Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UD3cS4ODWz.exe

Overview

General Information

Sample name:UD3cS4ODWz.exe
Analysis ID:1581188
MD5:7c9544661439af4f0fd2e7e4387d958d
SHA1:ecd31f6616df136c73a5ec19f048b067aaa32b1d
SHA256:1b937ace633e36eee5d6488c64b8945ffd48d8750a0af60143da86ce0cbf5a8b
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large array initializations
Found many strings related to Crypto-Wallets (likely being stolen)
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Tries to harvest and steal Bitcoin Wallet information
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64native
  • UD3cS4ODWz.exe (PID: 9144 cmdline: "C:\Users\user\Desktop\UD3cS4ODWz.exe" MD5: 7C9544661439AF4F0FD2E7E4387D958D)
    • UD3cS4ODWz.tmp (PID: 9204 cmdline: "C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmp" /SL5="$10420,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe" MD5: EAA27C4A436F9109F95EF7D65AA446D5)
      • UD3cS4ODWz.exe (PID: 8300 cmdline: "C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART MD5: 7C9544661439AF4F0FD2E7E4387D958D)
        • UD3cS4ODWz.tmp (PID: 8408 cmdline: "C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp" /SL5="$20420,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART MD5: EAA27C4A436F9109F95EF7D65AA446D5)
          • timeout.exe (PID: 6412 cmdline: "timeout" 6 MD5: 100065E21CFBBDE57CBA2838921F84D6)
            • conhost.exe (PID: 6536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
          • cmd.exe (PID: 2640 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 3340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
            • tasklist.exe (PID: 2608 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
            • find.exe (PID: 2672 cmdline: find /I "wrsa.exe" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
          • cmd.exe (PID: 7272 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
            • tasklist.exe (PID: 7188 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
            • find.exe (PID: 7444 cmdline: find /I "opssvc.exe" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
          • cmd.exe (PID: 5708 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 8080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
            • tasklist.exe (PID: 8728 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
            • find.exe (PID: 9200 cmdline: find /I "avastui.exe" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
          • cmd.exe (PID: 6440 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 6548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
            • tasklist.exe (PID: 9180 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
            • find.exe (PID: 9176 cmdline: find /I "avgui.exe" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
          • cmd.exe (PID: 7700 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 7284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
            • tasklist.exe (PID: 8808 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
            • find.exe (PID: 6544 cmdline: find /I "nswscsvc.exe" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
          • cmd.exe (PID: 7404 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 2964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
            • tasklist.exe (PID: 4872 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
            • find.exe (PID: 1992 cmdline: find /I "sophoshealth.exe" MD5: AE3F3DC3ED900F2A582BAD86A764508C)
          • BtowsPlayer.exe (PID: 2640 cmdline: "C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe" MD5: BE2EDCF02F80B8D9AB65724911E3F2E6)
  • BtowsPlayer.exe (PID: 7568 cmdline: "C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe" /auto MD5: BE2EDCF02F80B8D9AB65724911E3F2E6)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
    • 0x5c05a:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
    • 0x5f5f0:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
    00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      Process Memory Space: BtowsPlayer.exe PID: 2640JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: BtowsPlayer.exe PID: 7568JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          SourceRuleDescriptionAuthorStrings
          33.2.BtowsPlayer.exe.25327ce.0.raw.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
          • 0x5988c:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
          • 0x5ce22:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
          33.2.BtowsPlayer.exe.25327ce.0.unpackWindows_Trojan_Donutloader_f40e3759unknownunknown
          • 0x57a8c:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49

          System Summary

          barindex
          Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp, ProcessId: 8408, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BtowsPlayer.exe.lnk
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-27T08:32:37.980249+010020355951Domain Observed Used for C2 Detected185.156.175.4321411192.168.11.2049712TCP

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe (copy)ReversingLabs: Detection: 28%
          Source: C:\Users\user\AppData\Roaming\map\is-5L649.tmpReversingLabs: Detection: 28%
          Source: UD3cS4ODWz.exeVirustotal: Detection: 28%Perma Link
          Source: UD3cS4ODWz.exeReversingLabs: Detection: 31%
          Source: UD3cS4ODWz.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: UD3cS4ODWz.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

          Networking

          barindex
          Source: Network trafficSuricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 185.156.175.43:21411 -> 192.168.11.20:49712
          Source: global trafficTCP traffic: 192.168.11.20:49712 -> 185.156.175.43:21411
          Source: Joe Sandbox ViewASN Name: M247GB M247GB
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: unknownTCP traffic detected without corresponding DNS query: 185.156.175.43
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: BtowsPlayer.exe, 00000020.00000003.1379412654.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: BtowsPlayer.exe, 00000020.00000002.2159789938.000000000075A000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000003.1379412654.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
          Source: BtowsPlayer.exe, 00000020.00000002.2159789938.00000000006CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
          Source: BtowsPlayer.exe, 00000020.00000003.1379412654.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://ocsp.digicert.com0A
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://ocsp.digicert.com0C
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://ocsp.digicert.com0X
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: http://ocsp.sectigo.com0
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000003108000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: BtowsPlayer.exe, 00000020.00000003.1389756276.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2159789938.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000003.1609386976.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000003.1379412654.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
          Source: UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000007F50000.00000004.00001000.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000000.1013208383.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-5L649.tmp.4.drString found in binary or memory: http://www.toolwiz.com
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe
          Source: UD3cS4ODWz.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
          Source: BtowsPlayer.exe, 00000020.00000003.1389756276.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2159789938.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000003.1609386976.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000003.1379412654.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
          Source: UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drString found in binary or memory: https://sectigo.com/CPS0
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
          Source: UD3cS4ODWz.exe, 00000000.00000003.909998926.000000007F0FB000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, 00000000.00000003.908097355.0000000002FBF000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000002.00000000.912890113.0000000000F01000.00000020.00000001.01000000.00000004.sdmp, UD3cS4ODWz.tmp, 00000004.00000000.922713799.0000000000A7D000.00000020.00000001.01000000.00000008.sdmp, UD3cS4ODWz.tmp.3.dr, UD3cS4ODWz.tmp.0.drString found in binary or memory: https://www.innosetup.com/
          Source: UD3cS4ODWz.exe, 00000000.00000003.909998926.000000007F0FB000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, 00000000.00000003.908097355.0000000002FBF000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000002.00000000.912890113.0000000000F01000.00000020.00000001.01000000.00000004.sdmp, UD3cS4ODWz.tmp, 00000004.00000000.922713799.0000000000A7D000.00000020.00000001.01000000.00000008.sdmp, UD3cS4ODWz.tmp.3.dr, UD3cS4ODWz.tmp.0.drString found in binary or memory: https://www.remobjects.com/ps

          System Summary

          barindex
          Source: 33.2.BtowsPlayer.exe.25327ce.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
          Source: 33.2.BtowsPlayer.exe.25327ce.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
          Source: 00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
          Source: 33.2.BtowsPlayer.exe.25327ce.0.raw.unpack, ImIFiiaFZW8NwtFyyJ.csLarge array initialization: pnTWmaVul: array initializer size 304704
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB53D032_2_02AB53D0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB5B3032_2_02AB5B30
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB1AF732_2_02AB1AF7
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB4A2032_2_02AB4A20
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB53C032_2_02AB53C0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB1B0832_2_02AB1B08
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB20D032_2_02AB20D0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB20D032_2_02AB20D0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB21AE32_2_02AB21AE
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB219432_2_02AB2194
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB212132_2_02AB2121
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB213632_2_02AB2136
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB210C32_2_02AB210C
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB217A32_2_02AB217A
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB215932_2_02AB2159
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02ABAF8032_2_02ABAF80
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_02AB347832_2_02AB3478
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_051DC00832_2_051DC008
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_051D4E5832_2_051D4E58
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_051D534532_2_051D5345
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_051D6D0032_2_051D6D00
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_051D9CC032_2_051D9CC0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_051DBB5032_2_051DBB50
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053750A032_2_053750A0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_0537004032_2_05370040
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_0537626032_2_05376260
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053AA71032_2_053AA710
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053A1AA032_2_053A1AA0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053A6F0832_2_053A6F08
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053A576032_2_053A5760
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053A8E2832_2_053A8E28
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053AA6FF32_2_053AA6FF
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053AE33032_2_053AE330
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053AE32032_2_053AE320
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053AF2C132_2_053AF2C1
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053C9C3832_2_053C9C38
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053CD7A032_2_053CD7A0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053C9F8032_2_053C9F80
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053CA85032_2_053CA850
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053CFA9132_2_053CFA91
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053CF55732_2_053CF557
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053CF54E32_2_053CF54E
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053C1F6032_2_053C1F60
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053C1F5032_2_053C1F50
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053CD79032_2_053CD790
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053CF63D32_2_053CF63D
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053C001632_2_053C0016
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053C004032_2_053C0040
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053C40A832_2_053C40A8
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053CD0E532_2_053CD0E5
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053CFB6632_2_053CFB66
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_053CFA9A32_2_053CFA9A
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_0253075133_2_02530751
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_02590E0633_2_02590E06
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_0258D6D633_2_0258D6D6
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_025396A333_2_025396A3
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_0258DB0E33_2_0258DB0E
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_0258D30633_2_0258D306
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_0258C41233_2_0258C412
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_0253000033_2_02530000
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_0258E5AE33_2_0258E5AE
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_029C53D033_2_029C53D0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_029C5B3033_2_029C5B30
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_029C1D8033_2_029C1D80
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_029C1AF733_2_029C1AF7
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_029C4A3033_2_029C4A30
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_029C53C033_2_029C53C0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_029C1B0833_2_029C1B08
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_029C48AF33_2_029C48AF
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_029C1D8033_2_029C1D80
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_029CAF8033_2_029CAF80
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_029C45B633_2_029C45B6
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_052AC00833_2_052AC008
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_052A4E5833_2_052A4E58
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_052A534533_2_052A5345
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_052A6D0033_2_052A6D00
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_052A9CC033_2_052A9CC0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_052ABB5033_2_052ABB50
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053750A033_2_053750A0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_0537004033_2_05370040
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_0537626033_2_05376260
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053AA71033_2_053AA710
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053A1AA033_2_053A1AA0
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053A6F0833_2_053A6F08
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053A576033_2_053A5760
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053A8E2833_2_053A8E28
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053AA6FF33_2_053AA6FF
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053AE33033_2_053AE330
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053AE32033_2_053AE320
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053AF2C133_2_053AF2C1
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053C1F6033_2_053C1F60
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053C1F5033_2_053C1F50
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053C001F33_2_053C001F
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053C004033_2_053C0040
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_053C40A833_2_053C40A8
          Source: UD3cS4ODWz.exeStatic PE information: invalid certificate
          Source: UD3cS4ODWz.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
          Source: UD3cS4ODWz.tmp.3.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
          Source: UD3cS4ODWz.tmp.3.drStatic PE information: Number of sections : 11 > 10
          Source: UD3cS4ODWz.tmp.0.drStatic PE information: Number of sections : 11 > 10
          Source: UD3cS4ODWz.exeStatic PE information: Number of sections : 11 > 10
          Source: UD3cS4ODWz.exe, 00000000.00000003.908097355.00000000032BE000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameAudacity.exe vs UD3cS4ODWz.exe
          Source: UD3cS4ODWz.exe, 00000000.00000000.905741541.0000000000719000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileNameAudacity.exe vs UD3cS4ODWz.exe
          Source: UD3cS4ODWz.exe, 00000000.00000003.909998926.000000007F3FA000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileNameAudacity.exe vs UD3cS4ODWz.exe
          Source: UD3cS4ODWz.exeBinary or memory string: OriginalFileNameAudacity.exe vs UD3cS4ODWz.exe
          Source: UD3cS4ODWz.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 33.2.BtowsPlayer.exe.25327ce.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
          Source: 33.2.BtowsPlayer.exe.25327ce.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
          Source: 00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
          Source: 33.2.BtowsPlayer.exe.25327ce.0.raw.unpack, XxHkOWpffRyD2rf8x9.csCryptographic APIs: 'CreateDecryptor'
          Source: 33.2.BtowsPlayer.exe.25327ce.0.raw.unpack, XxHkOWpffRyD2rf8x9.csCryptographic APIs: 'CreateDecryptor'
          Source: 33.2.BtowsPlayer.exe.25327ce.0.raw.unpack, ImIFiiaFZW8NwtFyyJ.csCryptographic APIs: 'CreateDecryptor'
          Source: classification engineClassification label: mal100.spyw.evad.winEXE@55/8@0/1
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_02530E61 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,33_2_02530E61
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpFile created: C:\Users\user\AppData\Roaming\mapJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3340:304:WilStaging_02
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6548:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2964:304:WilStaging_02
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeMutant created: \Sessions\1\BaseNamedObjects\f2d06879d699
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6536:304:WilStaging_02
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6536:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7540:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6548:304:WilStaging_02
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7540:304:WilStaging_02
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3340:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2964:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7284:304:WilStaging_02
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8080:304:WilStaging_02
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8080:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7284:120:WilError_03
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeFile created: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmpJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
          Source: UD3cS4ODWz.exeVirustotal: Detection: 28%
          Source: UD3cS4ODWz.exeReversingLabs: Detection: 31%
          Source: UD3cS4ODWz.exeString found in binary or memory: /LOADINF="filename"
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeFile read: C:\Users\user\Desktop\UD3cS4ODWz.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\UD3cS4ODWz.exe "C:\Users\user\Desktop\UD3cS4ODWz.exe"
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeProcess created: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmp "C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmp" /SL5="$10420,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpProcess created: C:\Users\user\Desktop\UD3cS4ODWz.exe "C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeProcess created: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp "C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp" /SL5="$20420,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 6
          Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe "C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe"
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe "C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe" /auto
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeProcess created: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmp "C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmp" /SL5="$10420,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpProcess created: C:\Users\user\Desktop\UD3cS4ODWz.exe "C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTARTJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeProcess created: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp "C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp" /SL5="$20420,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTARTJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 6 Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"Jump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: winsta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: rstrtmgr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: winsta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: rstrtmgr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: sfc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: sfc_os.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: explorerframe.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: dlnashext.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: wpdshext.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\timeout.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
          Source: BtowsPlayer.exe.lnk.4.drLNK file: ..\..\..\..\..\map\BtowsPlayer.exe
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpWindow found: window name: TMainFormJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: UD3cS4ODWz.exeStatic file information: File size 2792229 > 1048576
          Source: UD3cS4ODWz.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          Source: 33.2.BtowsPlayer.exe.25327ce.0.raw.unpack, XxHkOWpffRyD2rf8x9.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
          Source: UD3cS4ODWz.tmp.3.drStatic PE information: real checksum: 0x0 should be: 0x343bce
          Source: UD3cS4ODWz.tmp.0.drStatic PE information: real checksum: 0x0 should be: 0x343bce
          Source: UD3cS4ODWz.exeStatic PE information: real checksum: 0xff4012 should be: 0x2b3ce1
          Source: is-5L649.tmp.4.drStatic PE information: real checksum: 0xff4012 should be: 0x21a706
          Source: UD3cS4ODWz.exeStatic PE information: section name: .didata
          Source: UD3cS4ODWz.tmp.0.drStatic PE information: section name: .didata
          Source: UD3cS4ODWz.tmp.3.drStatic PE information: section name: .didata
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_051A3605 push eax; retn 0070h32_2_051A3619
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_051AF1D5 pushad ; retf 32_2_051AF1E9
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_051D89B8 push eax; ret 32_2_051D89B9
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_051D8A4A pushfd ; ret 32_2_051D8A51
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_051D9ACA push eax; iretd 32_2_051D9AD1
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 32_2_0537A7BA push eax; iretd 32_2_0537A7C1
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_025377B6 push ebx; retf 33_2_025377BE
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_052A89B8 push eax; ret 33_2_052A89B9
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_052A8A4B pushfd ; ret 33_2_052A8A51
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_052A9ACB push eax; iretd 33_2_052A9AD1
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_0537A7BA push eax; iretd 33_2_0537A7C1
          Source: 33.2.BtowsPlayer.exe.25327ce.0.raw.unpack, XxHkOWpffRyD2rf8x9.csHigh entropy of concatenated method names: 'kM5C10wM8a7nJUq9YQn', 'UMrXMFw6rY39JRAnjo4', 'kQNfG0h0et', 'vh0ry9Sq2v', 'vMdfsjNtiP', 'c1Tf9G3hPh', 'WT5fI1NDIY', 'yWLfLFR0VC', 'kIMNxe4OdN', 'L5YC0OdQI'
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpFile created: C:\Users\user\AppData\Local\Temp\is-48TKQ.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpFile created: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpFile created: C:\Users\user\AppData\Local\Temp\is-SUSJ4.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeFile created: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpJump to dropped file
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeFile created: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpFile created: C:\Users\user\AppData\Roaming\map\is-5L649.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BtowsPlayer.exe.lnkJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BtowsPlayer.exe.lnkJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UD3cS4ODWz.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
          Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
          Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
          Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeMemory allocated: 2A10000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeMemory allocated: 2C00000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeMemory allocated: 2A10000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeMemory allocated: 29C0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeMemory allocated: 2CD0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeMemory allocated: 2A20000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeWindow / User API: threadDelayed 9962Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-48TKQ.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-SUSJ4.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 7444Thread sleep time: -3689348814741908s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe TID: 7576Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: BtowsPlayer.exe, 00000020.00000002.2159789938.00000000006CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^+u
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_02530751 mov edx, dword ptr fs:[00000030h]33_2_02530751
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_02530D11 mov eax, dword ptr fs:[00000030h]33_2_02530D11
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_02531361 mov eax, dword ptr fs:[00000030h]33_2_02531361
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_02531360 mov eax, dword ptr fs:[00000030h]33_2_02531360
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeCode function: 33_2_025310C1 mov eax, dword ptr fs:[00000030h]33_2_025310C1
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmpProcess created: C:\Users\user\Desktop\UD3cS4ODWz.exe "C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTARTJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"Jump to behavior
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002F7B000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2164572415.0000000003013000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2164572415.000000000305F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000007F50000.00000004.00001000.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000000.1013208383.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-5L649.tmp.4.drBinary or memory string: ProgMan
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000003013000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2164572415.000000000305F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTeTr
          Source: UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000007F50000.00000004.00001000.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000000.1013208383.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-5L649.tmp.4.drBinary or memory string: ProgManU
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002FC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTeTr
          Source: BtowsPlayer.exe, 00000020.00000002.2178062651.0000000007142000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000003.1619375312.0000000007141000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002F7B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager*
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: find.exe, 00000017.00000002.1006007981.0000023D0F620000.00000004.00000020.00020000.00000000.sdmp, find.exe, 00000017.00000002.1006063895.0000023D0F68B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgui.exe
          Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002F25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002F25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $Tr4C:\Users\user\AppData\Roaming\Exodus\exodus.wallet@\Tr com.liberty.jaxx
          Source: BtowsPlayer.exe, 00000020.00000003.1389756276.000000000076E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet8
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002F25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $Tr1C:\Users\user\AppData\Roaming\Ethereum\keystore
          Source: BtowsPlayer.exe, 00000020.00000003.1389756276.000000000076E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet8
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002F25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
          Source: BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002F25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: keystore
          Source: C:\Users\user\AppData\Roaming\map\BtowsPlayer.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
          Source: Yara matchFile source: 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: BtowsPlayer.exe PID: 2640, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: BtowsPlayer.exe PID: 7568, type: MEMORYSTR
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts321
          Windows Management Instrumentation
          2
          Registry Run Keys / Startup Folder
          12
          Process Injection
          1
          Masquerading
          OS Credential Dumping531
          Security Software Discovery
          Remote Services11
          Archive Collected Data
          1
          Encrypted Channel
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts2
          Command and Scripting Interpreter
          1
          DLL Side-Loading
          2
          Registry Run Keys / Startup Folder
          1
          Disable or Modify Tools
          LSASS Memory341
          Virtualization/Sandbox Evasion
          Remote Desktop Protocol1
          Data from Local System
          1
          Non-Standard Port
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading
          341
          Virtualization/Sandbox Evasion
          Security Account Manager4
          Process Discovery
          SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
          Process Injection
          NTDS1
          Application Window Discovery
          Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information
          LSA Secrets2
          System Owner/User Discovery
          SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Obfuscated Files or Information
          Cached Domain Credentials1
          File and Directory Discovery
          VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Software Packing
          DCSync23
          System Information Discovery
          Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading
          Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1581188 Sample: UD3cS4ODWz.exe Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 66 Suricata IDS alerts for network traffic 2->66 68 Malicious sample detected (through community Yara rule) 2->68 70 Multi AV Scanner detection for dropped file 2->70 72 3 other signatures 2->72 10 UD3cS4ODWz.exe 2 2->10         started        13 BtowsPlayer.exe 3 2->13         started        process3 file4 60 C:\Users\user\AppData\...\UD3cS4ODWz.tmp, PE32 10->60 dropped 15 UD3cS4ODWz.tmp 3 4 10->15         started        process5 file6 62 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 15->62 dropped 18 UD3cS4ODWz.exe 2 15->18         started        process7 file8 52 C:\Users\user\AppData\...\UD3cS4ODWz.tmp, PE32 18->52 dropped 21 UD3cS4ODWz.tmp 5 7 18->21         started        process9 file10 54 C:\Users\user\AppData\...\is-5L649.tmp, PE32 21->54 dropped 56 C:\Users\user\...\BtowsPlayer.exe (copy), PE32 21->56 dropped 58 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 21->58 dropped 24 BtowsPlayer.exe 2 21->24         started        28 cmd.exe 1 21->28         started        30 cmd.exe 1 21->30         started        32 5 other processes 21->32 process11 dnsIp12 64 185.156.175.43, 21411, 49712 M247GB Romania 24->64 74 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 24->74 76 Found many strings related to Crypto-Wallets (likely being stolen) 24->76 78 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 24->78 80 Tries to harvest and steal Bitcoin Wallet information 24->80 82 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 28->82 84 Queries memory information (via WMI often done to detect virtual machines) 28->84 34 conhost.exe 28->34         started        36 tasklist.exe 1 28->36         started        38 find.exe 1 28->38         started        40 conhost.exe 30->40         started        48 2 other processes 30->48 42 conhost.exe 32->42         started        44 conhost.exe 32->44         started        46 conhost.exe 32->46         started        50 10 other processes 32->50 signatures13 process14

