2188c2c17c3dcd6
Instruction Fuzzy Hash: 7DD0127110D2819FC302CB54D954856BFB1AFD6704716948EE4909B2A6C6628C17D727

Function 05203378 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24a412affb1a3b3c233b4ef67e58a19e11521b0304703af9d7c9e71110e4c7ea
Instruction ID: 6eb62ed0db8aeba5944c5ecce968a7fd5c8cec5fc581b6397df71b0026d34998
Opcode Fuzzy Hash: 24a412affb1a3b3c233b4ef67e58a19e11521b0304703af9d7c9e71110e4c7ea
Instruction Fuzzy Hash: 3AD0A7765042105FE340CE44C841AA6B3A5FBC4704F28881EF80083300CB62DD07C750

Function 05204AB3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cf1f46c06f04b2c4c4b59e010e834d8d3430049801f80bf9f8fb4889183e21b
Instruction ID: 952a4c2db26398a049332abaf0bd3ea310a3420766b673859f1931d0738044a3
Opcode Fuzzy Hash: 8cf1f46c06f04b2c4c4b59e010e834d8d3430049801f80bf9f8fb4889183e21b
Instruction Fuzzy Hash: 0BD0A77680010CEBCB01EFB8C94056E7BF9DB4420078041E6A904F3200FF355E0057D2

Function 051E55D1 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b30043610113ac1ae1c52aefba5170a79ec335e22683c0b3e62044c6a2778121
Instruction ID: 7925895959e2cfdbe8242facf7ea485dc86374aab37b418f6ff0f7ce7ce21718
Opcode Fuzzy Hash: b30043610113ac1ae1c52aefba5170a79ec335e22683c0b3e62044c6a2778121
Instruction Fuzzy Hash: 4CD0C93AA150148AD745CB68F891688B371FBC86A9F1482AAE918C7151EB329517CB41

Function 05204AB8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09f9d4365964e9fd72db04a94b2d7ff092aa98215adb4947376fa62a3e3f03bd
Instruction ID: 884d4d3a2563b14112c7e17fedbc2799d84e3bee94b1e4004895bf76b9400049
Opcode Fuzzy Hash: 09f9d4365964e9fd72db04a94b2d7ff092aa98215adb4947376fa62a3e3f03bd
Instruction Fuzzy Hash: 13D0C9B690110CEBCB01EFA899005AEBBF9DB49200B9045E69908E7210EE315E145BD2

Function 051BDEF8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40e742da7cd1b4410ed4a5a95cd47c1e172032b1ac49002d1b058a6d31c83bf4
Instruction ID: cbb55323012a26507be35cfb111a3e8623932c82758c9fec55dbb4078ea3cd6c
Opcode Fuzzy Hash: 40e742da7cd1b4410ed4a5a95cd47c1e172032b1ac49002d1b058a6d31c83bf4
Instruction Fuzzy Hash: 27D0C97590110CEBCB01EFA8990059EBBFADF49200B9146E69908E7210EE315A146BD2

Function 051BE9B0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8179cbff29ae22e2b9fb09b656978abb7d36131cb3e2ea1afaca8869f4ca66fa
Instruction ID: 8c3528b762a912d0deb74afab60a5ebac44ab53032d4040f8dd552f579a6ef07
Opcode Fuzzy Hash: 8179cbff29ae22e2b9fb09b656978abb7d36131cb3e2ea1afaca8869f4ca66fa
Instruction Fuzzy Hash: D5D0C9713412009BC344CA24C896B25B3A1EBD5324F24C47CA808CB360DB3EEC0BDA10

Function 051E9F88 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6a185f850d6663842d9f6c130a3deb2f3a426534ff1a57b71b570aa48a5dfb0
Instruction ID: 753c6e1140989b8661da690a8e4ff2aa6b745e9b8f8e58cf5e136074d0c0d57c
Opcode Fuzzy Hash: f6a185f850d6663842d9f6c130a3deb2f3a426534ff1a57b71b570aa48a5dfb0
Instruction Fuzzy Hash: F3D0C97A90110CEB8B01DFA8890059EBBF9DB49200B9046E69908E7210EE319B106B92