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          UD3cS4ODWz.exe29%VirustotalBrowse
          UD3cS4ODWz.exe32%ReversingLabsWin32.Backdoor.Redcap
          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-48TKQ.tmp\_isetup\_setup64.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-SUSJ4.tmp\_isetup\_setup64.tmp0%ReversingLabs
          C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe (copy)29%ReversingLabs
          C:\Users\user\AppData\Roaming\map\is-5L649.tmp29%ReversingLabs
          No Antivirus matches
          No Antivirus matches
          SourceDetectionScannerLabelLink
          https://www.remobjects.com/ps0%Avira URL Cloudsafe
          https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU0%Avira URL Cloudsafe
          https://www.innosetup.com/0%Avira URL Cloudsafe
          http://www.toolwiz.com0%Avira URL Cloudsafe
          No contacted domains info
          NameSourceMaliciousAntivirus DetectionReputation
          https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUUD3cS4ODWz.exefalse
          • Avira URL Cloud: safe
          unknown
          https://sectigo.com/CPS0UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drfalse
            high
            https://stackoverflow.com/q/14436606/23354BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpfalse
              high
              http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yUD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drfalse
                high
                http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drfalse
                  high
                  http://ocsp.sectigo.com0UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drfalse
                    high
                    https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dllBtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      https://stackoverflow.com/q/2152978/23354rCannotBtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        https://www.remobjects.com/psUD3cS4ODWz.exe, 00000000.00000003.909998926.000000007F0FB000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, 00000000.00000003.908097355.0000000002FBF000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000002.00000000.912890113.0000000000F01000.00000020.00000001.01000000.00000004.sdmp, UD3cS4ODWz.tmp, 00000004.00000000.922713799.0000000000A7D000.00000020.00000001.01000000.00000008.sdmp, UD3cS4ODWz.tmp.3.dr, UD3cS4ODWz.tmp.0.drfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://stackoverflow.com/q/11564914/23354;BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          http://www.toolwiz.comUD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000007F50000.00000004.00001000.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000000.1013208383.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, is-5L649.tmp.4.drfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exeBtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exeBtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://www.innosetup.com/UD3cS4ODWz.exe, 00000000.00000003.909998926.000000007F0FB000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, 00000000.00000003.908097355.0000000002FBF000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000002.00000000.912890113.0000000000F01000.00000020.00000001.01000000.00000004.sdmp, UD3cS4ODWz.tmp, 00000004.00000000.922713799.0000000000A7D000.00000020.00000001.01000000.00000008.sdmp, UD3cS4ODWz.tmp.3.dr, UD3cS4ODWz.tmp.0.drfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drfalse
                                high
                                http://www.quovadis.bm0BtowsPlayer.exe, 00000020.00000003.1389756276.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2159789938.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000003.1609386976.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000003.1379412654.0000000000747000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#UD3cS4ODWz.tmp, 00000004.00000002.1024308818.0000000000EED000.00000004.00000010.00020000.00000000.sdmp, UD3cS4ODWz.tmp, 00000004.00000003.1014857878.0000000008160000.00000004.00001000.00020000.00000000.sdmp, UD3cS4ODWz.exe, is-5L649.tmp.4.drfalse
                                    high
                                    https://ocsp.quovadisoffshore.com0BtowsPlayer.exe, 00000020.00000003.1389756276.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2159789938.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000003.1609386976.0000000000760000.00000004.00000020.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000003.1379412654.0000000000747000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameBtowsPlayer.exe, 00000020.00000002.2164572415.0000000003108000.00000004.00000800.00020000.00000000.sdmp, BtowsPlayer.exe, 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs
                                        IPDomainCountryFlagASNASN NameMalicious
                                        185.156.175.43
                                        unknownRomania
                                        9009M247GBtrue
                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1581188
                                        Start date and time:2024-12-27 08:28:26 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 11m 38s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                        Run name:Suspected VM Detection
                                        Number of analysed new started processes analysed:43
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:UD3cS4ODWz.exe
                                        Detection:MAL
                                        Classification:mal100.spyw.evad.winEXE@55/8@0/1
                                        EGA Information:
                                        • Successful, ratio: 50%
                                        HCA Information:
                                        • Successful, ratio: 88%
                                        • Number of executed functions: 428
                                        • Number of non-executed functions: 35
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe
                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 23.219.82.72, 23.51.58.94
                                        • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ctldl.windowsupdate.com, c.pki.goog
                                        • Execution Graph export aborted for target BtowsPlayer.exe, PID 2640 because it is empty
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                        • Report size getting too big, too many NtOpenFile calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                        TimeTypeDescription
                                        02:32:37API Interceptor2248489x Sleep call for process: BtowsPlayer.exe modified
                                        08:32:17AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BtowsPlayer.exe.lnk
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        185.156.175.43nXNMsYXFFc.exeGet hashmaliciousUnknownBrowse
                                          nXNMsYXFFc.exeGet hashmaliciousUnknownBrowse
                                            No context
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            M247GBnXNMsYXFFc.exeGet hashmaliciousUnknownBrowse
                                            • 185.156.175.43
                                            nXNMsYXFFc.exeGet hashmaliciousUnknownBrowse
                                            • 185.156.175.43
                                            ub8ehJSePAfc9FYqZIT6.arm6.elfGet hashmaliciousUnknownBrowse
                                            • 92.118.56.167
                                            ub8ehJSePAfc9FYqZIT6.arm7.elfGet hashmaliciousMiraiBrowse
                                            • 92.118.56.167
                                            ub8ehJSePAfc9FYqZIT6.x86_64.elfGet hashmaliciousUnknownBrowse
                                            • 92.118.56.167
                                            ub8ehJSePAfc9FYqZIT6.ppc.elfGet hashmaliciousUnknownBrowse
                                            • 92.118.56.167
                                            ub8ehJSePAfc9FYqZIT6.mips.elfGet hashmaliciousUnknownBrowse
                                            • 92.118.56.167
                                            ub8ehJSePAfc9FYqZIT6.mpsl.elfGet hashmaliciousUnknownBrowse
                                            • 92.118.56.167
                                            ub8ehJSePAfc9FYqZIT6.arm.elfGet hashmaliciousMiraiBrowse
                                            • 92.118.56.167
                                            No context
                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            C:\Users\user\AppData\Local\Temp\is-48TKQ.tmp\_isetup\_setup64.tmpSetup64v7.3.9.exeGet hashmaliciousUnknownBrowse
                                              Setup64v4.1.9.exeGet hashmaliciousUnknownBrowse
                                                Setup64v7.3.9.exeGet hashmaliciousUnknownBrowse
                                                  Setup64v4.1.9.exeGet hashmaliciousUnknownBrowse
                                                    Set-up.exeGet hashmaliciousLummaCBrowse
                                                      setup.exeGet hashmaliciousLummaCBrowse
                                                        SET_UP.exeGet hashmaliciousLummaCBrowse
                                                          GLD6WIS3RXG4KKYJLK.exeGet hashmaliciousUnknownBrowse
                                                            #U5b89#U88c5#U7a0b#U5e8f_2.1.0.exeGet hashmaliciousUnknownBrowse
                                                              Process:C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe
                                                              File Type:CSV text
                                                              Category:dropped
                                                              Size (bytes):621
                                                              Entropy (8bit):5.377356241257864
                                                              Encrypted:false
                                                              SSDEEP:12:Q3La/KDLI4MWuPtXR5fOKbbDLI4MWuPJKMsDbKhayoDLI4MWuPrD7piv:ML9E4K1BIKDE4KhKMaKhRAE4KzDq
                                                              MD5:7A42EC729A6DDE2C16FF972545CE8F1B
                                                              SHA1:9A9697835C3D74A36B157366131C3E2C4FA9C806
                                                              SHA-256:E951D25FEF1CDE931D249DFCCA65A45544FEE8BBF2FAE2A73C1476BC2CFC8284
                                                              SHA-512:EC3F4152195DFF1A8ECF18C0773D74EB896C18AA8EC40AD643F188374F0E656F22536EC7424CC3A9B4B5BE6CADD61BD3A34221499ED0C8D6A18C735119218D3F
                                                              Malicious:false
                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10879c5bddb2dd2399e2098d5ca5c9d1\System.Xml.ni.dll",0..
                                                              Process:C:\Users\user\Desktop\UD3cS4ODWz.exe
                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):3366912
                                                              Entropy (8bit):6.5305503944980385
                                                              Encrypted:false
                                                              SSDEEP:98304:nJYVM+LtVt3P/KuG2ONG9iqLRQE9333T:2VL/tnHGYiql5F
                                                              MD5:EAA27C4A436F9109F95EF7D65AA446D5
                                                              SHA1:720AB6FE8D758480E6B3E7580AB1D80A96FFB690
                                                              SHA-256:3E1DE3F71AE4967690733BC872DBE79198E470FB0E6A364B653DC5C8E601A8AD
                                                              SHA-512:E73903102B78F268910FEDBFF59CD8B145A69F0DF7F1D89615EF7FE7D0A819357C468C990BB337469B283D50EB2B0571B78D7790942E0706704FFAA388BB3853
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04...........@......@...................P,.n.....,.j:...P0.......................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc........P0......./.............@..@.............04......`3.............@..@................
                                                              Process:C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp
                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):6144
                                                              Entropy (8bit):4.720366600008286
                                                              Encrypted:false
                                                              SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                              MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                              SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                              SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                              SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Joe Sandbox View:
                                                              • Filename: Setup64v7.3.9.exe, Detection: malicious, Browse
                                                              • Filename: Setup64v4.1.9.exe, Detection: malicious, Browse
                                                              • Filename: Setup64v7.3.9.exe, Detection: malicious, Browse
                                                              • Filename: Setup64v4.1.9.exe, Detection: malicious, Browse
                                                              • Filename: Set-up.exe, Detection: malicious, Browse
                                                              • Filename: setup.exe, Detection: malicious, Browse
                                                              • Filename: SET_UP.exe, Detection: malicious, Browse
                                                              • Filename: GLD6WIS3RXG4KKYJLK.exe, Detection: malicious, Browse
                                                              • Filename: #U5b89#U88c5#U7a0b#U5e8f_2.1.0.exe, Detection: malicious, Browse
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Users\user\Desktop\UD3cS4ODWz.exe
                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):3366912
                                                              Entropy (8bit):6.5305503944980385
                                                              Encrypted:false
                                                              SSDEEP:98304:nJYVM+LtVt3P/KuG2ONG9iqLRQE9333T:2VL/tnHGYiql5F
                                                              MD5:EAA27C4A436F9109F95EF7D65AA446D5
                                                              SHA1:720AB6FE8D758480E6B3E7580AB1D80A96FFB690
                                                              SHA-256:3E1DE3F71AE4967690733BC872DBE79198E470FB0E6A364B653DC5C8E601A8AD
                                                              SHA-512:E73903102B78F268910FEDBFF59CD8B145A69F0DF7F1D89615EF7FE7D0A819357C468C990BB337469B283D50EB2B0571B78D7790942E0706704FFAA388BB3853
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04...........@......@...................P,.n.....,.j:...P0.......................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc........P0......./.............@..@.............04......`3.............@..@................
                                                              Process:C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmp
                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):6144
                                                              Entropy (8bit):4.720366600008286
                                                              Encrypted:false
                                                              SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                              MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                              SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                              SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                              SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                              Malicious:false
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................
                                                              Process:C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp
                                                              File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Has command line arguments, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                              Category:dropped
                                                              Size (bytes):1000
                                                              Entropy (8bit):3.108382960694162
                                                              Encrypted:false
                                                              SSDEEP:12:8Ql0ksXUCV/tz0/CSLS/5nESel9t9ZMJcclCNfBf4t2YCBTo8:8DrWLNfnfOy9jJT
                                                              MD5:FA61895054604275CE27DBB3AD74EA4E
                                                              SHA1:B330CC87BBB7C8A8B8DF5314B75A4DDD9974AB76
                                                              SHA-256:40A2FD8ED88EDECFBC7A25CE0A99371DD12019278FAE80591DE9BF7BBC377562
                                                              SHA-512:C395E02D5CFF70DDB738A83133469EE4F02B30E54927175098D38B22BD7F6362C88CCB8DD6523DFA6E17580D3959590CCE8CBAF6D7FF0994D527F9A1808C24AC
                                                              Malicious:false
                                                              Preview:L..................F........................................................7....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................A.r.t.h.u.r.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....J.1...........map.8............................................m.a.p.....n.2...........BtowsPlayer.exe.P............................................B.t.o.w.s.P.l.a.y.e.r...e.x.e.......".....\.....\.....\.....\.....\.m.a.p.\.B.t.o.w.s.P.l.a.y.e.r...e.x.e.#.C.:.\.U.s.e.r.s.\.A.r.t.h.u.r.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.m.a.p.../.a.u.t.o.............}.............>.e.L.:..er.=}...............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.4.2.5.3.1.6.5.6.7.-.2.9.6.9.5.8.8.3.8.2.-.3.7.7.8.2.2.2.4.1.4.-.1.0.0.1.................
                                                              Process:C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp
                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):2174904
                                                              Entropy (8bit):7.156429765941512
                                                              Encrypted:false
                                                              SSDEEP:49152:4uG6knvVDK8YcrWaCyqp1uw/0L5QiHzROaBoKxcMH:LG6knvVe8Yzacp50Lx5BoYc8
                                                              MD5:BE2EDCF02F80B8D9AB65724911E3F2E6
                                                              SHA1:AD9A05DDEE4F70214BFAE228F6A974924BCB2F90
                                                              SHA-256:3DF79F238F056CABC4083C1970B1BC5F2E7E6200C364C0D542B484BE20A08E73
                                                              SHA-512:950A60D17EFEBE1B61F96BE5E4947D128C15D812E2E895F4D3D1D1EF5607B5931C7919696AC71C4FD7160C3DCB9F0FA724B0AE0D42B8DB3CB6E8B6D171A0A61E
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................v...h....................@...........................!......@...........@..............................^)....................!..+...@..<............................0......................................................CODE.....u.......v.................. ..`DATA.....6.......8...z..............@...BSS.....!................................idata..^).......*..................@....tls......... ...........................rdata.......0......................@..P.reloc..<....@......................@..P.rsrc...............................@..P.............`......................@..P........................................................................................................................................
                                                              Process:C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp
                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Category:dropped
                                                              Size (bytes):2174904
                                                              Entropy (8bit):7.156429765941512
                                                              Encrypted:false
                                                              SSDEEP:49152:4uG6knvVDK8YcrWaCyqp1uw/0L5QiHzROaBoKxcMH:LG6knvVe8Yzacp50Lx5BoYc8
                                                              MD5:BE2EDCF02F80B8D9AB65724911E3F2E6
                                                              SHA1:AD9A05DDEE4F70214BFAE228F6A974924BCB2F90
                                                              SHA-256:3DF79F238F056CABC4083C1970B1BC5F2E7E6200C364C0D542B484BE20A08E73
                                                              SHA-512:950A60D17EFEBE1B61F96BE5E4947D128C15D812E2E895F4D3D1D1EF5607B5931C7919696AC71C4FD7160C3DCB9F0FA724B0AE0D42B8DB3CB6E8B6D171A0A61E
                                                              Malicious:true
                                                              Antivirus:
                                                              • Antivirus: ReversingLabs, Detection: 29%
                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................v...h....................@...........................!......@...........@..............................^)....................!..+...@..<............................0......................................................CODE.....u.......v.................. ..`DATA.....6.......8...z..............@...BSS.....!................................idata..^).......*..................@....tls......... ...........................rdata.......0......................@..P.reloc..<....@......................@..P.rsrc...............................@..P.............`......................@..P........................................................................................................................................
                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                              Entropy (8bit):7.75876924143709
                                                              TrID:
                                                              • Win32 Executable (generic) a (10002005/4) 98.04%
                                                              • Inno Setup installer (109748/4) 1.08%
                                                              • InstallShield setup (43055/19) 0.42%
                                                              • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                              • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                              File name:UD3cS4ODWz.exe
                                                              File size:2'792'229 bytes
                                                              MD5:7c9544661439af4f0fd2e7e4387d958d
                                                              SHA1:ecd31f6616df136c73a5ec19f048b067aaa32b1d
                                                              SHA256:1b937ace633e36eee5d6488c64b8945ffd48d8750a0af60143da86ce0cbf5a8b
                                                              SHA512:aa27d8d779c6f0200ffd8cfbb6133d6ae324f27f93fa513ec87f03353f9f50c66889b578ba43778497f11e3e75be932953b6f988e0aaf3cca65357c93b22546a
                                                              SSDEEP:49152:ZwREDDMQFMwJz0/JPNqDBouB3ftiaOXziJD+QzMm1RBoBVtYHqg8MH:ZwREEGzYVABouB3FMi9+Q4m1PQKqX8
                                                              TLSH:70D5E123F2CBE43EE05D0B3B05B2A25494FBAA616422BD5396ECB4ECCE751501D3E647
                                                              File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................
                                                              Icon Hash:0c0c2d33ceec80aa
                                                              Entrypoint:0x4a83bc
                                                              Entrypoint Section:.itext
                                                              Digitally signed:true
                                                              Imagebase:0x400000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x6690DABD [Fri Jul 12 07:26:53 2024 UTC]
                                                              TLS Callbacks:
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:1
                                                              File Version Major:6
                                                              File Version Minor:1
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:1
                                                              Import Hash:40ab50289f7ef5fae60801f88d4541fc
                                                              Signature Valid:false
                                                              Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                              Signature Validation Error:The digital signature of the object did not verify
                                                              Error Number:-2146869232
                                                              Not Before, Not After
                                                              • 21/04/2022 02:00:00 21/04/2025 01:59:59
                                                              Subject Chain
                                                              • CN=Musecy SM Ltd., O=Musecy SM Ltd., S=Lemesos, C=CY
                                                              Version:3
                                                              Thumbprint MD5:BD369706380B543F3116644C27E8A343
                                                              Thumbprint SHA-1:2162556B51EFF0F55949EEDD6D0B270E412C27B0
                                                              Thumbprint SHA-256:90FD858CBC4F0C292C17D50C323FD0B5704D87EFD7DB4B80AF74D76CCAE868E7
                                                              Serial:00C134B2A3AE7F9BD5A260DC5FCC04087C
                                                              Instruction
                                                              push ebp
                                                              mov ebp, esp
                                                              add esp, FFFFFFA4h
                                                              push ebx
                                                              push esi
                                                              push edi
                                                              xor eax, eax
                                                              mov dword ptr [ebp-3Ch], eax
                                                              mov dword ptr [ebp-40h], eax
                                                              mov dword ptr [ebp-5Ch], eax
                                                              mov dword ptr [ebp-30h], eax
                                                              mov dword ptr [ebp-38h], eax
                                                              mov dword ptr [ebp-34h], eax
                                                              mov dword ptr [ebp-2Ch], eax
                                                              mov dword ptr [ebp-28h], eax
                                                              mov dword ptr [ebp-14h], eax
                                                              mov eax, 004A2EBCh
                                                              call 00007FA8BD05FB25h
                                                              xor eax, eax
                                                              push ebp
                                                              push 004A8AC1h
                                                              push dword ptr fs:[eax]
                                                              mov dword ptr fs:[eax], esp
                                                              xor edx, edx
                                                              push ebp
                                                              push 004A8A7Bh
                                                              push dword ptr fs:[edx]
                                                              mov dword ptr fs:[edx], esp
                                                              mov eax, dword ptr [004B0634h]
                                                              call 00007FA8BD0F14ABh
                                                              call 00007FA8BD0F0FFEh
                                                              lea edx, dword ptr [ebp-14h]
                                                              xor eax, eax
                                                              call 00007FA8BD0EBCD8h
                                                              mov edx, dword ptr [ebp-14h]
                                                              mov eax, 004B41F4h
                                                              call 00007FA8BD059BD3h
                                                              push 00000002h
                                                              push 00000000h
                                                              push 00000001h
                                                              mov ecx, dword ptr [004B41F4h]
                                                              mov dl, 01h
                                                              mov eax, dword ptr [0049CD14h]
                                                              call 00007FA8BD0ED003h
                                                              mov dword ptr [004B41F8h], eax
                                                              xor edx, edx
                                                              push ebp
                                                              push 004A8A27h
                                                              push dword ptr fs:[edx]
                                                              mov dword ptr fs:[edx], esp
                                                              call 00007FA8BD0F1533h
                                                              mov dword ptr [004B4200h], eax
                                                              mov eax, dword ptr [004B4200h]
                                                              cmp dword ptr [eax+0Ch], 01h
                                                              jne 00007FA8BD0F821Ah
                                                              mov eax, dword ptr [004B4200h]
                                                              mov edx, 00000028h
                                                              call 00007FA8BD0ED8F8h
                                                              mov edx, dword ptr [004B4200h]
                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0xb70000x71.edata
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xb50000xfec.idata
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xcb0000x11000.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x2a6f6d0x2bb8
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xba0000x10fa8.reloc
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0xb90000x18.rdata
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0xb52d40x25c.idata
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xb60000x1a4.didata
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000xa568c0xa5800b889d302f6fc48a904de33d8d947ae80False0.3620185045317221data6.377190161826806IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .itext0xa70000x1b640x1c00588dd0a8ab499300d3701cbd11b017d9False0.548828125data6.109264411030635IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .data0xa90000x38380x3a005c0c76e77aef52ebc6702430837ccb6eFalse0.35338092672413796data4.95916338709992IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .bss0xad0000x72580x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .idata0xb50000xfec0x1000627340dff539ef99048969aa4824fb2dFalse0.380615234375data5.020404933181373IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .didata0xb60000x1a40x200fd11c1109737963cc6cb7258063abfd6False0.34765625data2.729290535217263IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .edata0xb70000x710x2007de8ca0c7a61668a728fd3a88dc0942dFalse0.1796875data1.305578535725827IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .tls0xb80000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .rdata0xb90000x5d0x200d84006640084dc9f74a07c2ff9c7d656False0.189453125data1.3892750148744617IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .reloc0xba0000x10fa80x11000a85fda2741bd9417695daa5fc5a9d7a5False0.5789579503676471data6.709466460182023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                              .rsrc0xcb0000x110000x11000dfc2f667184e2d8e1a93cfcccecc3510False0.18793083639705882data3.7219048892773863IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0xcb6780xa68Device independent bitmap graphic, 64 x 128 x 4, image size 2048EnglishUnited States0.1174924924924925
                                                              RT_ICON0xcc0e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.15792682926829268
                                                              RT_ICON0xcc7480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.23387096774193547
                                                              RT_ICON0xcca300x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.39864864864864863
                                                              RT_ICON0xccb580x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colorsEnglishUnited States0.08339210155148095
                                                              RT_ICON0xce1800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.1023454157782516
                                                              RT_ICON0xcf0280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.10649819494584838
                                                              RT_ICON0xcf8d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.10838150289017341
                                                              RT_ICON0xcfe380x12e5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8712011577424024
                                                              RT_ICON0xd11200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.05668398677373642
                                                              RT_ICON0xd53480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.08475103734439834
                                                              RT_ICON0xd78f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.09920262664165103
                                                              RT_ICON0xd89980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2047872340425532
                                                              RT_STRING0xd8e000x3f8data0.3198818897637795
                                                              RT_STRING0xd91f80x2dcdata0.36475409836065575
                                                              RT_STRING0xd94d40x430data0.40578358208955223
                                                              RT_STRING0xd99040x44cdata0.38636363636363635
                                                              RT_STRING0xd9d500x2d4data0.39226519337016574
                                                              RT_STRING0xda0240xb8data0.6467391304347826
                                                              RT_STRING0xda0dc0x9cdata0.6410256410256411
                                                              RT_STRING0xda1780x374data0.4230769230769231
                                                              RT_STRING0xda4ec0x398data0.3358695652173913
                                                              RT_STRING0xda8840x368data0.3795871559633027
                                                              RT_STRING0xdabec0x2a4data0.4275147928994083
                                                              RT_RCDATA0xdae900x10data1.5
                                                              RT_RCDATA0xdaea00x310data0.6173469387755102
                                                              RT_RCDATA0xdb1b00x2cdata1.2045454545454546
                                                              RT_GROUP_ICON0xdb1dc0xbcdataEnglishUnited States0.6170212765957447
                                                              RT_VERSION0xdb2980x584dataEnglishUnited States0.2896600566572238
                                                              RT_MANIFEST0xdb81c0x7a8XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3377551020408163
                                                              DLLImport
                                                              kernel32.dllGetACP, GetExitCodeProcess, CloseHandle, LocalFree, SizeofResource, VirtualProtect, QueryPerformanceFrequency, VirtualFree, GetFullPathNameW, GetProcessHeap, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVolumeInformationW, GetVersion, GetDriveTypeW, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetCommandLineW, GetSystemInfo, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, LCMapStringW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                              comctl32.dllInitCommonControls
                                                              user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                              oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                              advapi32.dllConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, AdjustTokenPrivileges, LookupPrivilegeValueW, RegOpenKeyExW, OpenProcessToken, FreeSid, AllocateAndInitializeSid, EqualSid, RegQueryValueExW, GetTokenInformation, ConvertSidToStringSidW, RegCloseKey
                                                              NameOrdinalAddress
                                                              __dbk_fcall_wrapper20x40fc10
                                                              dbkFCallWrapperAddr10x4b063c
                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishUnited States
                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                              2024-12-27T08:32:37.980249+01002035595ET MALWARE Generic AsyncRAT Style SSL Cert1185.156.175.4321411192.168.11.2049712TCP
                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Dec 27, 2024 08:32:36.836736917 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:32:37.113913059 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:32:37.114154100 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:32:37.115941048 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:32:37.397044897 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:32:37.397228003 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:32:37.690464973 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:32:37.690704107 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:32:37.690927982 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:32:37.695857048 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:32:37.980248928 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:32:38.032008886 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:32:40.897352934 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:32:41.217578888 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:32:41.217797995 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:32:41.539203882 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:01.752186060 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:02.073839903 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:02.074042082 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:02.355894089 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:02.401618958 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:02.680344105 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:02.729593039 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:02.821326971 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:03.139492035 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:03.139749050 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:03.406527996 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:03.417649984 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:03.417834997 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:24.754077911 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:25.075953007 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:25.076132059 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:25.354734898 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:25.396470070 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:25.674998999 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:25.689627886 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:26.010915041 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:26.011046886 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:26.331011057 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:29.417006969 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:29.458080053 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:29.738548040 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:29.786081076 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:47.682784081 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:48.005506039 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:48.005740881 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:48.286220074 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:48.328814030 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:48.609494925 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:48.611190081 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:49.016212940 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:49.422338963 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:49.701028109 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:55.428833008 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:55.483571053 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:55.763403893 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:55.811737061 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:33:56.177736998 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:33:56.177990913 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:10.694855928 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:11.025976896 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:34:11.026201963 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:11.307714939 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:34:11.354996920 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:11.633989096 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:34:11.635864019 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:11.958789110 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:34:11.958941936 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:12.280637026 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:34:21.440615892 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:34:21.493304968 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:21.566960096 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:21.774429083 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:34:21.774668932 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:21.888319016 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:34:22.055039883 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:34:22.102581978 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:22.382195950 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:34:22.383009911 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:22.705539942 CET2141149712185.156.175.43192.168.11.20
                                                              Dec 27, 2024 08:34:22.705678940 CET4971221411192.168.11.20185.156.175.43
                                                              Dec 27, 2024 08:34:23.040090084 CET2141149712185.156.175.43192.168.11.20

                                                              Click to jump to process

                                                              Click to jump to process

                                                              Click to dive into process behavior distribution

                                                              Click to jump to process

                                                              Target ID:0
                                                              Start time:02:32:13
                                                              Start date:27/12/2024
                                                              Path:C:\Users\user\Desktop\UD3cS4ODWz.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\UD3cS4ODWz.exe"
                                                              Imagebase:0x660000
                                                              File size:2'792'229 bytes
                                                              MD5 hash:7C9544661439AF4F0FD2E7E4387D958D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:Borland Delphi
                                                              Reputation:low
                                                              Has exited:true

                                                              Target ID:2
                                                              Start time:02:32:14
                                                              Start date:27/12/2024
                                                              Path:C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmp
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\AppData\Local\Temp\is-AH6TI.tmp\UD3cS4ODWz.tmp" /SL5="$10420,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe"
                                                              Imagebase:0xf00000
                                                              File size:3'366'912 bytes
                                                              MD5 hash:EAA27C4A436F9109F95EF7D65AA446D5
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:Borland Delphi
                                                              Antivirus matches:
                                                              • Detection: 0%, ReversingLabs
                                                              Reputation:low
                                                              Has exited:true

                                                              Target ID:3
                                                              Start time:02:32:14
                                                              Start date:27/12/2024
                                                              Path:C:\Users\user\Desktop\UD3cS4ODWz.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART
                                                              Imagebase:0x660000
                                                              File size:2'792'229 bytes
                                                              MD5 hash:7C9544661439AF4F0FD2E7E4387D958D
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:Borland Delphi
                                                              Reputation:low
                                                              Has exited:true

                                                              Target ID:4
                                                              Start time:02:32:15
                                                              Start date:27/12/2024
                                                              Path:C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\AppData\Local\Temp\is-199GM.tmp\UD3cS4ODWz.tmp" /SL5="$20420,1833127,845824,C:\Users\user\Desktop\UD3cS4ODWz.exe" /VERYSILENT /NORESTART
                                                              Imagebase:0x800000
                                                              File size:3'366'912 bytes
                                                              MD5 hash:EAA27C4A436F9109F95EF7D65AA446D5
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:Borland Delphi
                                                              Antivirus matches:
                                                              • Detection: 0%, ReversingLabs
                                                              Reputation:low
                                                              Has exited:true

                                                              Target ID:5
                                                              Start time:02:32:16
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\timeout.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"timeout" 6
                                                              Imagebase:0x7ff681330000
                                                              File size:32'768 bytes
                                                              MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              Target ID:6
                                                              Start time:02:32:16
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6495e0000
                                                              File size:875'008 bytes
                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Target ID:7
                                                              Start time:02:32:22
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                              Imagebase:0x7ff6ce780000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Target ID:8
                                                              Start time:02:32:22
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff627390000
                                                              File size:875'008 bytes
                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:high
                                                              Has exited:true

                                                              Target ID:9
                                                              Start time:02:32:22
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\tasklist.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                              Imagebase:0x7ff6c4050000
                                                              File size:106'496 bytes
                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              Target ID:10
                                                              Start time:02:32:22
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\find.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:find /I "wrsa.exe"
                                                              Imagebase:0x7ff69db30000
                                                              File size:17'920 bytes
                                                              MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:true

                                                              Target ID:11
                                                              Start time:02:32:22
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                              Imagebase:0x7ff6ce780000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:12
                                                              Start time:02:32:22
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6495e0000
                                                              File size:875'008 bytes
                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:13
                                                              Start time:02:32:22
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\tasklist.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                              Imagebase:0x7ff6c4050000
                                                              File size:106'496 bytes
                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:14
                                                              Start time:02:32:22
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\find.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:find /I "opssvc.exe"
                                                              Imagebase:0x7ff69db30000
                                                              File size:17'920 bytes
                                                              MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:15
                                                              Start time:02:32:22
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                              Imagebase:0x7ff6ce780000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:17
                                                              Start time:02:32:22
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6495e0000
                                                              File size:875'008 bytes
                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:18
                                                              Start time:02:32:22
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\tasklist.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                              Imagebase:0x7ff6c4050000
                                                              File size:106'496 bytes
                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:19
                                                              Start time:02:32:23
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\find.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:find /I "avastui.exe"
                                                              Imagebase:0x7ff69db30000
                                                              File size:17'920 bytes
                                                              MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:20
                                                              Start time:02:32:23
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                              Imagebase:0x7ff6ce780000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:21
                                                              Start time:02:32:23
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6495e0000
                                                              File size:875'008 bytes
                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:22
                                                              Start time:02:32:23
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\tasklist.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                              Imagebase:0x7ff6c4050000
                                                              File size:106'496 bytes
                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:23
                                                              Start time:02:32:23
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\find.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:find /I "avgui.exe"
                                                              Imagebase:0x7ff69db30000
                                                              File size:17'920 bytes
                                                              MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:24
                                                              Start time:02:32:23
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                              Imagebase:0x7ff6ce780000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:25
                                                              Start time:02:32:23
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6495e0000
                                                              File size:875'008 bytes
                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:26
                                                              Start time:02:32:23
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\tasklist.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                              Imagebase:0x7ff6c4050000
                                                              File size:106'496 bytes
                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:27
                                                              Start time:02:32:23
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\find.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:find /I "nswscsvc.exe"
                                                              Imagebase:0x7ff69db30000
                                                              File size:17'920 bytes
                                                              MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:28
                                                              Start time:02:32:23
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\cmd.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                              Imagebase:0x7ff6ce780000
                                                              File size:289'792 bytes
                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:29
                                                              Start time:02:32:23
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\conhost.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              Imagebase:0x7ff6495e0000
                                                              File size:875'008 bytes
                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:30
                                                              Start time:02:32:24
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\tasklist.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                              Imagebase:0x7ff6c4050000
                                                              File size:106'496 bytes
                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:31
                                                              Start time:02:32:24
                                                              Start date:27/12/2024
                                                              Path:C:\Windows\System32\find.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:find /I "sophoshealth.exe"
                                                              Imagebase:0x7ff69db30000
                                                              File size:17'920 bytes
                                                              MD5 hash:AE3F3DC3ED900F2A582BAD86A764508C
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Has exited:true

                                                              Target ID:32
                                                              Start time:02:32:24
                                                              Start date:27/12/2024
                                                              Path:C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe"
                                                              Imagebase:0x400000
                                                              File size:2'174'904 bytes
                                                              MD5 hash:BE2EDCF02F80B8D9AB65724911E3F2E6
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:Borland Delphi
                                                              Yara matches:
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000020.00000002.2164572415.0000000002C24000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              Has exited:false

                                                              Target ID:33
                                                              Start time:02:32:25
                                                              Start date:27/12/2024
                                                              Path:C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Users\user\AppData\Roaming\map\BtowsPlayer.exe" /auto
                                                              Imagebase:0x400000
                                                              File size:2'174'904 bytes
                                                              MD5 hash:BE2EDCF02F80B8D9AB65724911E3F2E6
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:Borland Delphi
                                                              Yara matches:
                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000021.00000002.1243480860.0000000002D03000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                              Has exited:true