Function 051E2690 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8100a24ff7d4e3a884f2601deefbe1fb14ed82d913d0c11c69f34310cf22ad35
Instruction ID: 5a6303f4040b0225990b7f468dea015e8c6c61cf91b7a10055cbb399f339c059
Opcode Fuzzy Hash: 8100a24ff7d4e3a884f2601deefbe1fb14ed82d913d0c11c69f34310cf22ad35
Instruction Fuzzy Hash: 62D0C97591120CEF8B10EFA8990059EBBF9DB49200B9045E69A08E7210EE319A105B92

Function 051E2BE0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45484448cb64b18c793ac27b05560e87250e296b9481d277c4ab2c2644560e83
Instruction ID: 74ff0dd41168a834d856d54cb322de3ae3944ed96fa5ad578d28e1e6d844ba79
Opcode Fuzzy Hash: 45484448cb64b18c793ac27b05560e87250e296b9481d277c4ab2c2644560e83
Instruction Fuzzy Hash: 53D05E7910D3815FD341DA64E910892BB61ABC5204B15884FE88083286C622C91BCB71

Function 02855398 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd75ac5d1f90827dbc2926a74c1ba8351ba82131c9e7cd953f30084d8d78964c
Instruction ID: 2acb35cf1601ebf3ea3f041e05d0728255d2495d8ffffc36f254d6656cc276fe
Opcode Fuzzy Hash: fd75ac5d1f90827dbc2926a74c1ba8351ba82131c9e7cd953f30084d8d78964c
Instruction Fuzzy Hash: 85D0C97190520CEF8F00DFA4E90159EBFF9FB49200B1045E6EA09D3210FE315A14AB91

Function 028508C0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f800cf00903cf8952e6f673a5b6da39ddc3a6a9e759336f9b2b1b79c64769de9
Instruction ID: e7be27cc31ad355e8a84e4cc5374476a5c002d4786fa2095af69069c8d383e35
Opcode Fuzzy Hash: f800cf00903cf8952e6f673a5b6da39ddc3a6a9e759336f9b2b1b79c64769de9
Instruction Fuzzy Hash: 0BD002A504E3CC4ECB031BA129143907FB85D53018B4E11C3DDA8CF6A3DA191A18D775

Function 02857FC0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be62cb7881e2e008a42ab9186b53a897a836cf150c9f801f54a6537f64d98abc
Instruction ID: 4cc329fe4207f4e4a835fbbbcfb57cae52d48cd659eec423f34348401036ace2
Opcode Fuzzy Hash: be62cb7881e2e008a42ab9186b53a897a836cf150c9f801f54a6537f64d98abc
Instruction Fuzzy Hash: A4D0C97590110CEB8B15DFA9D90059EBBFADF49200B9045EA9909D7210EE325E106B92

Function 050E84C8 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76894bfe8213688ea941a8c8e58ce039034e9e190cc3dd42a39c603ab0833c29
Instruction ID: ed790f4a8eae486265ce56123d254d5795f50d85ac9d790743cde5402b05e62e
Opcode Fuzzy Hash: 76894bfe8213688ea941a8c8e58ce039034e9e190cc3dd42a39c603ab0833c29
Instruction Fuzzy Hash: A3D022B291A8400BC302C338CC03484BFA19B6320079EC6F9C00CCB3A6E626AC078B91

Function 050ED0C0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03dc111c9b117bdd2442a4c414f30ac3cace52cedb2e6f3027d49d35c4659a5a
Instruction ID: db0a2b079468a7d226a1e82aa8bbb22091fb0bd6002ec21cf1cbbcb08cef19b6
Opcode Fuzzy Hash: 03dc111c9b117bdd2442a4c414f30ac3cace52cedb2e6f3027d49d35c4659a5a
Instruction Fuzzy Hash: 4FD012B63000005BC3A8C648E8C2B96B3A1DBD8224F18C02CE80DCB356EE3AEE43C700

Function 050EE290 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bcd77c2dd88e77c367848df4d09e5b443f321b20ec15ee8e4fcb24005e0ad7e
Instruction ID: 804b326842207439140f829c1a43da635d5f1786e38386a31445eb3e29024553
Opcode Fuzzy Hash: 0bcd77c2dd88e77c367848df4d09e5b443f321b20ec15ee8e4fcb24005e0ad7e
Instruction Fuzzy Hash: 1ED0C971200101ABC394C618CC86B96B3A1DBD4214F58C029E889C7756DB36ED43CB41

Function 050EEF00 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca019e7b3218faf014d009b61000b195d3b027e53e6d402415786613ff258a9b
Instruction ID: fe08c96064b9ee5d78b6a45a1479437663937ffe72470ed36f3ace8b74c0dcf8
Opcode Fuzzy Hash: ca019e7b3218faf014d009b61000b195d3b027e53e6d402415786613ff258a9b
Instruction Fuzzy Hash: 7FD0C97590510CEB8B00DFE8D90059EBBF9DB49200B9145E69A08E7210EE315A105B92

Function 050EBB88 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43553b814a40d6aa67539dfd874986a7b992a8c042022ce23459c70ade29c98d
Instruction ID: d730afd46857cd10e1e72d271d9bc6ef765f2456aaa498569751f0edbc87d074
Opcode Fuzzy Hash: 43553b814a40d6aa67539dfd874986a7b992a8c042022ce23459c70ade29c98d
Instruction Fuzzy Hash: 7BD05B7560D3415FD355C714C8508267B61FFD5304B15889EE46487697CB66CC07C721

Function 052060E0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1087e5cc9ae5c075afcbebdcca8711526e807bc2918f9668ec7fe19fb651042
Instruction ID: bcbecf5551839b60106060d08a80ac75781aa929d03e7f2229fc4f81361cff3b
Opcode Fuzzy Hash: b1087e5cc9ae5c075afcbebdcca8711526e807bc2918f9668ec7fe19fb651042
Instruction Fuzzy Hash: C8C012397100008BC788CB7CEC60308BBE2BB88A01F24C56DA00CC3316EF22C8038B40

Function 051B8CB1 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3266f517ccb2be3d25262ad00eb0343974c301d24679b10f3f199e5faa431a54
Instruction ID: 2045d4688e49b5de95a37dc1696799341fb021f30e8a5eb60e235cd8d45443fc
Opcode Fuzzy Hash: 3266f517ccb2be3d25262ad00eb0343974c301d24679b10f3f199e5faa431a54
Instruction Fuzzy Hash: 20D0227282490047D300EB78CC01784BB71FFA2200F54C36EE4809A282FF22E54AD700

Function 051B9F02 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d13f782d0313dbcd102866581dd919f847da997545b007343640e85d80431b61
Instruction ID: 76b25ddae073b4120654af9c61039577a242b938972378f4e923146789f663b1
Opcode Fuzzy Hash: d13f782d0313dbcd102866581dd919f847da997545b007343640e85d80431b61
Instruction Fuzzy Hash: 3BC012323000005BD324C648CCC2BAAF3A2DBD8224F98C02C640DEB3A0DE3AEE43CB10

Function 051BEB58 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e55fc6264d638cf95df2c6d050f9366b3590aff03b52688d4a950743e630372
Instruction ID: 5a2a01988f8153f763100be9cada0298e6e68f1d08446351e97a815d9347a3dd
Opcode Fuzzy Hash: 6e55fc6264d638cf95df2c6d050f9366b3590aff03b52688d4a950743e630372
Instruction Fuzzy Hash: 33D0C9353051005FD344C62CC856B66BBA2DF99214F28C5ADA488C7361DA37E843CB00

Function 051E3591 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57ade709de8550919e80493a0e658b43c11ef741c1bdf70a1c4bfec234482138
Instruction ID: 2847a2b36c61b717c9750f66a5ed37734faa5e150f9d21dc6189e91dbfe088c9
Opcode Fuzzy Hash: 57ade709de8550919e80493a0e658b43c11ef741c1bdf70a1c4bfec234482138
Instruction Fuzzy Hash: 96D0A7B510C3C04FD241DA50E420542BB61EBD5604B068C4FE44083243C622DC1ACB60