                                                              Reset < >
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,Xr$4$$Tr$$Tr$$Tr$$Tr$$Tr$$Tr$$Tr$$Tr$$Tr$$Tr
                                                                • API String ID: 0-1420815133
                                                                • Opcode ID: 9ba93eb5a79d95af16b6ca59a7490d11a29e47c09f0e11d03e50e37864514c25
                                                                • Instruction ID: cbd9470d20bd841c1d13a9aa0081f9e2a58b8da933285df5a9ed99e14cd8e2fb
                                                                • Opcode Fuzzy Hash: 9ba93eb5a79d95af16b6ca59a7490d11a29e47c09f0e11d03e50e37864514c25
                                                                • Instruction Fuzzy Hash: D9E23F34A00518CFDB15EF98D995BAEBBB6FB88704F108095D91AEB354DB349D81CFA0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,Xr$4$$Tr$$Tr$$Tr$$Tr
                                                                • API String ID: 0-822711912
                                                                • Opcode ID: cb9c758360ef6ebdcc2e4ccecd8075e71f7b3e24dafa919379a1aab8d8e2b4f4
                                                                • Instruction ID: 888bd07a686344177daceba442d5ed1038f70665a3cb24f120f8f48810069765
                                                                • Opcode Fuzzy Hash: cb9c758360ef6ebdcc2e4ccecd8075e71f7b3e24dafa919379a1aab8d8e2b4f4
                                                                • Instruction Fuzzy Hash: E0623E34A00218CFDB65EF68D994BAEBBB7FB88704F108095D51A9B354CB349D81CFA0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$TJYr$TJYr$TeTr$pXr$xbWr
                                                                • API String ID: 0-3260586633
                                                                • Opcode ID: e2cd2688d94b7edce78b9ad687220497850085c6bd330e34fb9c019cf9198187
                                                                • Instruction ID: 5d7f48c30dfe791d1793b01fa90050333586b7babc2005896093eb337b010b8b
                                                                • Opcode Fuzzy Hash: e2cd2688d94b7edce78b9ad687220497850085c6bd330e34fb9c019cf9198187
                                                                • Instruction Fuzzy Hash: 01521435A002149FDB55DFA8C984EA9BBB6FF88704F5681A9E5099B372CB31EC51CF40
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: fYr$ fYr$4'Tr$7[IS
                                                                • API String ID: 0-3173960787
                                                                • Opcode ID: 6d3bdc23a3e7328ae8c817562e5594066c732cbd88cbfa459053805d7b8e9253
                                                                • Instruction ID: f0b0a46b0e69766cc05b8ac6e0e6c08574bddef20d49b157ad59c3159a26629a
                                                                • Opcode Fuzzy Hash: 6d3bdc23a3e7328ae8c817562e5594066c732cbd88cbfa459053805d7b8e9253
                                                                • Instruction Fuzzy Hash: C7F20734A005098FD744EF28D9A1BAA77FBBB9C348F1141A9D40AEB359CB34AD41CF95
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: fYr$ fYr$4'Tr$7[IS
                                                                • API String ID: 0-3173960787
                                                                • Opcode ID: fe61fcb0a72246f3f51aaab39b9d89174fe59d8f8f8ca465f630b9829965e8e6
                                                                • Instruction ID: be16e0f1e2b4cfa9cc4b34865cdcd329e6dd98adb794f534486b95948af7e3f4
                                                                • Opcode Fuzzy Hash: fe61fcb0a72246f3f51aaab39b9d89174fe59d8f8f8ca465f630b9829965e8e6
                                                                • Instruction Fuzzy Hash: 72F20734A005098FD744EF28D9A1BAA37FBBB9C348F1141A9D40ADB35ACB34AD41CF95
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HXr$HXr$HXr
                                                                • API String ID: 0-353732529
                                                                • Opcode ID: 2e86f859d2ac6da47291e8d8bb334bb569ccd5f66c2f12819103be294f657a2d
                                                                • Instruction ID: e5084abac3f8dd568eb939823a20fa6effc07402ef5616bc65cf2d558bd1c6b8
                                                                • Opcode Fuzzy Hash: 2e86f859d2ac6da47291e8d8bb334bb569ccd5f66c2f12819103be294f657a2d
                                                                • Instruction Fuzzy Hash: 5B324B34B006088FDB24EFA4D994BAEB7B2FF88304F508569D50A97399DB74AC45CF91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$4'Tr
                                                                • API String ID: 0-3787567430
                                                                • Opcode ID: c9ded05b5b4c17dee648a62de1fcdb842f57e3453d30510fc69509790c0f17e6
                                                                • Instruction ID: 5b5bdc5b05bc10f5e09de764400ed09ebaf9cfb6f815ac26c9639256afecac57
                                                                • Opcode Fuzzy Hash: c9ded05b5b4c17dee648a62de1fcdb842f57e3453d30510fc69509790c0f17e6
                                                                • Instruction Fuzzy Hash: 5A513B71E107418BE748EF7AED526AABFF3ABC8704F18C56AD015D72A8EF7008458B51
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$4'Tr
                                                                • API String ID: 0-3787567430
                                                                • Opcode ID: 57a303f0fea35a84bb077e24482bfee2214e54616c6aa57c0adcd1980cfe2950
                                                                • Instruction ID: b945f6957e10b95d7decebdfdee7889d893d6135f312d07b1b43b931116c785e
                                                                • Opcode Fuzzy Hash: 57a303f0fea35a84bb077e24482bfee2214e54616c6aa57c0adcd1980cfe2950
                                                                • Instruction Fuzzy Hash: 24513D71E107058BE748EF7AED526A9BFF3ABC8704F08C46AD015D72A8EF7018458B51
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (_Tr
                                                                • API String ID: 0-1140766976
                                                                • Opcode ID: 4291a99a077b626b56f36d99a6a884b16b061f1dc42cfc0a060f4bb88b4df4d1
                                                                • Instruction ID: 3dce5b3d8960f4ceaa0ee1ce81d4672cc86d2e4c78cceaf19114e017b97a39b1
                                                                • Opcode Fuzzy Hash: 4291a99a077b626b56f36d99a6a884b16b061f1dc42cfc0a060f4bb88b4df4d1
                                                                • Instruction Fuzzy Hash: 00525D34B001049BDB14EFA8D594A6EBBF7EBC8704F148169E906EB389DF759C42CB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2c35675b97750c88701399eaede01714859e4ac5674b645a2549c454292e6145
                                                                • Instruction ID: 1e2d3a6d981bcb78c5c76b4692d34754dfeea36bb716dd574bfee42b53b8f5c5
                                                                • Opcode Fuzzy Hash: 2c35675b97750c88701399eaede01714859e4ac5674b645a2549c454292e6145
                                                                • Instruction Fuzzy Hash: 63123D35B006089FCB14FFA8D995AAEB7B6FF89304F508529D406AB359DF349C45CB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b424ee718f24257c933f5f3820c0d252d9647343b6547de4e97beeca243072c4
                                                                • Instruction ID: 73f8a228d2ee85bcdf41c5d83b54e91bb050055a6d85abf5d7e4d5311604d29d
                                                                • Opcode Fuzzy Hash: b424ee718f24257c933f5f3820c0d252d9647343b6547de4e97beeca243072c4
                                                                • Instruction Fuzzy Hash: 73126E34B001048BD714EFA8E594A6EBBF7EBC8708F148569D906DB389DF749C42CBA4
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b32957035823e9d50e070d5a686a8099496b0a2d9b5308a35145cc3299a6ec6b
                                                                • Instruction ID: 4fdbd0bb4f9d8aa0725854eae11ebd4505f63e2efb89428976fd06fc771b602c
                                                                • Opcode Fuzzy Hash: b32957035823e9d50e070d5a686a8099496b0a2d9b5308a35145cc3299a6ec6b
                                                                • Instruction Fuzzy Hash: 62D15C34B009089FCB05BF78D955AAE7BB7FB88304B508519D806EB398DF389D42DB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 149adca66b6f468399af9232784b9f651b66e5cf70cfacc168aa4fcfdcd4e004
                                                                • Instruction ID: b19bfee273656c157c00b4e0d495c0127d5eab4ab625b6017881bc6dcdbee3b9
                                                                • Opcode Fuzzy Hash: 149adca66b6f468399af9232784b9f651b66e5cf70cfacc168aa4fcfdcd4e004
                                                                • Instruction Fuzzy Hash: D1D15C34B009089FCB05BF74D995AAE7BB7FB88304B508519D806EB398DF389D02DB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 055bb19f4388162014c6990cae043ad2850eabbf78a8c85e6507f6193b07eb37
                                                                • Instruction ID: 5179e187209c86b3edc0de76074e1badfce7befca1d05ebef1f4bf83a960e165
                                                                • Opcode Fuzzy Hash: 055bb19f4388162014c6990cae043ad2850eabbf78a8c85e6507f6193b07eb37
                                                                • Instruction Fuzzy Hash: A1C14834B005048FD754EB68DA95B6A7BE7BB8C748F1481A9D90ADB398CF349C02CF95
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 533b028b803663545a3ed9a862472f91d6d0b72688b63b23cf83b0409869e479
                                                                • Instruction ID: d04694540d1f63f3511ab7931e69277f923928945b698b045dc1322202059405
                                                                • Opcode Fuzzy Hash: 533b028b803663545a3ed9a862472f91d6d0b72688b63b23cf83b0409869e479
                                                                • Instruction Fuzzy Hash: 32B15A70E0421D8FDB24CFA9C9857ADBBF2BF88344F14856DD415A7294EB759C81CB81
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 59b907f18efde3e748d4988d8184b45a175f25b8629d22d6ff7c67171b68b33e
                                                                • Instruction ID: 76a0066d47d4d117285f7cee3ce7f4565a993632124e10891c57e1fce7c01af0
                                                                • Opcode Fuzzy Hash: 59b907f18efde3e748d4988d8184b45a175f25b8629d22d6ff7c67171b68b33e
                                                                • Instruction Fuzzy Hash: C3C15834B005048FD754EB68DA95B6A7BE7BB8C744F1481A9D90ADB398CF349C02CF95
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 08ba4a65c9a9ba3f3c939e6d24f624ede41caefb87e807224327653a09c7815c
                                                                • Instruction ID: 18f6558b6d7f2eed87fe1958f87a94ac52159cc0d29996a3199c095401702446
                                                                • Opcode Fuzzy Hash: 08ba4a65c9a9ba3f3c939e6d24f624ede41caefb87e807224327653a09c7815c
                                                                • Instruction Fuzzy Hash: E9B15A70E0420D9FDB20CFA9D9857ADBFF2BF88314F14856DD815AB294EB749885CB81
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 57e5cde7dc15f24d37ae3c08f3d1e468bd4eb7e72b7ea2b338bbc8c4dd94618f
                                                                • Instruction ID: 075c172724d6d41e547bc1794e354f1e54dc23d56975d6f8804712663794ab4e
                                                                • Opcode Fuzzy Hash: 57e5cde7dc15f24d37ae3c08f3d1e468bd4eb7e72b7ea2b338bbc8c4dd94618f
                                                                • Instruction Fuzzy Hash: F6917A72E002099FDF20CFA9C9857ADBFF2BF88314F15856DE405A7294EB74A845CB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b507015e63d6d8a029a85203ca8f580d10c6af92e1d59fab67d675724f932fbb
                                                                • Instruction ID: 3a861ce9057a728a5e86b82ef8518b942d2945e78a0268bb42963d3244457d7c
                                                                • Opcode Fuzzy Hash: b507015e63d6d8a029a85203ca8f580d10c6af92e1d59fab67d675724f932fbb
                                                                • Instruction Fuzzy Hash: 0CA15834B005048FD745EB68DA95B6A7BE7BB8C748F1481A9D90ADB398CF349C02CB95
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172527429.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$4'Tr
                                                                • API String ID: 0-3787567430
                                                                • Opcode ID: cc3c2788149fa6b8ff2d34e2457b0c7f9d38c6d6ad374140df5160a9248ca808
                                                                • Instruction ID: 53b662c2ca1fd8c4f2b98d2c7c3345e55106c32ba87326e858c0400d9a0f921f
                                                                • Opcode Fuzzy Hash: cc3c2788149fa6b8ff2d34e2457b0c7f9d38c6d6ad374140df5160a9248ca808
                                                                • Instruction Fuzzy Hash: 3363B139F002219BDB365B64466473E6DF7AFD8A01F50449ED90AE7388EF758C818B92
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HZr$PHTr$PHTr$Xr
                                                                • API String ID: 0-3763945585
                                                                • Opcode ID: e3ef75bccbfc008efb3133afb5031c938d7fcfc87dd24c6cd7d3d064af1ec637
                                                                • Instruction ID: 08bda57cfe082b7ee76c5781ebdc8c1e1410f5171cbf2603f1eb594484bef8a1
                                                                • Opcode Fuzzy Hash: e3ef75bccbfc008efb3133afb5031c938d7fcfc87dd24c6cd7d3d064af1ec637
                                                                • Instruction Fuzzy Hash: 69125C30A007058FDB25EF79C554BAEB7F2BF84314F28856AD4469B3A4DB74E846CB81
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$|>[r$|>[r
                                                                • API String ID: 0-1337490642
                                                                • Opcode ID: 1c504aa98867b19164c3cea50e9058dd86550e6f6cb740b6c86615e2c41e4e4d
                                                                • Instruction ID: 90f9490f81772e520843a83e9f20190332b25c6f166ddca6de68bcd879ae64cb
                                                                • Opcode Fuzzy Hash: 1c504aa98867b19164c3cea50e9058dd86550e6f6cb740b6c86615e2c41e4e4d
                                                                • Instruction Fuzzy Hash: F33172347007404FD314EF69D855B6ABBE6AFC5610F14CA6AD0858B3A4DA31E80ACB95
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HZr$PHTr
                                                                • API String ID: 0-3201730360
                                                                • Opcode ID: 60ce9bbbab6923d3836708314a84d1bb5f8bdc9083d084ba507258f74663e002
                                                                • Instruction ID: c2f64fec5b1035aaf8dc46a8143069b09befcc6920587df49dcb608bfaeead9d
                                                                • Opcode Fuzzy Hash: 60ce9bbbab6923d3836708314a84d1bb5f8bdc9083d084ba507258f74663e002
                                                                • Instruction Fuzzy Hash: 79D14D30A007058FD724EF79C954BAAB7F2FF84305F28862AD4469B794DB74E846CB81
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172527429.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$4'Tr
                                                                • API String ID: 0-3787567430
                                                                • Opcode ID: ec6d09deafc5684f4a9a36eac2f3b6398475d8c06695849eaf9edd642dc49ba1
                                                                • Instruction ID: b7e394ab30e5abab676d04d3d7c65cfc89abcfa1ac6f6882717e333efde5e56e
                                                                • Opcode Fuzzy Hash: ec6d09deafc5684f4a9a36eac2f3b6398475d8c06695849eaf9edd642dc49ba1
                                                                • Instruction Fuzzy Hash: EAB1A03AB082418B9B2AEB3495A957E7FE3FFC8610B14856DE407D3394DF34D8468B46
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (Xr$(Xr
                                                                • API String ID: 0-1929085909
                                                                • Opcode ID: e68b25df6cad43a81e6816e2afd119e9f32319f50814c54077c5d7604518278d
                                                                • Instruction ID: 03e04de9a7461c7e4da9b200a880111365e8398aed6b86fcd4ebe865e4df9f8f
                                                                • Opcode Fuzzy Hash: e68b25df6cad43a81e6816e2afd119e9f32319f50814c54077c5d7604518278d
                                                                • Instruction Fuzzy Hash: 8751BD307002048FD709EB68D995B6EBBE7EBC5708B508869E806DB398DF349C068B91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TeTr$TeTr
                                                                • API String ID: 0-2653051871
                                                                • Opcode ID: 54ffef710c0fb43e427e22fdc60ec0f7e7ffd8ff12798ac1efa19d6d281f51bc
                                                                • Instruction ID: 412556f17bd91361422722fae300eaa7a33e78af5a686f8289dc1ebb2fa9fe41
                                                                • Opcode Fuzzy Hash: 54ffef710c0fb43e427e22fdc60ec0f7e7ffd8ff12798ac1efa19d6d281f51bc
                                                                • Instruction Fuzzy Hash: A141D474B401048FCB45DFA8D5A8AAD77F6BF8C314F6644A9E50AAB362CE319C44CF50
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (Xr$,Xr
                                                                • API String ID: 0-3916087747
                                                                • Opcode ID: b347ca8d5bb7e0d73c5431be185ca45dbf165a9ca1d7cb96a38bc91d5c528f42
                                                                • Instruction ID: a722295a4fadd710a10d6836fb44528bc9f719f4163e831a7227bb23c73195b6
                                                                • Opcode Fuzzy Hash: b347ca8d5bb7e0d73c5431be185ca45dbf165a9ca1d7cb96a38bc91d5c528f42
                                                                • Instruction Fuzzy Hash: 3B2133337002184FC701EBB9A9916AEB7EAEFC4660B1440BBD909C7395DE75CC0283D1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (Xr$(Xr
                                                                • API String ID: 0-1929085909
                                                                • Opcode ID: 81b0641ead0e107fd2b4853dfe5225d81f504da45d814a12bd2b873823816dba
                                                                • Instruction ID: 749313bed27b2e18896469f7e9e079661b3725d34269af41bcfc0304347970a7
                                                                • Opcode Fuzzy Hash: 81b0641ead0e107fd2b4853dfe5225d81f504da45d814a12bd2b873823816dba
                                                                • Instruction Fuzzy Hash: C3213231B082445FE7565B389408B7E7BE6FBC9751B14806BE80ADB385DE399C01CB92
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,Xr
                                                                • API String ID: 0-802603043
                                                                • Opcode ID: 687f3ff32dc59d3bbbbc5bbaeb735a61e54989d47f37ebf6e8335908d2d7589a
                                                                • Instruction ID: 70f0079db7003628ded37a37075d3758badd3f1b9d3d29ec939aed57ad986aa7
                                                                • Opcode Fuzzy Hash: 687f3ff32dc59d3bbbbc5bbaeb735a61e54989d47f37ebf6e8335908d2d7589a
                                                                • Instruction Fuzzy Hash: EF82E874A012189FDB65EF68D994BAEB7B2FF88300F1081D9E809A7355DB349E85CF50
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: aTr
                                                                • API String ID: 0-2831112565
                                                                • Opcode ID: 67d413b7794ad9e10b80960edae91a46dc66961a60f9a21b95ee45f963548a7c
                                                                • Instruction ID: ca74ca1b389aa9cf83ac68410392f9c7ecdaf0d59f638cea215427af8387ddfb
                                                                • Opcode Fuzzy Hash: 67d413b7794ad9e10b80960edae91a46dc66961a60f9a21b95ee45f963548a7c
                                                                • Instruction Fuzzy Hash: 92626F30B106148BD715BB68D959BBEBAB3EBC4B04F508459D90ADB788DF349C42CF91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: aTr
                                                                • API String ID: 0-2831112565
                                                                • Opcode ID: 769fa7988e1cb35f0e440ec04d2649d83d7148070fc576ba7d6b00fcc4c8de25
                                                                • Instruction ID: 7ab1bf4b50d4136a9ef537efcd27a5cc652613be2ce19e57a594180d693a094c
                                                                • Opcode Fuzzy Hash: 769fa7988e1cb35f0e440ec04d2649d83d7148070fc576ba7d6b00fcc4c8de25
                                                                • Instruction Fuzzy Hash: 01328F317106048BD725BB68E999B7A7AB7EBC8B04F508459E906DB7C8CF349C42CF91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: aTr
                                                                • API String ID: 0-2831112565
                                                                • Opcode ID: dd06dc85839c2c3f1cae19b410079f7b9731268ba0b5896dfcd4e403a3e71e6d
                                                                • Instruction ID: f66469f944b6e94aa9fb55ad15791d97464ef49411a860916dfece9eb65fdf13
                                                                • Opcode Fuzzy Hash: dd06dc85839c2c3f1cae19b410079f7b9731268ba0b5896dfcd4e403a3e71e6d
                                                                • Instruction Fuzzy Hash: 81327F317106048BD725BB68E999B7E7AB7EBC8B04F508459E906DB788CF349C42CF91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: aTr
                                                                • API String ID: 0-2831112565
                                                                • Opcode ID: 979c450935711fb6f12f3dc8c755791d55e2f4983bdd8b387d4b4cf37a17de25
                                                                • Instruction ID: 162d52aea6af3b3a2a1f453b284b32e26a0b9a1e606a4a9945ae07b466f7d162
                                                                • Opcode Fuzzy Hash: 979c450935711fb6f12f3dc8c755791d55e2f4983bdd8b387d4b4cf37a17de25
                                                                • Instruction Fuzzy Hash: A4328F317106048BD725BB68E999B7E7AB7EBC8B04F508459E906DB788CF349C42CF91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: aTr
                                                                • API String ID: 0-2831112565
                                                                • Opcode ID: 5e649b6c065e625ccb9acb04608cf3c5e2039929913e7ef1ebb43263db3eca71
                                                                • Instruction ID: 200da0cfdbaba4edeae55e983df2d4ac3aa8491ec3fbfb48c5dd47f20018e3d9
                                                                • Opcode Fuzzy Hash: 5e649b6c065e625ccb9acb04608cf3c5e2039929913e7ef1ebb43263db3eca71
                                                                • Instruction Fuzzy Hash: 81226E317105048BE725BB68D999B7A76F7EBC8B04F508469E90ADB788CF349C42CF91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,Xr
                                                                • API String ID: 0-802603043
                                                                • Opcode ID: a77c0bc5db0456c8b5dc583b00163c2f2029233042ed1f2fddd6596accf5e364
                                                                • Instruction ID: eea94fe830ad29c714985635f8a0a39bf7b97eeb0c6e7076402c9a2c977c798c
                                                                • Opcode Fuzzy Hash: a77c0bc5db0456c8b5dc583b00163c2f2029233042ed1f2fddd6596accf5e364
                                                                • Instruction Fuzzy Hash: C4E15C74A002189FDB65EB68D954BAEBBF2FF88700F108199E409A7394DF749E45CF90
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: D[r
                                                                • API String ID: 0-3764133591
                                                                • Opcode ID: fc4d05cf405f8b0c1ce4c6b6169d07ad36440f36388835f8758f337693bc25cf
                                                                • Instruction ID: 0671a547fc7028dd2bf0fbc51cc69ed625aa21cd9cc17224bc570c5a14f26c26
                                                                • Opcode Fuzzy Hash: fc4d05cf405f8b0c1ce4c6b6169d07ad36440f36388835f8758f337693bc25cf
                                                                • Instruction Fuzzy Hash: BFB18C30A006019FDB14EF69D984B9ABBF6FF88714F158169E406EB3A5DB70EC01CB91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: D[r
                                                                • API String ID: 0-3764133591
                                                                • Opcode ID: 677f01a2f70073792e472a492469cfe95b7edaed9d6aac874ddea56f7c94256c
                                                                • Instruction ID: 786623e3172a379e96fcd36ef556802e1f7ed721123f0e2419468233e9c4142b
                                                                • Opcode Fuzzy Hash: 677f01a2f70073792e472a492469cfe95b7edaed9d6aac874ddea56f7c94256c
                                                                • Instruction Fuzzy Hash: 2BA1AC34A002409FDB15EF69D594BA9BBF6BF88714F15816AE805EB3A5CF31EC01CB91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (Xr
                                                                • API String ID: 0-3024585269
                                                                • Opcode ID: 1fce091a831c88f73b99b381158b3bb780d158a553c155a8855f6b28079dfa91