Function 051E5C20 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
Instruction ID: 1d2c5b51030abd186a83bee4b09449a282c16bbf154cb9b97365610c327b5c4c
Opcode Fuzzy Hash: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
Instruction Fuzzy Hash: B8D0C9712081219F9244CA48E950C6BB7E9DBC9A10B14884EB88493241CA62DC16CBB2

Function 051E5169 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc2acfff769c119e0f8281efa4c560d5d331f9ca1fd80cb8e09d066d4db29f42
Instruction ID: 05910b7e78a1093a961243e34042d5637d8bdadf9c86d65e49c2ff6599085096
Opcode Fuzzy Hash: cc2acfff769c119e0f8281efa4c560d5d331f9ca1fd80cb8e09d066d4db29f42
Instruction Fuzzy Hash: E4D0C9346102009FD384CB28C842B25BBE5EFD9604F14C02EA449C7390EF329C43CF11

Function 050E6CC8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b318f28300575c0f9d81a3c35a9343e7fc727a8b6ed46dd0c5d9d9e60607f2fa
Instruction ID: bc26dee98905dc21ca87a70ba22b3e84e091260fdb88bdbd9d066c2bd2b333a4
Opcode Fuzzy Hash: b318f28300575c0f9d81a3c35a9343e7fc727a8b6ed46dd0c5d9d9e60607f2fa
Instruction Fuzzy Hash: 19D0C96165A2841FD301C3648D1AA49BFE19F9325571DC4DAC9888B2ABDA259807CB15

Function 05203628 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
Instruction ID: 805465856a0e97f1801a7b9e58a9ccc16fe6aa036e262aa7ced1ad80dc8590cd
Opcode Fuzzy Hash: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
Instruction Fuzzy Hash: 59C012752142125BD254DA04C841D66B3A6FFC8314F14C86EE85083345CF76DC07C7A0

Function 05204070 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f81ffda9770564412da37cbf47386c95ca19164b66d465b9a77f0f81d7f58547
Instruction ID: a44d9ac060220f98f2b9bd7b112e4ab7ec1d88bd908cbc73574f3a541aea9d74
Opcode Fuzzy Hash: f81ffda9770564412da37cbf47386c95ca19164b66d465b9a77f0f81d7f58547
Instruction Fuzzy Hash: 3AD0C9396011009FD344CB38C941A52F7E1EB98604F20C42DB408C3350EB329D07CB42

Function 051B91C1 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c234ee24acbd5fe56b7bc528ac65c3998659f24fef7d90c1815ee2e3193b46e
Instruction ID: 816638c5e214ed8ff266f8ffa6f677cf40b915dded6ca3a40b298ecea05314f9
Opcode Fuzzy Hash: 1c234ee24acbd5fe56b7bc528ac65c3998659f24fef7d90c1815ee2e3193b46e
Instruction Fuzzy Hash: 3DD0A7752083C19FD241CA18E410755FBA1FBD5200F188C4ED44043302C723DF16C7A0

Function 051B82E8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 051B6F69 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1344c665282f6213cc9577e8ec30e3d9ec850a9f3e6b8b825a525f1eea63710c
Instruction ID: 60ffaab5c4ee66526ca02b38a33e70376d0011fd77c775d99e50a6b44c15e042
Opcode Fuzzy Hash: 1344c665282f6213cc9577e8ec30e3d9ec850a9f3e6b8b825a525f1eea63710c
Instruction Fuzzy Hash: 06C012B65051804BD341C264CD52B44BB51D741215F19C0EE84449B203D922DB078750

Function 051E4018 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 051EEB10 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd451bc7cccd177471409f3a52ba81dcb4ea58801ae84ab75e529a258c043428
Instruction ID: 5861a9ff287bc0a999bbd30a8443f70c9adc21d559f91a9ba71c798b3d06a292
Opcode Fuzzy Hash: cd451bc7cccd177471409f3a52ba81dcb4ea58801ae84ab75e529a258c043428
Instruction Fuzzy Hash: 60D05E7560C3C15FC342CB68E420466BF61FB8A610B148C8EE89087252C726981AC752

Function 051E1249 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f591725e525a5a8d5fb20c672e80e8395c365615b67196758a872fb710af336
Instruction ID: a28cb1c66dbc58e9e7558d1b0d5c16990dfc430a726eee5a7e56de5a4b475ddd
Opcode Fuzzy Hash: 3f591725e525a5a8d5fb20c672e80e8395c365615b67196758a872fb710af336
Instruction Fuzzy Hash: A9D0C9387011419FD344CB29C952B21BBA2EF8A344F18C4ADA498C7351DA32E843CF00

Function 050E67D8 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 551de7098e4aa305bd460134bc73461dc81d5f2e9a0478849397784e6d537775
Instruction ID: 94f640b0d549df034ff0b16b0ff36d7df8af74c55ab73d1913cc7ec2b976c7f9
Opcode Fuzzy Hash: 551de7098e4aa305bd460134bc73461dc81d5f2e9a0478849397784e6d537775
Instruction Fuzzy Hash: B0D0C9752092805FC302CB60C861555BFB16BA7244B1AD89AD4D8DB2A7CF31D903E711

Function 050ECC68 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2

Function 05203DCB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc51c27a393ef13df97fbf430050db0a95fe8d6fd93d22599a5dbbc42a19b9b0
Instruction ID: 61307fb49b1e292039a8d53f39c6cf82a49b17aef03e20d10aada2b8f1679019
Opcode Fuzzy Hash: cc51c27a393ef13df97fbf430050db0a95fe8d6fd93d22599a5dbbc42a19b9b0
Instruction Fuzzy Hash: C9C012367005009FD344CA28CC92B22B7E2EBD8201F24C02DA408C3395EA32EC03CB04

Function 05204AA8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a659fc0fd63b6a9fc7607462e10649fb559ae1c06763363c2784fc393d4b46b
Instruction ID: cdaa445e275a36c8304536e8d606d369c1044f0947feb32b9e4c9919cdd91e23
Opcode Fuzzy Hash: 4a659fc0fd63b6a9fc7607462e10649fb559ae1c06763363c2784fc393d4b46b
Instruction Fuzzy Hash: 79C08C7A81680CEE8F22DBA494214EDBBB6DF0120079003E2D808A3020DE320B249BCA

Function 05204AAB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af69096565f7cc022b82ea9435373f1e7d24d51f65270b838a966fbcd1e89b1d
Instruction ID: 458b076f2d8b96cf822f6ab628ba840a8c9e27e85c7c5c4dfbd3ad557660dc4d
Opcode Fuzzy Hash: af69096565f7cc022b82ea9435373f1e7d24d51f65270b838a966fbcd1e89b1d
Instruction Fuzzy Hash: C5C02B3E02440C85CF00E680C8017687352EF00300F9003D04C0D45030CA11072047C3

Function 051B14D1 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd69c7413fc943c2e9cbb6ea06ccc2150a187c3a33a8a5475f53dee3b2172e79
Instruction ID: 956662e632d5cecc68c1a610f6c9f846c2eee92878ba35cbbb1e78e54a31aa69
Opcode Fuzzy Hash: fd69c7413fc943c2e9cbb6ea06ccc2150a187c3a33a8a5475f53dee3b2172e79
Instruction Fuzzy Hash: D1C09B3620410047C255C584E9D17C4F361D784214F18D16C941CDF345CF27D7035740

Function 051B7601 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d29816a7d3719e638f80fde27d4cd852ded07a525bab08f772e4948efc79efd6
Instruction ID: 8202a870a6c55bea4b8ee3035a54428b6817a8cb71847e87f7ef41f824c9310d
Opcode Fuzzy Hash: d29816a7d3719e638f80fde27d4cd852ded07a525bab08f772e4948efc79efd6
Instruction Fuzzy Hash: 6BC02B331011004BC315C588DCC1380B351C780611F0CC258100CDB3C1CF2AC7034700