                                                                • Instruction ID: c145077c1ac557b286faa775ea2f1f7e5f145a167d15c1c57d4836822b226787
                                                                • Opcode Fuzzy Hash: 1fce091a831c88f73b99b381158b3bb780d158a553c155a8855f6b28079dfa91
                                                                • Instruction Fuzzy Hash: 1A61CC75A006048FCB15EFA8D9956AEBBF6FFC9304B14896EC91AD7744DB30AC018F81
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: Xr
                                                                • API String ID: 0-2713809803
                                                                • Opcode ID: abef4ffa2d2d24d706eee70271b3e58a1b97d46ecf33b63de4757d34861423c3
                                                                • Instruction ID: 1610eef9a72410e70889fd29576c079a2f0fcedd21ed27e26d52627573c30c58
                                                                • Opcode Fuzzy Hash: abef4ffa2d2d24d706eee70271b3e58a1b97d46ecf33b63de4757d34861423c3
                                                                • Instruction Fuzzy Hash: 9B51523570020A9FDF05DFA8D844AEEBBF6FF8C214B14812AE905E7350D735D9519B91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: D[r
                                                                • API String ID: 0-3764133591
                                                                • Opcode ID: a5f729259999c6143b2459f6a12debfb76bf4d25fd233b55811b82b4601bd198
                                                                • Instruction ID: 8409249973513f795826742e61e993eca5f132489e15dcdb5041dc286499e736
                                                                • Opcode Fuzzy Hash: a5f729259999c6143b2459f6a12debfb76bf4d25fd233b55811b82b4601bd198
                                                                • Instruction Fuzzy Hash: 35617C34A006018FCB14DF6DD984A99BBFAFF88314B158569E416EB365DB71EC41CF90
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (Xr
                                                                • API String ID: 0-3024585269
                                                                • Opcode ID: d8c92e224f7da551a7ff46cd5ed76b5a816a2f4d996e080ec67ef70c764a04ce
                                                                • Instruction ID: e0cc4752951aec6cf4be74eb7571b870b4599890b03bd260fea6091a9d764162
                                                                • Opcode Fuzzy Hash: d8c92e224f7da551a7ff46cd5ed76b5a816a2f4d996e080ec67ef70c764a04ce
                                                                • Instruction Fuzzy Hash: CA41ED357002044FDB09FB28E991A7EBBE7EBD860871085AAD906CB359DF359C028BD5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: pXr
                                                                • API String ID: 0-1419380911
                                                                • Opcode ID: ece3530991713a03cc46b231ed4ce1250365497bfa224a5a91636bd7329310b0
                                                                • Instruction ID: 67d66ac22717fc97f44615a5432534a7ee8652c8c7190a277b6c6aeb2613fc4c
                                                                • Opcode Fuzzy Hash: ece3530991713a03cc46b231ed4ce1250365497bfa224a5a91636bd7329310b0
                                                                • Instruction Fuzzy Hash: C8515936200100AFDB45AF98DD49E6A7BB3FB8C3147198098E60A8B3B9DB31CC11DF91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr
                                                                • API String ID: 0-64186575
                                                                • Opcode ID: 7e911b0acd97e66b66eec59b1328ddec7f9ad5d2fe7299b348c03e011e43264c
                                                                • Instruction ID: e2949ed346fbf4e51a47f4aee2e8d31d8a08174bea1b3ca7c90142dd4d9af7c0
                                                                • Opcode Fuzzy Hash: 7e911b0acd97e66b66eec59b1328ddec7f9ad5d2fe7299b348c03e011e43264c
                                                                • Instruction Fuzzy Hash: 62418E35B115049FCB06EBA8E999EAE7BF7EF8C700B148059E506E7395CB358C018F95
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr
                                                                • API String ID: 0-64186575
                                                                • Opcode ID: 27915f7b9f442df43901f1209849dc0a289ce8e33888be0319df0d3d6a922bc3
                                                                • Instruction ID: 74094aeb70066f0b7c6b2e36a0ecc108b23d03a17cbb5e82b6481a89be91d61f
                                                                • Opcode Fuzzy Hash: 27915f7b9f442df43901f1209849dc0a289ce8e33888be0319df0d3d6a922bc3
                                                                • Instruction Fuzzy Hash: C3418C35B105089FDB06EBA8E999A6E7BF7EF8C700B148059E50AD7395CF358C018BA5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $Tr
                                                                • API String ID: 0-1959225098
                                                                • Opcode ID: 2522d32d211f67c5ecbad2f2e1adf746635f34218ecc4fcaf648d659cad0e89f
                                                                • Instruction ID: 7e50d29e697bb633b142d885122cf3030e048608a93627c881dc2941980ec31f
                                                                • Opcode Fuzzy Hash: 2522d32d211f67c5ecbad2f2e1adf746635f34218ecc4fcaf648d659cad0e89f
                                                                • Instruction Fuzzy Hash: 58316034B102188FDB15EB64E966AAEBBB6BF8C740F50846DD902E7354DF749C01CB91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @
                                                                • API String ID: 0-2766056989
                                                                • Opcode ID: 6b5e5b4683b89a03bc4bb8a0d01a2d4dc740499f45bd12b6dabab209c0e27bd8
                                                                • Instruction ID: d0db7c59d98d1408a72cf3b5ef3943655ea48643f61f2296d5f4f0c623a9f18e
                                                                • Opcode Fuzzy Hash: 6b5e5b4683b89a03bc4bb8a0d01a2d4dc740499f45bd12b6dabab209c0e27bd8
                                                                • Instruction Fuzzy Hash: 7E314B34700618CFDB14EB64D966BAA7BF6BB8C248F504469D506DB358DF745C02CB92
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: p<Tr
                                                                • API String ID: 0-131525428
                                                                • Opcode ID: bbbee16f2c529be24cef513ec6376ef3f53db08cc02600a3bb859e8865922216
                                                                • Instruction ID: eaa0ac98916fdf63a65ffe5e4d4b1d644e2cd26a8872e8c262ec14d640249779
                                                                • Opcode Fuzzy Hash: bbbee16f2c529be24cef513ec6376ef3f53db08cc02600a3bb859e8865922216
                                                                • Instruction Fuzzy Hash: 51318971304159AFDB06AE69D891EAABBEAFF8A240B058015FC19DB394CB34DC51CB70
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $Tr
                                                                • API String ID: 0-1959225098
                                                                • Opcode ID: 998145d195489e6a1fdbf39ccd039fdf27111d773a7aad7a4c2ad5c0ce225b40
                                                                • Instruction ID: b51346673718a8b0021df445b920e12e60f6bd4bad92424ec549466b54775723
                                                                • Opcode Fuzzy Hash: 998145d195489e6a1fdbf39ccd039fdf27111d773a7aad7a4c2ad5c0ce225b40
                                                                • Instruction Fuzzy Hash: FC31A430B10218DFDB15EB64E566AAEBBB6BF88740F50849DD902E7344CF749C01CB91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172527429.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr
                                                                • API String ID: 0-64186575
                                                                • Opcode ID: e4ee880eab8102ab1b777aacaec862740756939a3c1c07f747493c3d16daf283
                                                                • Instruction ID: 89d80cff5b16a027a441b19fb5599498b0eb8769cb397074616e02de7d6c2f12
                                                                • Opcode Fuzzy Hash: e4ee880eab8102ab1b777aacaec862740756939a3c1c07f747493c3d16daf283
                                                                • Instruction Fuzzy Hash: 0C21347BE082618BEB3B5A6099117B97B77FB80701F05089AE505AB2C4C7358A86CB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172527429.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e1f8deef19d9ec1d9dfa36a434ba2ffcfcde027ff61013ece627d80cdd1aae4
                                                                • Instruction ID: 13c033c173a3f32ab667716c2414f1b25f9ae9f96821a2b2b091b19248f6a2c1
                                                                • Opcode Fuzzy Hash: 1e1f8deef19d9ec1d9dfa36a434ba2ffcfcde027ff61013ece627d80cdd1aae4
                                                                • Instruction Fuzzy Hash: 2EB2B135600215CBD714DBA4D859BAEBABABFE8701F5084AEE107A72D4CFB58D40CF61
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @
                                                                • API String ID: 0-2766056989
                                                                • Opcode ID: e5cebde90154489e94dc02d4d6d4e9b5b4d7376448d72c673249a24a3d9b9c16
                                                                • Instruction ID: 6c5cf137384177e702913b8eae77b629d5b4aa337e538245c464c508208529b3
                                                                • Opcode Fuzzy Hash: e5cebde90154489e94dc02d4d6d4e9b5b4d7376448d72c673249a24a3d9b9c16
                                                                • Instruction Fuzzy Hash: FB316D30600654CFD704EB64D966BAA7BFABB8C348F904469D902DB359DF745C42CB92
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: p<Tr
                                                                • API String ID: 0-131525428
                                                                • Opcode ID: c3c762c5a9f818026be25cf1d4324a97b9a95e06f8a38e9fbf5dde990b59a631
                                                                • Instruction ID: dea4ffd43c2a9818ac92efe23e1af9416bf0e7c2e02bebb51d2ab1b6e5986de9
                                                                • Opcode Fuzzy Hash: c3c762c5a9f818026be25cf1d4324a97b9a95e06f8a38e9fbf5dde990b59a631
                                                                • Instruction Fuzzy Hash: 18217A32304158AFDB46AE59D891EAABBEAFF8A240B058015F819DB394CB34DC51CB20
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: fYr
                                                                • API String ID: 0-408826301
                                                                • Opcode ID: fcafd9c1a7610fe9b764848e99f061b0a163390b638d60727a08131a956f0887
                                                                • Instruction ID: db8c34d4f5c09578bde9721a8dfa3973cade1bee28a86c5c684892bce09909c6
                                                                • Opcode Fuzzy Hash: fcafd9c1a7610fe9b764848e99f061b0a163390b638d60727a08131a956f0887
                                                                • Instruction Fuzzy Hash: 6611B2327042155BEB19DA69A850ABFBB9BFBC0B65F10407EF509C7684DE72AC1147A0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TeTr
                                                                • API String ID: 0-1273742946
                                                                • Opcode ID: 60bc7a39acf40c5920d87dd4d5ca3106ab6fe8086f53386efbe3ee0e4b7a3d6f
                                                                • Instruction ID: 6b5319e03c977d0785c72cfb99344da4dc2da43e5ff938726b76be70157e7224
                                                                • Opcode Fuzzy Hash: 60bc7a39acf40c5920d87dd4d5ca3106ab6fe8086f53386efbe3ee0e4b7a3d6f
                                                                • Instruction Fuzzy Hash: B811E331B002188BDB15BA64CD557FE7BB7EB88B04F100A1AD906BB785DF746C068BE5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: dXr
                                                                • API String ID: 0-3437053986
                                                                • Opcode ID: d4ddae37918839d7435cfcb6551febd21d77c4b77bb9b1cc1c594e383048e335
                                                                • Instruction ID: 50cf399f3b76c62479412eacd5419d26a76fdac431cd2adaa002ebce69093b05
                                                                • Opcode Fuzzy Hash: d4ddae37918839d7435cfcb6551febd21d77c4b77bb9b1cc1c594e383048e335
                                                                • Instruction Fuzzy Hash: 7911A376A101088BC704FFB8E9466AE7BB6EB88700F50496AE505E7348EF305D058BE2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TeTr
                                                                • API String ID: 0-1273742946
                                                                • Opcode ID: b902059f60e52e4f20c361c7ff7e86926ecd6a926cea3e931de8877412f16edf
                                                                • Instruction ID: 6eb40b8675f618c5e5245e7a75a27d6ad3ef73e5f260a54641f7360a3f83e5c9
                                                                • Opcode Fuzzy Hash: b902059f60e52e4f20c361c7ff7e86926ecd6a926cea3e931de8877412f16edf
                                                                • Instruction Fuzzy Hash: B311A33071011487DB25AB54D9597FF76B7EBC8B14F504519D902A73C4CF784C468BE5
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr
                                                                • API String ID: 0-64186575
                                                                • Opcode ID: fac7010bbfc7f68c586f49cb2ebb5876ac0f147ffd823c959e2d47262f1f5139
                                                                • Instruction ID: 239aa7638373e5a751582c04fbc867e65d0f177a34ae68d0ab5a15901684efc2
                                                                • Opcode Fuzzy Hash: fac7010bbfc7f68c586f49cb2ebb5876ac0f147ffd823c959e2d47262f1f5139
                                                                • Instruction Fuzzy Hash: 9301D272A092449FC712EBA4EEA17BA7F7ADF82704F1480DA9405CB3A7DE359D05CB41
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: dXr
                                                                • API String ID: 0-3437053986
                                                                • Opcode ID: 0ddd23c9c42fe35b9e9ff4dc7ca25d7758a4b9cc537e1f195bc350d7b915536a
                                                                • Instruction ID: 927c0498b4c8cdfe1dd6a6b356fddf717139c92c836fef730aed17d90731bff0
                                                                • Opcode Fuzzy Hash: 0ddd23c9c42fe35b9e9ff4dc7ca25d7758a4b9cc537e1f195bc350d7b915536a
                                                                • Instruction Fuzzy Hash: E3118E35A102098BC714FFB8E9455AEBBB6EBC8700F50896AE505E7248EF305D058BE2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TeTr
                                                                • API String ID: 0-1273742946
                                                                • Opcode ID: 1bb909ab9fe65f2373a7505d850463b7d097cb0a9c1a57a9bef4b77bbbc06843
                                                                • Instruction ID: 37d00ddc73b0796bf0101f6b09afc417e93ba3e22c7bccc6e0c31cb808ba92be
                                                                • Opcode Fuzzy Hash: 1bb909ab9fe65f2373a7505d850463b7d097cb0a9c1a57a9bef4b77bbbc06843
                                                                • Instruction Fuzzy Hash: 4301A130B102288BDB15AA68D9657EE7BA7EBC8B04F10461AD506AB384CF741C058BE5
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5059de80b01b1dc64c2f756a573e2b5ff04220750e3dd1e74b2711d72b0b0edc
                                                                • Instruction ID: 186872831373e326eb9497ef12a7ee2573e7a99db5fc699ed1a6074703dab0ac
                                                                • Opcode Fuzzy Hash: 5059de80b01b1dc64c2f756a573e2b5ff04220750e3dd1e74b2711d72b0b0edc
                                                                • Instruction Fuzzy Hash: E7026D30B0450A8BD715EFA8DD9467FBAE7EBC8704F148468E916DB788DF389C418B91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: effbe4f727a8efdc7cc40a0052a3d42ecc5bc4cb5e0c744f9b51515fcba735a8
                                                                • Instruction ID: f52294ef933a187993a696bf4ba2be11fe175ea197c5b0a70d58d1e6f648e0ae
                                                                • Opcode Fuzzy Hash: effbe4f727a8efdc7cc40a0052a3d42ecc5bc4cb5e0c744f9b51515fcba735a8
                                                                • Instruction Fuzzy Hash: A4E12D35B006089FCB14FFA8D995AAEB7B6FB89304F508529D406EB399DF349C05CB51
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e7825b7e18fb14ad2d9eeb385ffbf328fe1ae18268b285435ab2f4decded35fc
                                                                • Instruction ID: 286beb747e6d08cf345627d1352b0c4188c31beb3539a046bb3239d0f148a165
                                                                • Opcode Fuzzy Hash: e7825b7e18fb14ad2d9eeb385ffbf328fe1ae18268b285435ab2f4decded35fc
                                                                • Instruction Fuzzy Hash: 6BD1D875A04205DFDB14DF98C584A9DFBF2BF49314F25829AE409AB326D730E986CF80
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9bd21c3035bf03de2e2e427a278c96b85f8c0ffa0dafb5c515fc48b562c8c6af
                                                                • Instruction ID: 85ad08f22ec89e5b13c18f6507956485989a75c9fdddb179f4a11328cc03e1b4
                                                                • Opcode Fuzzy Hash: 9bd21c3035bf03de2e2e427a278c96b85f8c0ffa0dafb5c515fc48b562c8c6af
                                                                • Instruction Fuzzy Hash: 52B148B0E0421D8FDB20CFA8C9857ADBBF2BF88354F14856DD815A7294EB759885CB81
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d6a852e9cd44c35c7d6866e426876f83ff7ebdf0e63dd6bf13581741850af260
                                                                • Instruction ID: e871646fcd81b208f95c0118552a8eda8dc16cf00ad8e85f29548428633781b9
                                                                • Opcode Fuzzy Hash: d6a852e9cd44c35c7d6866e426876f83ff7ebdf0e63dd6bf13581741850af260
                                                                • Instruction Fuzzy Hash: 5BA15970E0420D9FDB20CFA8D9867ADBFF2BF48314F14856DD815AB294EB749885CB81
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e18818979f0b85d38be0ac83a935f165c0009aa813a587a1a2a4caadcada72af
                                                                • Instruction ID: 13244b454397596ce52960152a8fa58ed2bcc4a6d277f2e3a4102341fe292970
                                                                • Opcode Fuzzy Hash: e18818979f0b85d38be0ac83a935f165c0009aa813a587a1a2a4caadcada72af
                                                                • Instruction Fuzzy Hash: 1BA18F357006188FDB15EFA8D984AAEB7B6EF88714F148115E816DB759CF34AC42CF90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a8271904a10f4b7898a2bc46e08a986d14c4a593307ff77295540d6f810f0143
                                                                • Instruction ID: 64c7cc65b872ef5c065f9a516459900f26b2860079bc3d143497a00572d5972a
                                                                • Opcode Fuzzy Hash: a8271904a10f4b7898a2bc46e08a986d14c4a593307ff77295540d6f810f0143
                                                                • Instruction Fuzzy Hash: 5791AD32B005089BCB15FF68D4996ADB7B7FB88304F108529D402A7798DF789C46DB95
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d0ee1a4039dd58fc70ed9f51ee35f8587143bd15280850a05ac9b7c4e67efba1
                                                                • Instruction ID: c28ef8dd8d63c2358930f8de6b4e17c9a0f977bfe18ecb5e6c818474e6ebc187
                                                                • Opcode Fuzzy Hash: d0ee1a4039dd58fc70ed9f51ee35f8587143bd15280850a05ac9b7c4e67efba1
                                                                • Instruction Fuzzy Hash: 44916AB2E002099FDF20CFA8C9857ADBFF2BF48314F15856DE405A7294EB74A845CB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0ca31bfed6776a7082ccedec746951e18f2c74a657c9bd925943820a6964dd03
                                                                • Instruction ID: 59f9f5481babdc945c8032c69adaf57079a8c1b4c78d6ea079da2fcff4a68c1a
                                                                • Opcode Fuzzy Hash: 0ca31bfed6776a7082ccedec746951e18f2c74a657c9bd925943820a6964dd03
                                                                • Instruction Fuzzy Hash: 9491CA34A04205DFDB14DFA9C594AADB7B2FF88305F2485AAD406AB361DB31ED46CF50
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bbc50de4a2b7353712a283b5cda929769f3f7b94b1859e8d2b7e51fa902a3e66
                                                                • Instruction ID: 9aed6d799df9fe61e1e5f762062bffbc83886b3dc422b8f5c8d16ee87e2eac4d
                                                                • Opcode Fuzzy Hash: bbc50de4a2b7353712a283b5cda929769f3f7b94b1859e8d2b7e51fa902a3e66
                                                                • Instruction Fuzzy Hash: DA71C2303140409BD354BEACE998A3F76A7EBC9B05B548169E617DF3C8CF358C468B61
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1d367beb4dc0acdb572675474c812a04ff54f721517b8c46855a521c74ba2f6a
                                                                • Instruction ID: f34b8fe4eadbd12e92341bedc1190e8d80e5c14d17750e248688335ff048294b
                                                                • Opcode Fuzzy Hash: 1d367beb4dc0acdb572675474c812a04ff54f721517b8c46855a521c74ba2f6a
                                                                • Instruction Fuzzy Hash: 8671DE32B009089BCB05FF68D5996ADB7B7FF88304F108519D802A7798EF349D46DB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172527429.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 105e953b3011e69b81a569c017e560b723c9c3a5f52481b47466a22000769832
                                                                • Instruction ID: fddfbaae186f78166070e81758e7d2c9272da6711d79ba09bc7e389c0ee4cdeb
                                                                • Opcode Fuzzy Hash: 105e953b3011e69b81a569c017e560b723c9c3a5f52481b47466a22000769832
                                                                • Instruction Fuzzy Hash: CD61A0363003414BDB16EE26D5ECA3EF7ABBFD9600B94893ED50397295CF75980A8B11
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 145ce2f2786fd7854efe78ee7be1390fb25e8b21d2424526946b0221d8bf94f1
                                                                • Instruction ID: 234bb67052a354fd85db3903647ebe4f65060919f590c243b7196453ceb22339
                                                                • Opcode Fuzzy Hash: 145ce2f2786fd7854efe78ee7be1390fb25e8b21d2424526946b0221d8bf94f1
                                                                • Instruction Fuzzy Hash: D281483A510504EFDB5AAF94D948D51BFBBFB0C31830A86D4E2098B636C736E871EB51
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172527429.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 547e1941b5b391ee9fef705929e219f1fb590c35eed637c8893a64b68eccdcce
                                                                • Instruction ID: b88678b8668db303221b7ab876aeec6779080726333f94c9c5eceaa7eaab1b37
                                                                • Opcode Fuzzy Hash: 547e1941b5b391ee9fef705929e219f1fb590c35eed637c8893a64b68eccdcce
                                                                • Instruction Fuzzy Hash: 10518F363003014BDB16EE26D1DCA3EF6AFBFD9600B94893DD50797285CF75980A8B61
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a42f341f12b8839fd20f01b415da5fbcce3be1fc10a2179d40fa91ff27ddbee2
                                                                • Instruction ID: 74c4b932fd5ceba60ff5947c6ba125d112e3afd21891e5c843ff86760b6f3858
                                                                • Opcode Fuzzy Hash: a42f341f12b8839fd20f01b415da5fbcce3be1fc10a2179d40fa91ff27ddbee2
                                                                • Instruction Fuzzy Hash: 447147B0E0024D9FDF20CFA9C985B9EBFF2BF88314F148569D415A7294EB749851CB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2170d0d918525ebb1693248894cf1e5dbd75776eec5c43660713e4898a4d3ea
                                                                • Instruction ID: 3f6b0cd7cfa9ead90b29b327d6bff8db85df566fb78c3f62189655c2870235f5
                                                                • Opcode Fuzzy Hash: a2170d0d918525ebb1693248894cf1e5dbd75776eec5c43660713e4898a4d3ea
                                                                • Instruction Fuzzy Hash: 397147B0E0024D9FDB20CFA9C985B9DBFF2BF88314F148569D415E7294EB749851CB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9b69537c29e92a89d75f4ccf24ad876743423e313fa2dd20a3705aa9999646e7
                                                                • Instruction ID: 4d84f70df2d1faf00688aaea3b726dd677be6b6642f5073e8cb7cd2f43100ed9
                                                                • Opcode Fuzzy Hash: 9b69537c29e92a89d75f4ccf24ad876743423e313fa2dd20a3705aa9999646e7
                                                                • Instruction Fuzzy Hash: 6C5192307006089BDB14EBA9D999B6BBBF6EBC8704F108029D506D7788DF759C05CFA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6fcf7a7efb8e46d3814013e3e7c6ac2b04175ee38185dcb3ee01eb6bc0f40d8b
                                                                • Instruction ID: 8b3afac085d3cc7c9a2e029db88ecab43b5e1b564841db135a8513799a1c378e
                                                                • Opcode Fuzzy Hash: 6fcf7a7efb8e46d3814013e3e7c6ac2b04175ee38185dcb3ee01eb6bc0f40d8b
                                                                • Instruction Fuzzy Hash: FC515B34B101048FD714EB68E995BAA7BBAFB88748B50806DD906DB358DF749C06CF91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 446f6c5946a5e9af698c28bc62c7581f15f388db4c3d7e5cd5d8a616274ef2d6