Function 051B91D0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 051B5E10 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c720d009b2293b657886baadcb720498e0cae87a03c6921057911d601bfc8f55
Instruction ID: 49974a57ba2caaff26ac796c16f81937c7af50417bf651258e0129edc6b310cd
Opcode Fuzzy Hash: c720d009b2293b657886baadcb720498e0cae87a03c6921057911d601bfc8f55
Instruction Fuzzy Hash: 1AC04C7394540097C65595D8E9C17D47751A78A229F588259D40CDB245CF2ED6439A40

Function 051BA9B0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e7d991f0b2dcfc3fe858156bf9652d3c5f05602a7eec2e19eeb1516df3013e2
Instruction ID: 40e0c6bf016b682277c5c16f891e11ae5c8e87de5e6ebe48197e039c682ef9ab
Opcode Fuzzy Hash: 5e7d991f0b2dcfc3fe858156bf9652d3c5f05602a7eec2e19eeb1516df3013e2
Instruction Fuzzy Hash: 4CC04C71208D069BC754DA14CD96715B375EF84314FB8C4A9B425D728ADB3BD8139A44

Function 051BAB50 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acbc5064bcafa1b46951cce082d66cc7d28f96665e881dc3a407825d7732b066
Instruction ID: 0e1274fb30daa58329cd88a0e8c398606635fe091169b7a0cc9f50d39b3543bf
Opcode Fuzzy Hash: acbc5064bcafa1b46951cce082d66cc7d28f96665e881dc3a407825d7732b066
Instruction Fuzzy Hash: 92C08C3220808217D3229A08D882740FB60CBC1200F2CC4989018CB242CF2AC5538B00

Function 051E4520 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 051E2DFB Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a0542805eb1c17f10d089303f1794b317cb4307e86741a0df48a6a6d4036042
Instruction ID: 73b3982373deb122314108fc87b8200cf68f29d90dce39dac4eaddf76c7f5931
Opcode Fuzzy Hash: 0a0542805eb1c17f10d089303f1794b317cb4307e86741a0df48a6a6d4036042
Instruction Fuzzy Hash: E0D0C9342011009FD348CA28C842B16B7E5EFD8610F14C42DA488C3351DB31DC03CB10

Function 051E1670 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 0285645A Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9b6cee9b27d8866ab259ddd71b60b9f2f58d14451fba52960413659aebd2547
Instruction ID: 731b8527068e3391176b184c8d9caf992cc8375fa3ddf3fc85be403b561de385
Opcode Fuzzy Hash: f9b6cee9b27d8866ab259ddd71b60b9f2f58d14451fba52960413659aebd2547
Instruction Fuzzy Hash: 20D012713081805FC704C718CCA5B15FBB19FD5205F18C49DA889CB356DA31EC03D715

Function 050E05A8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45228304303c7280959582f4f669394f00125076f2740b54917b382897826058
Instruction ID: 4307e18c8a92a47140a0683c9bafe2772f6126ba22b9fade80de2906f9b80aee
Opcode Fuzzy Hash: 45228304303c7280959582f4f669394f00125076f2740b54917b382897826058
Instruction Fuzzy Hash: 91D0C93820D2815FC341EB64C960816BFB15F8B319B19C89A94C48BA63CE35D903D719

Function 050E0860 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0

Function 052033A8 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae948d99bc1f1d373088a518726d6802ed9e68ae0283efa762f38181b4f23d47
Instruction ID: 0835571904a86911aeef7479e3560dee6cbb0285f37d8a39f6c32b9dcae0ee95
Opcode Fuzzy Hash: ae948d99bc1f1d373088a518726d6802ed9e68ae0283efa762f38181b4f23d47
Instruction Fuzzy Hash: A7D0C93C1001009FC745CB60D590B61BBA6EF98614F14C59DA80887251DB36980BDF41

Function 05205EB1 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e11360f6b4157e46ff6d73649aa0e6bab9c92664ed19fcd2f65d983cbfc6a61
Instruction ID: 4ba94d22791f430612b8eda6292e2f50d7a9bd1f622d29853b314006fd88296b
Opcode Fuzzy Hash: 9e11360f6b4157e46ff6d73649aa0e6bab9c92664ed19fcd2f65d983cbfc6a61
Instruction Fuzzy Hash: 61C04C759141009FD345CBB4D8917147BB1FF85604F55C06DA805C7219DB3BA9078F41

Function 050E42D2 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0caa1c6902aa20d9cc5d70d8e944b199aaf084f702140f8e3496ea1e14b43e6
Instruction ID: bf2180df072430e37fcc1d543c88f09c20b00e31220b946115ec07c492de9a47
Opcode Fuzzy Hash: b0caa1c6902aa20d9cc5d70d8e944b199aaf084f702140f8e3496ea1e14b43e6
Instruction Fuzzy Hash: B2C012B250D2800FC702C224C850404FF72AB8220434EC0CE9488CB293CA2A9806CB90

Function 05203F80 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17ecd67ba88299163addf91bf1a094607f93fd1b7f2e319ee096ee21c0815165
Instruction ID: c2668dbb283a02f9f630b10ed92ffe6a0e8af95727c49c3586412286116d5963
Opcode Fuzzy Hash: 17ecd67ba88299163addf91bf1a094607f93fd1b7f2e319ee096ee21c0815165
Instruction Fuzzy Hash: 70C04C395441448BD749CF34D89565477A3FF86608F14C26DA404C7555DF37D51BCB41

Function 05204EEB Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56bb2ee8fbfbd11e23919eb8dbd9be9b93ca3a5a901a5c3fcdd7df279b8b401a
Instruction ID: 1e3f8298eca5368d7112699c88a74482743591fab844153e7b6828cf06fb2daa
Opcode Fuzzy Hash: 56bb2ee8fbfbd11e23919eb8dbd9be9b93ca3a5a901a5c3fcdd7df279b8b401a
Instruction Fuzzy Hash: A1C04C753001005F8244C618C995926F7A5DBD8218B54C46D7449C7355DB32EC03C654

Function 02854264 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c348708c4b5c6cb50ac7fb453f313b5f0cd14719d488bb49a41453df0c84f48
Instruction ID: e5c1f8d57b47307fd366170d080c854b55ea1dcabb4be634d6cbc11799363482
Opcode Fuzzy Hash: 2c348708c4b5c6cb50ac7fb453f313b5f0cd14719d488bb49a41453df0c84f48
Instruction Fuzzy Hash: BAC00238651529EFDB056B90E858ABC7A33FF49304F000025FA16A7269CA255C59EB41

Function 02859608 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca3e8d899d00e74e6e1614d4b3819fb9cbec29175fceae8c4eaa7c032e34e6e3
Instruction ID: f4cfb2910d3fc9c72e6630a6d658321319576d122a1fb37f15d00ac0742d1a37
Opcode Fuzzy Hash: ca3e8d899d00e74e6e1614d4b3819fb9cbec29175fceae8c4eaa7c032e34e6e3
Instruction Fuzzy Hash: 74C01238A00008EBCF196AA0E85A9BCBA33FB48200F008016F802A2264CA364C219B11

Function 02856E51 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 701ba3243aa9e3437e5e7401c7c2b481dee01b30d693ddfc0d138f452aa2a8f0
Instruction ID: 0a7dc6064f348d9bc68d43351f2f207a6e709a65c255cf3d6b7beaa1199328b5
Opcode Fuzzy Hash: 701ba3243aa9e3437e5e7401c7c2b481dee01b30d693ddfc0d138f452aa2a8f0
Instruction Fuzzy Hash: 47C09B311572977DC7461370381635DBF5C674770CF88D054B1C8C7147CA1854035245

Function 05200C50 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529699247.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_5200000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 051BD438 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 051B6919 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88735df12e085b2b97654ff4a6e06f651bc8416268058a7aeddeac1572aa49e9
Instruction ID: b67edad61f67ff568fde2caf817f453d02283590140e4fa4748c5a486eb2fbb9
Opcode Fuzzy Hash: 88735df12e085b2b97654ff4a6e06f651bc8416268058a7aeddeac1572aa49e9
Instruction Fuzzy Hash: 27B092762080114B824AC648EC8145CB362DAC4214718C0A96409DB74ACF22DA038750