                                                                • Instruction ID: ba167e50b39cdd069dd187b193a8b9b213d4f99c2410d99a67c6e68cc1fffd82
                                                                • Opcode Fuzzy Hash: 446f6c5946a5e9af698c28bc62c7581f15f388db4c3d7e5cd5d8a616274ef2d6
                                                                • Instruction Fuzzy Hash: AF515834A101048FD714EB68E995BAA7BBBFB88744F54806DD806DB398CF749C06CF91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 65da9fbd79ec0d50dcb03d4bbd05f7acaf6eeb7fdecfa8b744b58621fe9f26b0
                                                                • Instruction ID: 8b69e28e08becbacddd1c5f7296bb984c69ef1640651a7378432d82f80e14f8c
                                                                • Opcode Fuzzy Hash: 65da9fbd79ec0d50dcb03d4bbd05f7acaf6eeb7fdecfa8b744b58621fe9f26b0
                                                                • Instruction Fuzzy Hash: CB41F436908906F7CF196FE4C060AACFB21FEB4315318819FC5A1A2551DB61EC28C3D6
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8eb608e2dfcf415d856b05ab1749a589676174e9f5abcbc5d8c54a15b6f72513
                                                                • Instruction ID: 30b6f1509385ff38ae64f01bfadde9b81c3f28ff4b4d93bee9c222744818304a
                                                                • Opcode Fuzzy Hash: 8eb608e2dfcf415d856b05ab1749a589676174e9f5abcbc5d8c54a15b6f72513
                                                                • Instruction Fuzzy Hash: 36416B347005058FD705FB68EA95A6A7BE7BBCC358B1481A9D60ADB398CF34DC02CB95
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2e66c0a6be2b02eab78d37144f04a1f23263c76f82f408cd1409aa8c997c8d81
                                                                • Instruction ID: d888582df556d3e0eb6b94f0ae46b064fa8bbd68bdfa72e9f1e6c22c9f1eeb08
                                                                • Opcode Fuzzy Hash: 2e66c0a6be2b02eab78d37144f04a1f23263c76f82f408cd1409aa8c997c8d81
                                                                • Instruction Fuzzy Hash: 8D416B347005058FD705FB68EA95A6A7BE7BBCC358B1481A9D60ADB398CF34DC02CB95
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 971b6e224df8751cd46507954dc95700097e4ea7a73b721b1ba71bc4f20a9c8e
                                                                • Instruction ID: ce4d01e350e284c2c7408d7c8b29eee62840298758b1fed282d2e76faf5a61ba
                                                                • Opcode Fuzzy Hash: 971b6e224df8751cd46507954dc95700097e4ea7a73b721b1ba71bc4f20a9c8e
                                                                • Instruction Fuzzy Hash: 0E315035B00108AFCB14EF94E944A6AB7B7FF88314F158864E906DB355DB35DC01CB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e90e4eafe1d8778e9f4292cc146b6512167e0ca021d3e1379cb24f44dc965061
                                                                • Instruction ID: e9318a188ef447fc2ec0e67f0c142fd2c6c395c6d0bedcaa7e43990f851b28e3
                                                                • Opcode Fuzzy Hash: e90e4eafe1d8778e9f4292cc146b6512167e0ca021d3e1379cb24f44dc965061
                                                                • Instruction Fuzzy Hash: 3B410930A04208DFDB15DBA9C995BBDB7B2BF88305F24856DD406AB361CB359D4ACF50
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 740e44baef34cbf843fc75461b52fe951f13cf367e595cdd7d5ba3d6d3803d78
                                                                • Instruction ID: 8775420817b9e98d2900895a38c29ce53f0d82ebcea55006ae52403c4fbc8dee
                                                                • Opcode Fuzzy Hash: 740e44baef34cbf843fc75461b52fe951f13cf367e595cdd7d5ba3d6d3803d78
                                                                • Instruction Fuzzy Hash: 2231E735A002058FD700EF68D991AEE7BB6FF89304B40842AD519DB314EB30AC0ACF91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172527429.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c4bc34e8b5c612f4cb89da7c09a623ffa212f485c834b547b0dcd9bcfef7120f
                                                                • Instruction ID: c12cafd15a76f2f97b146ae7be5ddf3b1f4215dd8c49a03eb41e57890f78a1ad
                                                                • Opcode Fuzzy Hash: c4bc34e8b5c612f4cb89da7c09a623ffa212f485c834b547b0dcd9bcfef7120f
                                                                • Instruction Fuzzy Hash: A821EA367083810BD7277A36949473AB7EBEFD6500B49857FD10697295CF689C068361
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3d2cb685feaf463f04f9c0f84a1bfa61d42c12739ee108aa5f794d9498851339
                                                                • Instruction ID: 5c0650585082e1966ac8f1563799131eb560ff616021395029bba2685f643664
                                                                • Opcode Fuzzy Hash: 3d2cb685feaf463f04f9c0f84a1bfa61d42c12739ee108aa5f794d9498851339
                                                                • Instruction Fuzzy Hash: 4D312D72A0005D6F9F028ED59C50CFFBFFEEB8D211B044066FA55E2151DA3ADA259BB0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a2e1c534b68e19112fb25b840cf46b5022f775c737f7b721a22b2b1e175f2012
                                                                • Instruction ID: bf27f14eaf11183aad56ec03e6f924fa4324913067931391ecc3a0449d18fdd1
                                                                • Opcode Fuzzy Hash: a2e1c534b68e19112fb25b840cf46b5022f775c737f7b721a22b2b1e175f2012
                                                                • Instruction Fuzzy Hash: E141F2B5D00349DFDB10CFA9C984ADEBFB5FF48304F10842AE819AB254DB759A49CB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 94b08ad0f86abd5e8fe58c54d6dcd9459af9506847d1dd7c8d72662477a590e0
                                                                • Instruction ID: 72717c788d5611d96391636cb518a133c65d72fd615495cf8b78f2d8eb939188
                                                                • Opcode Fuzzy Hash: 94b08ad0f86abd5e8fe58c54d6dcd9459af9506847d1dd7c8d72662477a590e0
                                                                • Instruction Fuzzy Hash: 692138B7A082046FC702DBA8EC51A5BBBFAEB85210F5584AAE445D7352E931DC01CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cba086d2448fb10ca61cb74e90cfa413f0a0449e553e7f9bdd11ece614c7a73b
                                                                • Instruction ID: a0f3850c4ad7cd27abe48b646e68e23ce211cc992ac85360315daac4b9aa0a32
                                                                • Opcode Fuzzy Hash: cba086d2448fb10ca61cb74e90cfa413f0a0449e553e7f9bdd11ece614c7a73b
                                                                • Instruction Fuzzy Hash: 2E41E2B0D00349DFDB10CFA9C594ADEBFB5FF48314F10842AE819AB254DB75A945CB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172527429.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4aca424222bb0ce91a8bc36b797525120cc110b45e13c72de566310df6e08605
                                                                • Instruction ID: eadb81aed66fce09111212ec583a78a2cbcab1bc112fa90dfb186886c0621832
                                                                • Opcode Fuzzy Hash: 4aca424222bb0ce91a8bc36b797525120cc110b45e13c72de566310df6e08605
                                                                • Instruction Fuzzy Hash: 3A21953670474147DB26B93A9494A3FA6DFEFD9A00B84863ED10697384CF68AC068761
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d8e770e106a4561b0a22fcefe4386f5f76ab70adee3c34e48b677aae937df1e1
                                                                • Instruction ID: 734e0058914ff59c27683d2f8aaf58225d8ea1ad4d2bdab728723047fa91c4bb
                                                                • Opcode Fuzzy Hash: d8e770e106a4561b0a22fcefe4386f5f76ab70adee3c34e48b677aae937df1e1
                                                                • Instruction Fuzzy Hash: 5A21AF36A00108AFCB05EF94E944EAABBB7FF88314F054565EA06DB366CB35DC15CB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ffe15a3ffd395374dee3a5e445fd93ec6aa598310b1de0d3ef17f2669e3c461d
                                                                • Instruction ID: 8b884daa1a4bcb047481f97e87c1bdab248dcc5fe75adc2e553b01df9920540f
                                                                • Opcode Fuzzy Hash: ffe15a3ffd395374dee3a5e445fd93ec6aa598310b1de0d3ef17f2669e3c461d
                                                                • Instruction Fuzzy Hash: 68319F31A00508ABDB15AF98D854AAFBBBBEBCC710F548119E516E7388CF349C42CF90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cd121dcff64f31595800b6319ca7774743f0696de225b30f50b1dff8ce154d8c
                                                                • Instruction ID: 016a66abaa6e5b3fedb22e7d74c8e6bd2612261678ab2909734ee0c93f22a7b3
                                                                • Opcode Fuzzy Hash: cd121dcff64f31595800b6319ca7774743f0696de225b30f50b1dff8ce154d8c
                                                                • Instruction Fuzzy Hash: 2E21D3307402085FD711AA689D85BBF7EF6EB89704F148029F916D738ADF398C01CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bf38b999acc9f5112255d09a7cefdac29fffe8977ecd85b4a50099999cae6bcf
                                                                • Instruction ID: 5cd66964e101d9811a46fa4581f8757bf95a8afd6c3974f07928de9c666b9412
                                                                • Opcode Fuzzy Hash: bf38b999acc9f5112255d09a7cefdac29fffe8977ecd85b4a50099999cae6bcf
                                                                • Instruction Fuzzy Hash: D121B1756040089FDB04EA88D985BAFBBFAEBC9704F148059E506E7384CF759C068FA1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9c477e6b7ad6f08e4edabf6d161536a5520154c9a25948c1e508a660c54257d7
                                                                • Instruction ID: b480b805cabd163e07ca2851af067a226a9afbaeaee81d8706a261a1ad6ea3c2
                                                                • Opcode Fuzzy Hash: 9c477e6b7ad6f08e4edabf6d161536a5520154c9a25948c1e508a660c54257d7
                                                                • Instruction Fuzzy Hash: 9B218230A002099FD744EF68D991AAEB7F6FF89304B508529E51ADB354DF30AD0ACF91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2163002927.000000000296D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0296D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_296d000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b1930e62d5d6f51100fc97e1553dab3d7c23b166f8f6d0f5ac6ac54ae4d3eb49
                                                                • Instruction ID: e00ca5a796ccf98452b5c4d5c745be128fae992fa227bbcdafffa3b9cc4ea501
                                                                • Opcode Fuzzy Hash: b1930e62d5d6f51100fc97e1553dab3d7c23b166f8f6d0f5ac6ac54ae4d3eb49
                                                                • Instruction Fuzzy Hash: 0A2100B1604240EFDB10DF14D9C8B36BFA6FB88314F248569E8094B24AC336D456CAB2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e61303e9d3680540c4483a108e840c44205b341117ccf0a226bcdee786d5a62
                                                                • Instruction ID: 433ff01b1393aebae2c880f9cf13594407369bfd48952131a8d40974b8b60140
                                                                • Opcode Fuzzy Hash: 9e61303e9d3680540c4483a108e840c44205b341117ccf0a226bcdee786d5a62
                                                                • Instruction Fuzzy Hash: 622108357046448FD712BB78E45966A3FB3EBC6714B458096D802CB389DF385C0A8B92
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3af11bebcd0dd22f0dec8d53f7000c3c6595d2f24e002756940b0f815df789ba
                                                                • Instruction ID: d9226c92595d0514a4df48eb24995f4671574a6a6baa90d34b865534602168a8
                                                                • Opcode Fuzzy Hash: 3af11bebcd0dd22f0dec8d53f7000c3c6595d2f24e002756940b0f815df789ba
                                                                • Instruction Fuzzy Hash: D6210430600B008FC324EF59D554A66F7E6EF84324F09CAAAD45A8B6A1D770F84ACB80
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cdcdb13d8686b0b8eec9b808c7de10beb5af08c32b9c11605cc9418dbf0682c7
                                                                • Instruction ID: 2372f39f94a44eff6e67aaf8cdb71e0641f93949acf014b81e1a0d80d6300364
                                                                • Opcode Fuzzy Hash: cdcdb13d8686b0b8eec9b808c7de10beb5af08c32b9c11605cc9418dbf0682c7
                                                                • Instruction Fuzzy Hash: B21133707042409FD720DB69D888E63BBF9EF89715B18896AE04AC7252E731E84ACB50
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 03478f9d39011be0c8a1e8097ad46a4f6c244aeec1d922ce4f73976af29729d8
                                                                • Instruction ID: 861ade170f0adbddf280367734716cb06da2de6934b31f59abaf37631cd6d0c7
                                                                • Opcode Fuzzy Hash: 03478f9d39011be0c8a1e8097ad46a4f6c244aeec1d922ce4f73976af29729d8
                                                                • Instruction Fuzzy Hash: FD110035B006048BDB11BBA8E54867B7BB7EBC9B14B54C066D902C738CDF389C068BD2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 43a74c5e609161ac095f751d58d7898eaf3812da4b4c3f03eeb39bcbd0db7177
                                                                • Instruction ID: 401ea0e83fd86e6d4b17307d0f3e857d418ab4f8b7b96f365fea2408f4838a4b
                                                                • Opcode Fuzzy Hash: 43a74c5e609161ac095f751d58d7898eaf3812da4b4c3f03eeb39bcbd0db7177
                                                                • Instruction Fuzzy Hash: 691156B59007498FDB10DFAAC485BDEBFF4EB48310F24885AD469A7350C738A985CFA1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 993504d02c8aba71e8c97e9921886068715538c274cb8692856bff75eaae4f23
                                                                • Instruction ID: 3048c39c7669fd18aee5b2767b7aa4e0c28dd3d6d0320e5226de50e3ec657613
                                                                • Opcode Fuzzy Hash: 993504d02c8aba71e8c97e9921886068715538c274cb8692856bff75eaae4f23
                                                                • Instruction Fuzzy Hash: AF110A32604118AFC702CBA9DD90946FFA9FF45310B1581A7E558C7642CB31EC11C7E1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172527429.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f5ae26ce2fcc0ca43baff8bf3f29156d4d361fdb252f5c9c237b9249c176972b
                                                                • Instruction ID: 5d1f80aeec174e728e90cf0714214b5311ad06d9ed0ca10c54ac4d1a4390d8b6
                                                                • Opcode Fuzzy Hash: f5ae26ce2fcc0ca43baff8bf3f29156d4d361fdb252f5c9c237b9249c176972b
                                                                • Instruction Fuzzy Hash: 3F118236B053554BC7164B54A81066ABF7AFFC5A00F14807FD50DA7386CB758C05CBE1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2163002927.000000000296D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0296D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_296d000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 44195b226622b2357867078cbf7d777eed692dc547cb2d0e6dead9440e4eb0ea
                                                                • Instruction ID: 22da6af5122f928d5286bc57afdb60d8e4595679bc14f7252dba870fb789c437
                                                                • Opcode Fuzzy Hash: 44195b226622b2357867078cbf7d777eed692dc547cb2d0e6dead9440e4eb0ea
                                                                • Instruction Fuzzy Hash: BA11B676504280DFDF15CF14D5C4B26BFB2FB84314F24C5AAD8094B656C336D45ACBA2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 149750d22d8a8a87d9f3aa93da1b90d8edfe7672b61fe4c4461c6001e5ec2f7a
                                                                • Instruction ID: 968d98265e496c9a9650b2b0e1d374e3e8a251a4cd91e0eaaa9b4c94c6ea1971
                                                                • Opcode Fuzzy Hash: 149750d22d8a8a87d9f3aa93da1b90d8edfe7672b61fe4c4461c6001e5ec2f7a
                                                                • Instruction Fuzzy Hash: 6B11E5312102085BCB15EF18ED95FEB7BABEBC4714F408535F5068B769CE70AD458B90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8ff66a2f45130dd9d53162619dea82fc12835a21b400137e4d409cc0b2c45a65
                                                                • Instruction ID: 154fe3888f4d97adca0494cb36e58c25c4930e8127848cbaaaa67a4376915bd8
                                                                • Opcode Fuzzy Hash: 8ff66a2f45130dd9d53162619dea82fc12835a21b400137e4d409cc0b2c45a65
                                                                • Instruction Fuzzy Hash: 6601B1397043054FD7209F69C898E3AB7F6FF89365718486AE949DB351EA32EC05CB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cc6d01a1bf0ed0c65f86a7bc7d28c47f05f23cd799155b2ec4bb94f06e2aedc9
                                                                • Instruction ID: 22a75dcce51064744b409463882bdf9e499cf2ab1569946db13ede85c273fa8b
                                                                • Opcode Fuzzy Hash: cc6d01a1bf0ed0c65f86a7bc7d28c47f05f23cd799155b2ec4bb94f06e2aedc9
                                                                • Instruction Fuzzy Hash: 0A01A731A04649AFDB52DB68D484FFA7BE6FF89360F05C055E8489B341C6359802CF90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ee0f97cd76f7d354cb691469336ae42abaca306a9a09cb641405e84a48ad39df
                                                                • Instruction ID: 696823e36d4cb35a0668a26192e10e5552b1e413f38d49e03bb42e9e53087aa7
                                                                • Opcode Fuzzy Hash: ee0f97cd76f7d354cb691469336ae42abaca306a9a09cb641405e84a48ad39df
                                                                • Instruction Fuzzy Hash: 640184363001046B9B156E99EC88DBBBF6BEBC93247008439FA1987740CE318C559B50
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8fc19a0e9b2f3b9ae9d5358140b05fac00e10e6a824edc8eec61632fbab123f3
                                                                • Instruction ID: c8c25f7e1676ba28dda88ce75f88052e45e1e06b1984135d3f53491e61e6e0e7
                                                                • Opcode Fuzzy Hash: 8fc19a0e9b2f3b9ae9d5358140b05fac00e10e6a824edc8eec61632fbab123f3
                                                                • Instruction Fuzzy Hash: CA01AD387002044FD710DF69C898E3AB7FAEF89321718486AE549DB361DA32EC01CB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2778817a5f472b43319f6d3622fbbe8561557f6066108e39fbb4a28d0b105831
                                                                • Instruction ID: bad8a613e1d11ca2267486e1bd0f82cfd60205adc70ef6422e73d19299a278bb
                                                                • Opcode Fuzzy Hash: 2778817a5f472b43319f6d3622fbbe8561557f6066108e39fbb4a28d0b105831
                                                                • Instruction Fuzzy Hash: 2201DE317092489FCB05EBB4D955AAEBBF6EF85200B2084FAC40ACB392DE305C058B91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2163002927.000000000296D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0296D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_296d000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e5d1eb2c0c439ea879feedb9880094bde2181d8a0c4b7052c998206d1be8ff92
                                                                • Instruction ID: c0757cc60a793c7b7fb9d86c8ad6e0cd3edf65aa61d874bc3be10833872a253e
                                                                • Opcode Fuzzy Hash: e5d1eb2c0c439ea879feedb9880094bde2181d8a0c4b7052c998206d1be8ff92
                                                                • Instruction Fuzzy Hash: C7012B316043409BE7108A25C9C8777FFCCDF81224F18C41BEC650B246C3799445CAB1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2163002927.000000000296D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0296D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_296d000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0c0d8b17d8c46bacd1048794c530e45bbee49e688f9a4ea2d59cc6e630aa938a
                                                                • Instruction ID: 599a1f915ad1c01307ca33f3bf11e894bbdc00994f06ab302ae592fb63d213b1
                                                                • Opcode Fuzzy Hash: 0c0d8b17d8c46bacd1048794c530e45bbee49e688f9a4ea2d59cc6e630aa938a
                                                                • Instruction Fuzzy Hash: 2D01527150E3D05FD7128B258C94762BFB4DF43224F1981CBD8948F1A3C3695849C772
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 18904957981daed78b44b371ec3ce126ccd520672e97b388e52fea0bbbdbec7b
                                                                • Instruction ID: 56c9895ab3187505d39535a82f6ac98b98a2a2c3a994bdabca824060b56e6136
                                                                • Opcode Fuzzy Hash: 18904957981daed78b44b371ec3ce126ccd520672e97b388e52fea0bbbdbec7b
                                                                • Instruction Fuzzy Hash: 4A016175A041448FD350EBA8DA017AF7FB6E788714F008559E61ADB384DB745D05CB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 164dd891bf72e17367989741d60674039f111d3ed0f6db7405076c5bd886cee4
                                                                • Instruction ID: 4ef3c773bd787d42d2309b4bb1d9be016f6f11573919c559b2f07ca0a22cc573
                                                                • Opcode Fuzzy Hash: 164dd891bf72e17367989741d60674039f111d3ed0f6db7405076c5bd886cee4
                                                                • Instruction Fuzzy Hash: E11130B59003488FDB10DFAAC885BDEBBF4EF88320F20885AD419A3310D374A944CFA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d5b46351e08ca6dae2063622a0b4c8954a83705b36d0299baec26f682de2031b
                                                                • Instruction ID: e3b2e747bbdd16de9c0d793d5fb4035e14bd09f909318cea69b84fa6aad9bea4
                                                                • Opcode Fuzzy Hash: d5b46351e08ca6dae2063622a0b4c8954a83705b36d0299baec26f682de2031b
                                                                • Instruction Fuzzy Hash: 6C017575A001049FD340FBACD9057AF7BFAEB88714F108154EA1ADB3C4DB345D018B91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 342813e699a1c607778d5e40101299a7e679388d754aa389b638b83ecc408b6a
                                                                • Instruction ID: ce508f142be10bcc7f9fa15106f33682309508715c8344645926d9287cb1ffcb
                                                                • Opcode Fuzzy Hash: 342813e699a1c607778d5e40101299a7e679388d754aa389b638b83ecc408b6a
                                                                • Instruction Fuzzy Hash: DB01F171B042569BCB04EF58E9448BEF7BAFBD9308B14886AE91197341CB358906CBB1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eab15e43114e535c6ebec336d9aa98611946e32fd35e58eb8ad089176413c1ca
                                                                • Instruction ID: 2c10965979148111636bd978892b8c0252257f5536f9704e29222dbbbad2ff61
                                                                • Opcode Fuzzy Hash: eab15e43114e535c6ebec336d9aa98611946e32fd35e58eb8ad089176413c1ca
                                                                • Instruction Fuzzy Hash: 48F0F67270410427D331951AED45B96ABDADBC4710F588079B20DC7346D965EC028351
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 45ef08b96e2f539b12d1853d5cf450330aacdf7df50324ebf550500fb8437426
                                                                • Instruction ID: e491fa196924cee5521cc1fadcda8da90bc74ef5bda09100905f0e32924a72f7
                                                                • Opcode Fuzzy Hash: 45ef08b96e2f539b12d1853d5cf450330aacdf7df50324ebf550500fb8437426
                                                                • Instruction Fuzzy Hash: D2F0F672A0405CAFCB41CE95D910BFB7FECDB98111B048096F984C7201D639CB0197A0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e6a13fe507e921186e6e827b7ee606de38a680d86af14b724c98fcb53a2fefbe
                                                                • Instruction ID: a154bc027f78e395bcdd6b67eb808f1afb4c76f2f1d9d75b858a188b6f13ec61
                                                                • Opcode Fuzzy Hash: e6a13fe507e921186e6e827b7ee606de38a680d86af14b724c98fcb53a2fefbe
                                                                • Instruction Fuzzy Hash: B1F02B323806085FEF257564AD1177B32A7DB84610F104066ED06D7284FF759C00CB84
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dd52976fbf7e629342363f6476bbe98d7716b4b2d97770daba8b96771e0cca11
                                                                • Instruction ID: eac22dc4b3d8bcd0ed07914788c3f8657ae9ad5d2b176077d08bf372cea649e0
                                                                • Opcode Fuzzy Hash: dd52976fbf7e629342363f6476bbe98d7716b4b2d97770daba8b96771e0cca11
                                                                • Instruction Fuzzy Hash: 6FF0FF72104198BFDF429F95CC10CFA7FB9EF0D250B059086FE9492161C676D961EFA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d68c823a88729f3f9b85e93a4cd5907c86c89685c482ab525d7a1aaa34e42d44
                                                                • Instruction ID: f9239bdc6cf5c13063825ecbd9c508a51c541a628a2dad02ac86cff5b57658a5
                                                                • Opcode Fuzzy Hash: d68c823a88729f3f9b85e93a4cd5907c86c89685c482ab525d7a1aaa34e42d44
                                                                • Instruction Fuzzy Hash: 29F0E2B220C0509FC244DA5CE881FABF7E9DBC8600B48C45AF141D7386CA69DC02CBB1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 84e2cc7027c2a4dad2d163c17612e43bf98e10aa175ae476b0cca9d916a297d4
                                                                • Instruction ID: 50620ddbeb91e49e85b68332d36921f79bafd76fd347cd8d280303c45fab4e39
                                                                • Opcode Fuzzy Hash: 84e2cc7027c2a4dad2d163c17612e43bf98e10aa175ae476b0cca9d916a297d4
                                                                • Instruction Fuzzy Hash: 7FF050353446449FEF3A2764AC1177A37A3DB80604F144056DD02DB2C4FF758C01CB40
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4f9e7139ea62294c0abb90ea46f5e1b4a429a0d08e849bc5c5cd08fff182c75c
                                                                • Instruction ID: cbcb74358f641442ca25dad951d1f008ba39b9f5db99c7a0ddd8220306db394f
                                                                • Opcode Fuzzy Hash: 4f9e7139ea62294c0abb90ea46f5e1b4a429a0d08e849bc5c5cd08fff182c75c
                                                                • Instruction Fuzzy Hash: 7BE068A2F0BA258BC721181DACADA2EAAA5EFC1910390417FE804CB386C884CC064391
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7fdf62c8e9bb0103563f2e980f0e330cd457fced204846b6a26869ad60fec674
                                                                • Instruction ID: 0bfc64e2f746d3cb0eb3b318a16f894ecd7691302ec6864064d950fcf3a9f310
                                                                • Opcode Fuzzy Hash: 7fdf62c8e9bb0103563f2e980f0e330cd457fced204846b6a26869ad60fec674
                                                                • Instruction Fuzzy Hash: A8F0AE20A8E7E15FC72307A828B15EE7FB59D8315434E06D6C8C1CB5A3C605982BC3A2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 84cce6798d545ead1ddc35dc85d795a6f252c37e25337bf6511d6ce01bbaf68b
                                                                • Instruction ID: eee239566b92d6f5b75583f347232e5024f73b3b84e3b2e01f98736456b02287
                                                                • Opcode Fuzzy Hash: 84cce6798d545ead1ddc35dc85d795a6f252c37e25337bf6511d6ce01bbaf68b
                                                                • Instruction Fuzzy Hash: 46F09837110114BFCB068F84DD41D95BB66FF8C320B49819AFA148B632C672D921EB50
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eb3db534677890b3dbe19c2098a0a2a9b41facbad22f06b812c4aecdc277c472
                                                                • Instruction ID: e1e9855c4f00fb3348513bd1b2dead0dd63f860ba5aa35c3bc835d99b8343aa0
                                                                • Opcode Fuzzy Hash: eb3db534677890b3dbe19c2098a0a2a9b41facbad22f06b812c4aecdc277c472
                                                                • Instruction Fuzzy Hash: 6FF0E5313902087BDB20A95DAD11F6A7AABABC5B90F2440A9F605DB285CF71DC02C775
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5a9bb1de0ef836698de18551fc1f4960d2ac736207c78e11f70b68ae23b32539
                                                                • Instruction ID: 4f75094bb9478b5f38afb3f0e68f75da7b29a730a47279b3178d779908cc5f7d
                                                                • Opcode Fuzzy Hash: 5a9bb1de0ef836698de18551fc1f4960d2ac736207c78e11f70b68ae23b32539
                                                                • Instruction Fuzzy Hash: 67F02776700504ABC701AAD8EC80A6B779BEBCC760F15C43AE54AC7344DE348C058B90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: afbb680253654587f8130511f9b86724eabb4caec4661f22d0482b3e1bf9cb65
                                                                • Instruction ID: f2b701108a9d031efb3136d799c5e585948bfb1ef81a41f3dcfa7e0ac063e27f
                                                                • Opcode Fuzzy Hash: afbb680253654587f8130511f9b86724eabb4caec4661f22d0482b3e1bf9cb65
                                                                • Instruction Fuzzy Hash: 61F0A0323004086B8715BA89E884D6B77AFE7C8764B10C029F50AC7304CE349C058BA4
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bdff087665b7d8919d6221f1a9d134bcf675810282d0a27f2dbb338ef33cf2ff
                                                                • Instruction ID: 62247557825e783dfc6ec82c305e1cc1331e37c083586b83568978eced845af0
                                                                • Opcode Fuzzy Hash: bdff087665b7d8919d6221f1a9d134bcf675810282d0a27f2dbb338ef33cf2ff
                                                                • Instruction Fuzzy Hash: 81F030721040986FCB418E95DC11EF77FADDB4D111B08805AB9A4C6241C56ADA119BB0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 56ac08bb3af314fa38019d21ad8a00eeb8e4db72680835b3e40215a3dbcac821
                                                                • Instruction ID: 856a2d9b21af6b4c8e8614b909c818f363511e34b9f74b1bb61767cc83032e69
                                                                • Opcode Fuzzy Hash: 56ac08bb3af314fa38019d21ad8a00eeb8e4db72680835b3e40215a3dbcac821
                                                                • Instruction Fuzzy Hash: E2F05C313502046BDB11AE6CFC02F6677D6AB81B50F180099F104DF181CF31D805C720
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 14505ffedc6c82108990f4209b1419d4c08ad53e4e60239238fa9a1a24f20fe2
                                                                • Instruction ID: 6f38a0e8a5b9129f840c1b2ee318a6f7a0e9dae6b0423ff881670e1482b1c20f
                                                                • Opcode Fuzzy Hash: 14505ffedc6c82108990f4209b1419d4c08ad53e4e60239238fa9a1a24f20fe2
                                                                • Instruction Fuzzy Hash: FCF01C32104198BFDF028F94CC51DFA7FADEB4A264F098146FD9496251C63ADD21DBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aefb52715d79d1f2a1df4d0eb3a57c53838c311ce3a2445bdad4319dbaeaacb1
                                                                • Instruction ID: 8cbd2939e8c155c32bc46197b7baae45772582d04b69e16b08c400dab2b3abce
                                                                • Opcode Fuzzy Hash: aefb52715d79d1f2a1df4d0eb3a57c53838c311ce3a2445bdad4319dbaeaacb1
                                                                • Instruction Fuzzy Hash: 94E0263D7801102FE3041A6978C497A7FEFEBDC6A170802AAF909D3380CE258C0287E0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a7f46ae47aa02b4d8c2c30df2a8e40c637039caa0d8cf7d5ef19c94d829c000f
                                                                • Instruction ID: aeffd0a4b855a6a7e0a1d9b9f5d20d44b99e1bd1abbf8053874c285dbc3af060
                                                                • Opcode Fuzzy Hash: a7f46ae47aa02b4d8c2c30df2a8e40c637039caa0d8cf7d5ef19c94d829c000f
                                                                • Instruction Fuzzy Hash: 18F0E271508204AFC702CF90EA41A6EBFF5EF85200F00449EE54493311DE32CD11DBA2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9a0c3db556fccd54bcc532f9dda4a7a3bdae50f6826c04094e093c4d801d8b28
                                                                • Instruction ID: 5fc88837c962c9d21d851f7493fca1fd379b268cc6749b0c1c8e463406577233
                                                                • Opcode Fuzzy Hash: 9a0c3db556fccd54bcc532f9dda4a7a3bdae50f6826c04094e093c4d801d8b28
                                                                • Instruction Fuzzy Hash: E3E0E531B402406FC24087A8E859BF977B6EFC8225F094055E40AC7286CE6058128B91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8289012d55b6c0c5caf43dab8755c3b4350dcb5b86443ffb509ba0317ada3dee
                                                                • Instruction ID: fb00403923c28eaeff1c61ab3bc6587d911fc7087db15070851f96f94d8c06ee
                                                                • Opcode Fuzzy Hash: 8289012d55b6c0c5caf43dab8755c3b4350dcb5b86443ffb509ba0317ada3dee
                                                                • Instruction Fuzzy Hash: 15E0863674C2201FE7016E7928692BA7BD3EFC2115B0408ABD286CB296E836C40E5355
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b7e92342d3fadc4449e22ea965c4d2a220c5c7e6f18ed45255d07c74e3037b66
                                                                • Instruction ID: 1696db3689ddfbb9a476d7ba0feb0f56acac1dc8660fc1e4a0ffbf61d09ce90b
                                                                • Opcode Fuzzy Hash: b7e92342d3fadc4449e22ea965c4d2a220c5c7e6f18ed45255d07c74e3037b66
                                                                • Instruction Fuzzy Hash: 30E04F731041982FC751C999DC11BF67BADCB4A121F48819BB995C6241C56ADA0297A0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 81dde8b56a42fb397e862597a8c272d578b6f50717ccb1acaf78dbfedad91ccf
                                                                • Instruction ID: ffee32ea8a2ec489e8c25c00981a96813e911f69f6b9a3d9c64ca13ea34898a0
                                                                • Opcode Fuzzy Hash: 81dde8b56a42fb397e862597a8c272d578b6f50717ccb1acaf78dbfedad91ccf
                                                                • Instruction Fuzzy Hash: F1F06DB25000986FDF41CED4CD509FB3FA9EB4C255B098046FDA8D6291C53AD922EBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c4bda357c20a54fe93f613c336d18a9ea6305ba1d949cd2ef60ff5501e5cb8f6
                                                                • Instruction ID: 6180b2ef79baccfc271b2ae5fc7e746b1290ab653ff8efeec581b77ee4320c5c
                                                                • Opcode Fuzzy Hash: c4bda357c20a54fe93f613c336d18a9ea6305ba1d949cd2ef60ff5501e5cb8f6
                                                                • Instruction Fuzzy Hash: B4F01530921208DFCB00EF74EA916BE7BEAFF84608F400569E50AD3254EF321E00DB81
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d0f98bbe6fac17795ef9dff6a22d64f3a5612118def98b6b19cf68c9f201a836
                                                                • Instruction ID: 0c7f5c5195da36e64f1626e92f0617269b415c96783c2c1f09553048b072b9f2
                                                                • Opcode Fuzzy Hash: d0f98bbe6fac17795ef9dff6a22d64f3a5612118def98b6b19cf68c9f201a836
                                                                • Instruction Fuzzy Hash: B0E01A33100109BFDF028E84DD41EEA7B6AEB5C320F04811AFD0496210CA76D922EB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 177d5791acef8595aa926b40a69c68f5df56fe0bc6337303b31ca63abd6ee6e6
                                                                • Instruction ID: f953bfcdbcb7654e6b344f9652ec0bea203763c5ef196812c8f9ab0dd4ab962c
                                                                • Opcode Fuzzy Hash: 177d5791acef8595aa926b40a69c68f5df56fe0bc6337303b31ca63abd6ee6e6
                                                                • Instruction Fuzzy Hash: 8CE0D8F2845148AFCB01DEB4C96168B7BB9DF81241B4644FA9008CF251FE36CD04DB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ade3f30ca73d9521f1d711e6c9dba2d7e3d29bc3f9d59fe2721135c6b56860c7
                                                                • Instruction ID: e1ce6dca997594e4742ac1fa2bad51e335f8b7f90d39ea425b300a91f275eae9
                                                                • Opcode Fuzzy Hash: ade3f30ca73d9521f1d711e6c9dba2d7e3d29bc3f9d59fe2721135c6b56860c7
                                                                • Instruction Fuzzy Hash: 7DF08C729106089FCB01EFA8C9518AABB71EF49300F02865AE8486B260EB31D961CB80
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
                                                                • Instruction ID: 704a75d8dcbbdfedf44427af84db028faf61110e9c107736e094e3b967943e86
                                                                • Opcode Fuzzy Hash: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
                                                                • Instruction Fuzzy Hash: 81E0ED721041987F8B41CE95CC10CFA7FEDEB4D265B088046FE98D2151C576DD21EBB0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 84c57b0e2bfed55ef804dc56f6b64417dc5e305dfefac31702bf65472afd9694
                                                                • Instruction ID: eb26e31ae20f225e0025f65242a6482c7c993b0767ce9ed0459b9bcd7cd3d31e
                                                                • Opcode Fuzzy Hash: 84c57b0e2bfed55ef804dc56f6b64417dc5e305dfefac31702bf65472afd9694
                                                                • Instruction Fuzzy Hash: 35E0DF731000182FCB00CE84CC01BF63BADDB99221F08801ABA44C3282C576DD229BA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9c99f025ee4678c28460d9c6cbeb269712308e7c9502ea2dd5b843a21d20d244
                                                                • Instruction ID: d05ba755697b292cc86a4e640421743b3fbb0b7efead9f8bf4f5c005903717eb
                                                                • Opcode Fuzzy Hash: 9c99f025ee4678c28460d9c6cbeb269712308e7c9502ea2dd5b843a21d20d244
                                                                • Instruction Fuzzy Hash: E2E0DF722041509BCB54DE5CD844F2BB7AADFCDB11F2884A9F245D734ACA349C138BA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 29d894a5f0189b5d106d5d8f82b573113cc6e7bb77683b22babd804d51f0adcf
                                                                • Instruction ID: aea1953cea3ea272ba105161d8275ec605848a738a27473619ac543ed7719931
                                                                • Opcode Fuzzy Hash: 29d894a5f0189b5d106d5d8f82b573113cc6e7bb77683b22babd804d51f0adcf
                                                                • Instruction Fuzzy Hash: B6E0C2353401143B0204215A6C8483FBFAFEBC86B4304016AF909C3341CE229C0186E4
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 09e942b8ce9bff54ac7e214b617d667ff7a45982f35bcf05bc5ac46d78f6f13a
                                                                • Instruction ID: a309809ff6787cc3c628789ee959743f74020c8f72db9771f1ab33bf2258765c
                                                                • Opcode Fuzzy Hash: 09e942b8ce9bff54ac7e214b617d667ff7a45982f35bcf05bc5ac46d78f6f13a
                                                                • Instruction Fuzzy Hash: 9CE0E535A045909FC3859B7CA1A9AE83FF0EF4E21074604E5E94ACB222DA219817CB51
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
                                                                • Instruction ID: ab42ce4db648e4beb32346b8b6c2f302b8672c3b12da0919521848ec76e6fc6f
                                                                • Opcode Fuzzy Hash: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
                                                                • Instruction Fuzzy Hash: 83E04F721040A87F8B41CE99CC10DFB7FED9A4D111B08804BFDA4C2242C57AD922EBB0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 507fd2608d5cb9f24c42b861acd42e420d4a69bdf8015ab3ca2f94d709c1e1cd
                                                                • Instruction ID: 155568db29b5aa71c7abe8401c42ffe6b0ec67fc1012b048173c43b7a0080ee9
                                                                • Opcode Fuzzy Hash: 507fd2608d5cb9f24c42b861acd42e420d4a69bdf8015ab3ca2f94d709c1e1cd
                                                                • Instruction Fuzzy Hash: 3DE086B0B005509FE714EF65E841516FFFAABC8215B08C5AFE40D8B616DF3698438B80
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eec88318de5132ba8b17d10d1bb5d28a50ea0f71f54aeb3fcbf8ce909340bca8
                                                                • Instruction ID: fadb0fe11361041974d83eae9a6a49febfb08b764ff61d766c40c0338829434d
                                                                • Opcode Fuzzy Hash: eec88318de5132ba8b17d10d1bb5d28a50ea0f71f54aeb3fcbf8ce909340bca8
                                                                • Instruction Fuzzy Hash: 28E0E530A10209ABCB04EBA4DA916AE7BBAEB85208B5041A9D50997259EE316E00CB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 734895e0b034996e75c72c9188701837f1c3073380133e879d580c633db44360
                                                                • Instruction ID: d0eae43fbdf7ff00c625e6f7586bd1fdf27f76894858b0425825acdf541c983c
                                                                • Opcode Fuzzy Hash: 734895e0b034996e75c72c9188701837f1c3073380133e879d580c633db44360
                                                                • Instruction Fuzzy Hash: ADD0123631011477D715698DE844EBB7B9FE7C9B21F448026F60AC7644CE769C129BE0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d1bf406c5e65794c70ea2a6d0f8a0462bff4d8696a0f7af836e7bcb2d20f3c7d
                                                                • Instruction ID: 63ab400f89d7e8e89f9d2afdd8730bfa1b564a6fff666fc266f07cb4638aca47
                                                                • Opcode Fuzzy Hash: d1bf406c5e65794c70ea2a6d0f8a0462bff4d8696a0f7af836e7bcb2d20f3c7d
                                                                • Instruction Fuzzy Hash: 52D01772916108AFCB02DBA4D9017DEBBBAEF48210F9052B69504D7751E9359B005AD1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0724d29db7bcbdcb1fd44a13330a8934edece22d87a80d4ab1e9591ebe7073d9
                                                                • Instruction ID: ba265d4eb8037e8ec3e91fc610edd800fca7c58e1c9920a864d542039edad857
                                                                • Opcode Fuzzy Hash: 0724d29db7bcbdcb1fd44a13330a8934edece22d87a80d4ab1e9591ebe7073d9
                                                                • Instruction Fuzzy Hash: 97E01236B951A05FC7515B7894584EC3FB29F9621534501E6E485CB277EA214C078B50
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 855647703dfc79b321095a9226415097f1144afebfa55a47a7e6ead7084d8312
                                                                • Instruction ID: 8021767a95a163f884b4efbc97ab186d054440a7c910b64f1dd60891ff1fb000
                                                                • Opcode Fuzzy Hash: 855647703dfc79b321095a9226415097f1144afebfa55a47a7e6ead7084d8312
                                                                • Instruction Fuzzy Hash: 53D05B36B442248F465657B995445BB77FD9FC566130651A0E54ACB322CE31DC40C7D0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 042c5f74e670b3897208d7bda92d0525a5df5169d623e909dfc50c2548c000b7
                                                                • Instruction ID: 48046f3924097a984c0c63207e2b45b55d57919fb40a90caf613aadc1aef1a2e
                                                                • Opcode Fuzzy Hash: 042c5f74e670b3897208d7bda92d0525a5df5169d623e909dfc50c2548c000b7
                                                                • Instruction Fuzzy Hash: 9FE09A30A20209DBCB44FF64DE5156E7BBBFB85608B5045A9D509D7254DE316E00DB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d5a8f2ecf7128458812853fc9d844f46e2641494aec88e5bd51e33b1ccfd5a2
                                                                • Instruction ID: ce4f6ee8eb6c8730e58a5e33490c1700bb99d738f166d5e5edfc288d23c13d11
                                                                • Opcode Fuzzy Hash: 5d5a8f2ecf7128458812853fc9d844f46e2641494aec88e5bd51e33b1ccfd5a2
                                                                • Instruction Fuzzy Hash: 16D0177284130CABCF02DAA8EA427CA77E9DB49310FD0A2A6D504F7210EE399B419691
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da87e9e52e7e17a6dd349413c1ab808a1310861d886b9caba54e14facf930885
                                                                • Instruction ID: a8c41e9e5b7b05847af8b842468b1cdfe53fe87e0db9f9034f5708dce1652489
                                                                • Opcode Fuzzy Hash: da87e9e52e7e17a6dd349413c1ab808a1310861d886b9caba54e14facf930885
                                                                • Instruction Fuzzy Hash: B0E01D76541108AFCB01DFB8CD4174A7BFDDF45200F414195D548D7355ED31A51467C1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 228d9a32c0817061a18cf453d39405ce6ec0183b078d3c88fd4c64ed7a45c664
                                                                • Instruction ID: 2d0a773a029407eae3fe7c0ce11f6513421b4d2ebb67851d2266bafdb60e4e29
                                                                • Opcode Fuzzy Hash: 228d9a32c0817061a18cf453d39405ce6ec0183b078d3c88fd4c64ed7a45c664
                                                                • Instruction Fuzzy Hash: BAE04FB25002486FDB01CF84D955AA63FB5DB54211B04C05AFD5586251C672C823DB50
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b61be6ac9ae8229af0afd10b542b4ebc6fbf6435ad6717cc0e62f469dd578db9
                                                                • Instruction ID: 41761f545959de8b8a1ee148868a2d6f5c7caf778c370c28b7c03dca0967474c
                                                                • Opcode Fuzzy Hash: b61be6ac9ae8229af0afd10b542b4ebc6fbf6435ad6717cc0e62f469dd578db9
                                                                • Instruction Fuzzy Hash: 51E0D831D48690C7D7028BB9D05839677A5BF49714F0A85F9C849AB107CF384803CB96
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
                                                                • Instruction ID: b7c15f5d6199f36f7ff641d71568f529fc96a3582e1d2df4f696ef0e7959edf5
                                                                • Opcode Fuzzy Hash: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
                                                                • Instruction Fuzzy Hash: 05E0EC721041586F8B41CE89D811CB67BADDB89260704805ABD5486251C672DD229BB0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
                                                                • Instruction ID: 5ffbf746aedd02beee038126ebb7434ed0446538cd87c6cc494697cfdbe4e50a
                                                                • Opcode Fuzzy Hash: a8e2869a3afbe9af28b473b636aed89354cbd2061cd8bfc760e64b876deb78e5
                                                                • Instruction Fuzzy Hash: 3FD012721041A82F8750CA99D810DB77BEC9A4D121708C05BB994C7242C565DD1197B0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5bd5e710004956d66dfe3e2215aab6d0f81319c1ea20041723a612196364da64
                                                                • Instruction ID: 0e78a27741c7657a89158647ee5ee4e5ddb29d7e211c5697c5f048b27a1ad32d
                                                                • Opcode Fuzzy Hash: 5bd5e710004956d66dfe3e2215aab6d0f81319c1ea20041723a612196364da64
                                                                • Instruction Fuzzy Hash: 1BE02636100119BF9F059E84DC41CEA7B6AEB99664B14805AFE1556221C673D932EB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 28eadfde4d1488f6537711f375d336392956f1bf8eb21e5985e311c4e11986be
                                                                • Instruction ID: 7670a47c8b9b9bad4f662458775c24cc80b274b73981766e91654b12ed99cb48
                                                                • Opcode Fuzzy Hash: 28eadfde4d1488f6537711f375d336392956f1bf8eb21e5985e311c4e11986be
                                                                • Instruction Fuzzy Hash: E0D012732142105BD244E94CD985ED6F765E7D8214F45891BE40087349C7A6EC56C761
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fdd745460ca7d5efc9c1dc2ce27f995a4aac50829a4d18a94f40eb6df460b945
                                                                • Instruction ID: 3cf7624e7ebc167b6df1485056a3171d0a6a72460343c0df891e93520e142d0a
                                                                • Opcode Fuzzy Hash: fdd745460ca7d5efc9c1dc2ce27f995a4aac50829a4d18a94f40eb6df460b945
                                                                • Instruction Fuzzy Hash: 8BE0EC765001186BDB01CE84DC41AA67B6AEB99264F18C05ABD0496351DAB2DD22DB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 183ca1c9985caefa721462605e0477bf7566358c53f32d4335eebb36ddb2d1ad
                                                                • Instruction ID: 749971262bac8b7b814980c064dd58610297fe20a674cb7fe51cf159094c2c7d
                                                                • Opcode Fuzzy Hash: 183ca1c9985caefa721462605e0477bf7566358c53f32d4335eebb36ddb2d1ad
                                                                • Instruction Fuzzy Hash: 50D05B722191A11BC340C758C851AB2FBE4EF89108F2C8C8EE4D0D3341D795DC12C750
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c401e05ae8a53d022bb62e9aa7ebf15cd746ffff03d46372940d46b91c2177f7
                                                                • Instruction ID: 72a1bb0cb7246a06748f6bc4093bc4bfcde1f1888c2016fd768bed1e720b81dc
                                                                • Opcode Fuzzy Hash: c401e05ae8a53d022bb62e9aa7ebf15cd746ffff03d46372940d46b91c2177f7
                                                                • Instruction Fuzzy Hash: E0E0C2321081129FC302CA14D901A5ABBA1DBCA610F08844EA4409B341C662DC02C7B2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b2d3bcddbbe89d11c11882ebef960ab9ef583d582f2fa2957854997a7736c7db
                                                                • Instruction ID: b3bf0e856bc63919b112f8f4dc60fbd29af11fe6217203d23a42c518146c2de7
                                                                • Opcode Fuzzy Hash: b2d3bcddbbe89d11c11882ebef960ab9ef583d582f2fa2957854997a7736c7db
                                                                • Instruction Fuzzy Hash: 87E04F351092D46FDB46CFA498508B67F65DB46220708849BF89486153C6718922EB60
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 76e7ac50f3e425859741c4dc5d5d7d446904bd10c5b35c5acca7a2c3440fc5f7
                                                                • Instruction ID: ce1cb9e0f19e7407cf42d9c5da392714d90cf53eabb12e15d7f00900531c975c
                                                                • Opcode Fuzzy Hash: 76e7ac50f3e425859741c4dc5d5d7d446904bd10c5b35c5acca7a2c3440fc5f7
                                                                • Instruction Fuzzy Hash: 02E0C2B35000446FDB00CE84DD40AA63B65DB95211B04C45AF85987241CA72CC22DF60
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                                • Instruction ID: 74bd5e682b91a2d78f462f720d40d5774850364329bd47b2e62bddd07364fa43
                                                                • Opcode Fuzzy Hash: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                                • Instruction Fuzzy Hash: B2D012321001187F8B01CE84DC01CA67B6DEB89260704C056FD1487211C672DD22DBE0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 483ddba10cfe04d49426b69ce3b106972bde54d9aa56f32e09d54c0e9c8e5315
                                                                • Instruction ID: 01e092a4b0ea7937bf107313cf36ec526378db758f0a6039a169a338e80a4eee
                                                                • Opcode Fuzzy Hash: 483ddba10cfe04d49426b69ce3b106972bde54d9aa56f32e09d54c0e9c8e5315