Function 051BA800 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 028583F0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12cd6ae82860ac040d0b17f7124a98af403a49524f2b3c833711adbc953d8a19
Instruction ID: 2046d23edc7a545d79ceefcdd1372ebb1b6b91132fbc16b175a824efe61602fa
Opcode Fuzzy Hash: 12cd6ae82860ac040d0b17f7124a98af403a49524f2b3c833711adbc953d8a19
Instruction Fuzzy Hash: 95C09B741150D04AC6458775DC51B94FF60EB47215F1CE8C8D8C44631ACE279403F610

Function 050E84D8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 050E67E8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 050EAA50 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10

Function 051B4C1A Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b43bfa6236dfbef9f934aa871e1d87731abecd0771831421cb5c042d5f6cfbf0
Instruction ID: 7ea8824d6f70fad09dfa5cc30e288f1b27f5b609e2a46740cc315baf510d125c
Opcode Fuzzy Hash: b43bfa6236dfbef9f934aa871e1d87731abecd0771831421cb5c042d5f6cfbf0
Instruction Fuzzy Hash: D5B012312080016BC345C648E8C1448B361DBC4204318C0AD680CCB345CF33DB039784

Function 02858670 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
Instruction ID: e80b9cbb32ce7aa80f269217a2acaa4f8c5de131eb2df65f765f3a476441bad2
Opcode Fuzzy Hash: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
Instruction Fuzzy Hash: 3DB002747054005B8748D65DD951515A7D29BC9215728C4AD641DC7355DE22DD039644

Function 050E7DB9 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f0e7621c2d01c4ab853e9ef9e13ee9c360e0aa7659e3b9f1a23860f5f0378ce
Instruction ID: ee8ae6d2d40f5b90836fbac1c1b0577be1ebb91d62a36a66eabf0a197ef18d6a
Opcode Fuzzy Hash: 5f0e7621c2d01c4ab853e9ef9e13ee9c360e0aa7659e3b9f1a23860f5f0378ce
Instruction Fuzzy Hash: 95B012B16040009BC344DA08D891608B362EFC4605328C09CA409CB346CF33D9038B50

Function 051B69E0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 051B6810 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 051B4AA0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529471723.00000000051B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51b0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 051E4670 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2529587921.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_51e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 028508D0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5f3e4e9985e3712c5e93475e627b482abfc6ca49720aafab4bc6e183c4d7b85
Instruction ID: fbdfe2b7be3c80cf6e9a4178e110968e21d630d71fa427d2a55d15faad1cb84e
Opcode Fuzzy Hash: a5f3e4e9985e3712c5e93475e627b482abfc6ca49720aafab4bc6e183c4d7b85
Instruction Fuzzy Hash: 6E90023504560C8B464027D67849655775CB6455157881151A50D416115E6564108595

Function 02856E60 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1d46ffd48cee63b4da7d377437fbf0f52809e4478e32e261b0ddc3712206fdf
Instruction ID: 9bf526e9f13b919e1e956769d0fce80ed20b033337fab5bf5671ada5fefea3e4
Opcode Fuzzy Hash: e1d46ffd48cee63b4da7d377437fbf0f52809e4478e32e261b0ddc3712206fdf
Instruction Fuzzy Hash: 9590223000020E8B00002380300A008BB0CAB00008380C000B20C802020E282800008A

Function 050E30F0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2528826784.00000000050E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_50e0000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44

Function 0285BB60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000020.00000002.2514739119.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_32_2_2850000_BtowsPlayer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report UD3cS4ODWz.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BtowsPlayer.exe.log

C:\Users\user\AppData\Local\Temp\is-JSDRP.tmp\UD3cS4ODWz.tmp

C:\Users\user\AppData\Local\Temp\is-QNH7J.tmp\_isetup\_setup64.tmp

C:\Users\user\AppData\Local\Temp\is-R9513.tmp\UD3cS4ODWz.tmp

C:\Users\user\AppData\Local\Temp\is-TUNTK.tmp\_isetup\_setup64.tmp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BtowsPlayer.exe.lnk

C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe (copy)

C:\Users\user\AppData\Roaming\map\is-DQMBE.tmp

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Windows Analysis Report
UD3cS4ODWz.exe