                                                                • Instruction Fuzzy Hash: ECD012B184624CAFDF02EBF0A6516997FB99B46200F404197D90497112FE314A14A7D2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4eaff115308764575a877b2a4031da13a1d308c3a3d68b1cb948e063d64aaec6
                                                                • Instruction ID: 3e4c96e36021c1a4edacee29648c98e956dd6f0305bcb4c8c7d52ca94cd8702b
                                                                • Opcode Fuzzy Hash: 4eaff115308764575a877b2a4031da13a1d308c3a3d68b1cb948e063d64aaec6
                                                                • Instruction Fuzzy Hash: C1E0ECB4609280AFD345EB54D950926BBA2BBC9304F18C89EF8558B356CB22D807DB50
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fd07d7bc5c57c5198c4d769ffa814643b2c2a2ef3df922a8d6977abd7ae9f0c7
                                                                • Instruction ID: b1030d8eeb4bf33a0c2e509436c918961be7f2801ee1ceb243b5e41c71bbc175
                                                                • Opcode Fuzzy Hash: fd07d7bc5c57c5198c4d769ffa814643b2c2a2ef3df922a8d6977abd7ae9f0c7
                                                                • Instruction Fuzzy Hash: 35E01735B405149FC388EB6CE558AA937E8FB4C26178200A5E90ACB321CA20AC00CF95
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f515104a9a2e0d3d29402b148da9ed091d192f77d3c35a04420d33f8e165b408
                                                                • Instruction ID: b1c5e0cb9a25cd6f792e7ba13d68b76d0f7c0b29f3c023f44dc44b31e9c1d253
                                                                • Opcode Fuzzy Hash: f515104a9a2e0d3d29402b148da9ed091d192f77d3c35a04420d33f8e165b408
                                                                • Instruction Fuzzy Hash: 0FD05E361080109FD601CA44E941FABB7A6DBC8610F14854EB400A7350C666DD038662
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b36e87db1faa926ae2d11c53c3c97b9f4ab91de93a38e4f00e73e720f3b1b0de
                                                                • Instruction ID: 91e9f994d36b9700ad04ba365ef47a9f2cd11e782fd39d7bd402f8c2fd243aab
                                                                • Opcode Fuzzy Hash: b36e87db1faa926ae2d11c53c3c97b9f4ab91de93a38e4f00e73e720f3b1b0de
                                                                • Instruction Fuzzy Hash: 4BD0A7736041109FD300CE44ED41F56B7E6DFD8710F04880EB44097342CA62DD02CBB2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b92a0269fb26e317ae540b436601fae4c8c83f3fbd9f7cfd78cf5d6e266f1351
                                                                • Instruction ID: 7d567d07afa803438f52ed85a3a11fcf3c1f3c0e6fc7b58ded28c7bd5f2d4398
                                                                • Opcode Fuzzy Hash: b92a0269fb26e317ae540b436601fae4c8c83f3fbd9f7cfd78cf5d6e266f1351
                                                                • Instruction Fuzzy Hash: 29D0A7771042106FD700D908D941EDAB365EBD4310F049D0EE80087341CF61DD038750
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 627678c77b6ca1d2d5359f312a7abdbd53c11bcfb9700b10a8397adf19c83cf0
                                                                • Instruction ID: 834f07f618a115a8d15cde92acd787ddf838306dbfba4647a5d13e51a607b78a
                                                                • Opcode Fuzzy Hash: 627678c77b6ca1d2d5359f312a7abdbd53c11bcfb9700b10a8397adf19c83cf0
                                                                • Instruction Fuzzy Hash: 76D0A7372053209FD200C954D841BD6B3E5EBC4230F08880FBC0187742DAA3DE86C650
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2f258594c45ddb287a53b13cdc3d8576d39c14367386885cfdb96fc0b9976917
                                                                • Instruction ID: fefd8fe3ff5a1d2b9e339c01478e279b6a6ee1f69a9e417f013fcc82f79edd16
                                                                • Opcode Fuzzy Hash: 2f258594c45ddb287a53b13cdc3d8576d39c14367386885cfdb96fc0b9976917
                                                                • Instruction Fuzzy Hash: 4BD05EB71081109BD605CE54E982F9AB7E5DFC8A14F18884EB840A7351D666DE17C7A2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e60dc44be83e2babf62c075e5a1e053353aec41cbb42c0b0c1618052f253b283
                                                                • Instruction ID: f948b0cc73d79182867c4ae968aee6d8bd628623f5cf4387ee68946a288a633c
                                                                • Opcode Fuzzy Hash: e60dc44be83e2babf62c075e5a1e053353aec41cbb42c0b0c1618052f253b283
                                                                • Instruction Fuzzy Hash: B6D0A7777042116FE341D904D881AD6B375FFC4310F18C91EE80087382D666DD03CA90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f7c503def01101f8f123646ff57c1a07dbc1323d8667a3690d2b72de4cb236e1
                                                                • Instruction ID: 10153d1602c101d9355c7e4d74a2d3b680046c4a0b15ad9cc6c68aee59230438
                                                                • Opcode Fuzzy Hash: f7c503def01101f8f123646ff57c1a07dbc1323d8667a3690d2b72de4cb236e1
                                                                • Instruction Fuzzy Hash: E4D05E761142119FD340CB08DCC2F52F3A9FFC4308F28884AE85083300D765EC22CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                                                                • Instruction ID: d8e6f52d84d0e9a7535ad6c92223e7db018a165c074aefbb2bfd7201b7f166f6
                                                                • Opcode Fuzzy Hash: 8ab869af69afa5e3705abfa003fbeb05737d94153e11a484e1e7a4c73e3e153c
                                                                • Instruction Fuzzy Hash: D3D05E322001187F8B00CE88DC00CA67BADEB89220B04C05AFD5887241CAB2ED22DBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1fc158e1450c88d29e063d85d263e16064dccdf0d8ea8b8714b3c9e1d2220cb0
                                                                • Instruction ID: e11d4ce1e89fdbbaf2babf525b27bdcd91182c37417492870a9f324f121a654e
                                                                • Opcode Fuzzy Hash: 1fc158e1450c88d29e063d85d263e16064dccdf0d8ea8b8714b3c9e1d2220cb0
                                                                • Instruction Fuzzy Hash: FCE01276500004AFDB41CED4DD519667B21EB88351B0AC45BFD54972A1DA72DD22EB40
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 81a2d8954466da127c84c1ef70aa236854cb6a0a5702d31d34eeb5787439287b
                                                                • Instruction ID: b9e45ad7037caa968c6f6cfd42229f5e0cca072b9a35f0c3c5e3b7eb5ac05433
                                                                • Opcode Fuzzy Hash: 81a2d8954466da127c84c1ef70aa236854cb6a0a5702d31d34eeb5787439287b
                                                                • Instruction Fuzzy Hash: 4DD012765181505FD340CB94E901E66BBE9DFC9610F19884EF84497241C561EC17DBB2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 198ef969df122b666209798f31d41ab47b1e5955f56be3c15d51a1248a19e3d4
                                                                • Instruction ID: 61734d5d6db00b47c7f473d27165e48d7f81284e0d6b856e09c7caf95dc6955c
                                                                • Opcode Fuzzy Hash: 198ef969df122b666209798f31d41ab47b1e5955f56be3c15d51a1248a19e3d4
                                                                • Instruction Fuzzy Hash: 42E0C27580A204DFCF01DBA0DA912997FB0FF4620171400E7D404E7261EA314A14DB52
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5d98552b69fd53829c18a63aa204c7b77c16a4b44f08a51c339c1429bf9a3f68
                                                                • Instruction ID: 74e7019d61da08cbd32e70e959a2eb4ded6c0dd425cce571f2652b60d04b9b98
                                                                • Opcode Fuzzy Hash: 5d98552b69fd53829c18a63aa204c7b77c16a4b44f08a51c339c1429bf9a3f68
                                                                • Instruction Fuzzy Hash: 95E0127590A2889FCB12DBB4DB1019ABFB5DF4121175101EBD484DB162F9354A489792
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 18880c93d5c2f151286068636a013853648c227a9e9d0bb20c860ba0678d223e
                                                                • Instruction ID: 2ae1cb46195340e79dec066d4c679dc7b9d55602484ac5606116bac0dc1a52b5
                                                                • Opcode Fuzzy Hash: 18880c93d5c2f151286068636a013853648c227a9e9d0bb20c860ba0678d223e
                                                                • Instruction Fuzzy Hash: DDD012323040005BC744C608CD86B96F3B1EBC8224FA8E03C6889C73A2DF36FE038661
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0cea9ee8365e278ebeccf972d3e81e6913568023a4fd2a65cebbbf8005a1b68e
                                                                • Instruction ID: 53be1732c130a7b02350f90de6f2b116dcb5865016201e01abe1afd7f6d84bb8
                                                                • Opcode Fuzzy Hash: 0cea9ee8365e278ebeccf972d3e81e6913568023a4fd2a65cebbbf8005a1b68e
                                                                • Instruction Fuzzy Hash: 25D017721081119FD241CF58E958E5BB7E6EBD8A14F15884EE480A7211C6629C17CB62
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 675dbd7393a8b1b5fc4b111bc613aa54bf3af607f3c4fe37fd74f2b3ad9e095b
                                                                • Instruction ID: 88fe3c645a3e359173b3077aa1007854f64b71d4bdc0697a0bdf84ed96e0620b
                                                                • Opcode Fuzzy Hash: 675dbd7393a8b1b5fc4b111bc613aa54bf3af607f3c4fe37fd74f2b3ad9e095b
                                                                • Instruction Fuzzy Hash: 59D02B7160C3510FD351C604CC009A377A5EFC5300B04889FF440C3642CF2A8C0BC360
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4e686f8b00d7d9b95b448aba3bcf22ad39d02744dbf66f2ffbc167f18b943196
                                                                • Instruction ID: 300474875275fc6ad99df7c25ca20017c0a13423b37acd8ef822b9d9af431f3d
                                                                • Opcode Fuzzy Hash: 4e686f8b00d7d9b95b448aba3bcf22ad39d02744dbf66f2ffbc167f18b943196
                                                                • Instruction Fuzzy Hash: 8BD05E755292906FE300DB44D800EA3BBA9ABC5300F09C84EF84083202CB619C0BDBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e8d0e92cc212f8614493f1a98d51ccfdf7d7fdff33b400c74fe24d9f34822e1
                                                                • Instruction ID: 035ff23e187856d321b93e707644857948a2cbe5c043c04fbde87a4760337fe8
                                                                • Opcode Fuzzy Hash: 1e8d0e92cc212f8614493f1a98d51ccfdf7d7fdff33b400c74fe24d9f34822e1
                                                                • Instruction Fuzzy Hash: FFD02EB6108000AFC300CE40ECA0E5BB7F6DBC8700F26881FB804A3340DA62DC02CB62
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                                • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9806b422fee61591bbdbccab13f7572f42a47a5fa3eef16c888538319a76755e
                                                                • Instruction ID: ba17aa1765bd0aebdaf32e6dec6cf4927d5e7a6becb47563efd18d542db70f1d
                                                                • Opcode Fuzzy Hash: 9806b422fee61591bbdbccab13f7572f42a47a5fa3eef16c888538319a76755e
                                                                • Instruction Fuzzy Hash: 0BD05EF26180109BC240CE94F900E17B7DA9BD5601F168C4AB544D3282C521CC178A32
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0713a873b463b8a92a95de5704f8fb378321218428b22f5acbcd229053b3b02c
                                                                • Instruction ID: 485a2ac0f45518c42560048ea053f7b85c22b456a52d3b65ffe2e07932265db3
                                                                • Opcode Fuzzy Hash: 0713a873b463b8a92a95de5704f8fb378321218428b22f5acbcd229053b3b02c
                                                                • Instruction Fuzzy Hash: 7CD05BB6D562489FC742CBF08B1159F7BB29F4530175111EB950CDB251F9318A149781
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e38c64691c5f01ec5201699daf8da469fffb07026b58029c3f3f7cb088a47fb
                                                                • Instruction ID: 9d8930fb22f5db963e73614997d4114109071800a109ed42ec34d0e39c0e090d
                                                                • Opcode Fuzzy Hash: 1e38c64691c5f01ec5201699daf8da469fffb07026b58029c3f3f7cb088a47fb
                                                                • Instruction Fuzzy Hash: 2BD012B6C051489FD742DBE0D7417DA7BF4AF85200F6045D68148A7221FA325A05D781
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8f8a1a3fb71765858a324fdf0fbeb9e08f14c9205f93404105881ad3e96f692b
                                                                • Instruction ID: 047e77e56fbc710dc65e6ce60afc98a63cd0f1b0492f6cfdd720ac5f2c89918e
                                                                • Opcode Fuzzy Hash: 8f8a1a3fb71765858a324fdf0fbeb9e08f14c9205f93404105881ad3e96f692b
                                                                • Instruction Fuzzy Hash: 5BD017BA1082219FD240CA04C881A56B3A5FFC9210F19899EE41497310CAA2EC22CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4ac15a8202c1c4ef07ee334c48aca198b74a0eeb0a4df53c3dfe85a55589b504
                                                                • Instruction ID: 7585c6e370a0eb3dd27ba2d07af126e856843ce2bd2a91a6f6fb0ba17d05e449
                                                                • Opcode Fuzzy Hash: 4ac15a8202c1c4ef07ee334c48aca198b74a0eeb0a4df53c3dfe85a55589b504
                                                                • Instruction Fuzzy Hash: 61E02B301085408FC300EB6CE850B89BBB2EFC2700F04899ED44053212DF32D807CB51
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6b33e59c0f709fc8fd82ff813f09aa0a568d9e3679a74abb8b3cff702c9fca4e
                                                                • Instruction ID: 4e777cc80947c426afe6e8ac80ddf79ce293428b1d012e61c170cfe1247f7c7b
                                                                • Opcode Fuzzy Hash: 6b33e59c0f709fc8fd82ff813f09aa0a568d9e3679a74abb8b3cff702c9fca4e
                                                                • Instruction Fuzzy Hash: 52D05E745093906FE700CB58D800A63BBA9ABC5204F05C84FE88047202CB61AC0BDBA1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a201995d22cdedf415a99d551926adb0b7f7b249979d99e0173a1ba5f8eca236
                                                                • Instruction ID: 51b71c187105043ba8245204b1055ea2c6062edf3218b44af91efd92464af204
                                                                • Opcode Fuzzy Hash: a201995d22cdedf415a99d551926adb0b7f7b249979d99e0173a1ba5f8eca236
                                                                • Instruction Fuzzy Hash: 80C080373084018F6B05A554F0957793759FBC0A2A310019EF515C3584DB31AC014754
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 78ce56ad92d04023248a20bb4134a361957b78213eaeae68eaadcc9382b112ed
                                                                • Instruction ID: 9666a3bff3f915b81650239e0390240dec85ec89218857b2ffe73dee8d251abf
                                                                • Opcode Fuzzy Hash: 78ce56ad92d04023248a20bb4134a361957b78213eaeae68eaadcc9382b112ed
                                                                • Instruction Fuzzy Hash: 72D0A77184110CAFCB03EFA4D9415AE7BFDDF4020078091EB9508E3214FD319E1057D1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6a2284755ec5835cfbbc18b7d17ff2532f5eeecc0bdb1c42391507b01b8741ea
                                                                • Instruction ID: 0b5d0a8df646eb2eef0a89b0e6a9790f7b824de3a4740cec42f69b82544c7fd0
                                                                • Opcode Fuzzy Hash: 6a2284755ec5835cfbbc18b7d17ff2532f5eeecc0bdb1c42391507b01b8741ea
                                                                • Instruction Fuzzy Hash: ACE0EC7110D2819FD302CB94E990A19BFF1AF96600B16888EE4809B2A3C6219C56CB72
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 24ca3cf25e7df12523f0971f4fcbe322aeaee3dab7e4c8f414a7e3385a4fe5e4
                                                                • Instruction ID: 09371cb134c97d4a8c799badfa4ae4b7f9cee0c93e1b103d908771f350e5e604
                                                                • Opcode Fuzzy Hash: 24ca3cf25e7df12523f0971f4fcbe322aeaee3dab7e4c8f414a7e3385a4fe5e4
                                                                • Instruction Fuzzy Hash: DDD05E716082906FE341CB48E841966BB65FBC5210F14886FE84043202CB619C57D760
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a32473b1c3452650eb179c51b185c3a76f042fd2768b25e7b67b28ac07502c4e
                                                                • Instruction ID: d720ce84e0a08c02802b1e1604c42013a8e0f908ca2a8d723214f1127b599dbc
                                                                • Opcode Fuzzy Hash: a32473b1c3452650eb179c51b185c3a76f042fd2768b25e7b67b28ac07502c4e
                                                                • Instruction Fuzzy Hash: CFD0C97190120CEF8B10DFA4EA415AEBBF9EB45215B1041A6E909E3250FE319A14AB92
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bfbc93f3421bce3f4ab2ed9b85c82f4182980b9e63e1d757c0457ca23484107c
                                                                • Instruction ID: 74de52b8a23d509ea47f29f8adfacbc5ff1999735a1c451126b316fcaf436a9c
                                                                • Opcode Fuzzy Hash: bfbc93f3421bce3f4ab2ed9b85c82f4182980b9e63e1d757c0457ca23484107c
                                                                • Instruction Fuzzy Hash: FDD0C97194120CAFCB11EFA4DA015AEBBFEEF45200B9041E69509E7210FE319A109BD2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: aa4f2fa39a7c814d16a34fd8c5c175ac1de2e501c7b7c34cfe41776536b195c4
                                                                • Instruction ID: de979496f6e9208aee1de765c13aac093e1f43ecd3c1c1f53dd7b7a25bff8c53
                                                                • Opcode Fuzzy Hash: aa4f2fa39a7c814d16a34fd8c5c175ac1de2e501c7b7c34cfe41776536b195c4
                                                                • Instruction Fuzzy Hash: D2D0C97195220CAF8B01DFA4DA0159EBBFEEF85200B9041A69508D7211FD319A149BD2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 639ef9d294bd278e19e01add676f3ef20744fc3681ecf4f18b782d3c11b3ce91
                                                                • Instruction ID: 17358e0daf9670d0abc89e75e94a1687f16bb982906bcfdfcba35e701439e34b
                                                                • Opcode Fuzzy Hash: 639ef9d294bd278e19e01add676f3ef20744fc3681ecf4f18b782d3c11b3ce91
                                                                • Instruction Fuzzy Hash: F8D012763004005BC788C604D881B91A3A1DBD4214F54D02CE409CB355DA39DE43C600
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ee02cc74f1b91b5018f3f298aa76afc6ab2ab8b89618c5252e9b29d7f8cce6db
                                                                • Instruction ID: 555a96d35229869539a0ef9eb86401d6187c71bc28ef60c5da78f02cefb09538
                                                                • Opcode Fuzzy Hash: ee02cc74f1b91b5018f3f298aa76afc6ab2ab8b89618c5252e9b29d7f8cce6db
                                                                • Instruction Fuzzy Hash: A2D0C9712001019BC784CA18CD96B92B3A1DB94214F98C02DE889C7355DB39ED43CA51
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 73acb8e8ac29edad01583e47299c9f2b1f16b87cdda0ff176ae37f168f9b7b13
                                                                • Instruction ID: 96c8666bc42bcfe9af15e0d0dcc83177f7cacf19f644a3d80bf82c47eef4fd5c
                                                                • Opcode Fuzzy Hash: 73acb8e8ac29edad01583e47299c9f2b1f16b87cdda0ff176ae37f168f9b7b13
                                                                • Instruction Fuzzy Hash: A1D0C971D4120CAF8B01DFE4DA0169EBBFDEF85200B9041E69508E7210FE319A109BD2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 32b84ff9d2953fc36f9a087033d96b34358fe8afeabc149421ff71b6b4626046
                                                                • Instruction ID: 5b1a03fa9aca6f7224a9cf2dd813551e6eaa64d8dc635b3573aa794ba74dc320
                                                                • Opcode Fuzzy Hash: 32b84ff9d2953fc36f9a087033d96b34358fe8afeabc149421ff71b6b4626046
                                                                • Instruction Fuzzy Hash: 55D0C77194110CAF8B01DFA5D60159E7BFDDF4520075041E69604D7210FD315A1057D1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6850613de36d358fe380a5b31c86ed88b4f2fe2a85fb31cfd2df3e4fd6eba847
                                                                • Instruction ID: c183e934ed703d5066aadb1374ca52a1740db3f7e82144c091912e583c6c3d8a
                                                                • Opcode Fuzzy Hash: 6850613de36d358fe380a5b31c86ed88b4f2fe2a85fb31cfd2df3e4fd6eba847
                                                                • Instruction Fuzzy Hash: EDD0A572C451489EC711DF64C6117497FB5FF42310F4403DAC4155B171DD316956D742
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 61be3e6a4d7501424448f64f8919921ac4c55c6315b17043f68c82e97ee7b104
                                                                • Instruction ID: aad854078c9d7821a9e47076b06824c0139533ace725eafa15f9b7c5182d80d2
                                                                • Opcode Fuzzy Hash: 61be3e6a4d7501424448f64f8919921ac4c55c6315b17043f68c82e97ee7b104
                                                                • Instruction Fuzzy Hash: 12D05EB65081008FC300CF94EE10A0AFB919B99A40F06885EA540A7291D622CC07CF22
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2584431ca7276fde2461c83179371791cf83553d6e4cf832e012fe1c69046a8f
                                                                • Instruction ID: 243351a6f0477571e971374305e40814c9e76f5b6387bd0a9c6c996e9b65a077
                                                                • Opcode Fuzzy Hash: 2584431ca7276fde2461c83179371791cf83553d6e4cf832e012fe1c69046a8f
                                                                • Instruction Fuzzy Hash: 2BD0C97594120CAF8B01DFA4DA0159EBBFDEF85200B9041AA9508D7214FD319A14ABD2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4b774b2900077f8f6101be93c5905537af957afcb30ed3238e5b98116322c543
                                                                • Instruction ID: d376b4c1c937f635235f707b7aad4c9a790c7808b498fc94879f133128d5a1ed
                                                                • Opcode Fuzzy Hash: 4b774b2900077f8f6101be93c5905537af957afcb30ed3238e5b98116322c543
                                                                • Instruction Fuzzy Hash: FED0C9B194120CAFCB02EFA4DA115AEBBFDEF85200B9051EA9508E7214FD319E109BD2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2471e629c691f95d49f987cfe35597ebd5bfd95960c3ef8bcb2fab7b711b6301
                                                                • Instruction ID: 295a7500a7412183f399adb81f91b2db3352961226b9e0127f8bf3d187c4ca43
                                                                • Opcode Fuzzy Hash: 2471e629c691f95d49f987cfe35597ebd5bfd95960c3ef8bcb2fab7b711b6301
                                                                • Instruction Fuzzy Hash: 25D05EB6C551489FCB41CBE4DB117AF7BF0EF84202F5106EA8408E3254FA319A10ABC1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fcf2fd73cd528b52493f9276828e2a05bbd8fc5eb67787afa37d37000f2a6113
                                                                • Instruction ID: 534082e69be6128e207c6561bd8dc9e827c5238bb71e0e62b69fad15012dc49e
                                                                • Opcode Fuzzy Hash: fcf2fd73cd528b52493f9276828e2a05bbd8fc5eb67787afa37d37000f2a6113
                                                                • Instruction Fuzzy Hash: 43D0C97595120CAF8B01DFA4DA1199EBBFDEF85240B9042AA9508E7214FD319A10ABD2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0145f38c514174184a6166fe57d4c3638943334a2d12d99e36ff335158184346
                                                                • Instruction ID: 4bb1bc5104b6d00ae3a6148ab52303cd8582a4587af11aa00428a143f9bbb167
                                                                • Opcode Fuzzy Hash: 0145f38c514174184a6166fe57d4c3638943334a2d12d99e36ff335158184346
                                                                • Instruction Fuzzy Hash: 7DD0A7F55083409BC351CE94E851953BB91EF95341F068C0DE88083381C623D802CB51
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8bc7b8e85754483757438bf3337b8f9591f86352c8dcd649d518aef93aa7be29
                                                                • Instruction ID: ef43b921423555e9462fc9fe2ad46d6eeb065be19df96e42c519abcabd48cf83
                                                                • Opcode Fuzzy Hash: 8bc7b8e85754483757438bf3337b8f9591f86352c8dcd649d518aef93aa7be29
                                                                • Instruction Fuzzy Hash: 5DD0C97195220CAF8B01DFE4DA0159EBBFEEF45200B9041A69608D7211FD319A119BD2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e7086be243ef4b0e210bff31ef112ccbf8c22b7ae11e98ff39d4ca7c09cade12
                                                                • Instruction ID: ad0c1a1bafb03c50570b422903e835bfcff3067e9f7b03d5fedb1badebda59a7
                                                                • Opcode Fuzzy Hash: e7086be243ef4b0e210bff31ef112ccbf8c22b7ae11e98ff39d4ca7c09cade12
                                                                • Instruction Fuzzy Hash: 3FD05E7910C3815BD201DA64F910852BB61ABD6200B15884AE880832C6C621CD1BCB72
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e6a5ff6153aac5ceb58f3674082453ecabed82e08b13d10243ae7a361d1c82c9
                                                                • Instruction ID: f4d96f470e2d8c5a6040fa8fa5fa6caa08a8b43c0b6a12be609b10a1fa94561d
                                                                • Opcode Fuzzy Hash: e6a5ff6153aac5ceb58f3674082453ecabed82e08b13d10243ae7a361d1c82c9
                                                                • Instruction Fuzzy Hash: 36D05E712083C18FC382CF54E890815BBB1FF9A2007168C8BE454CB2A3C732DC46CB62
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 46ee5dc24c6b831c1cc29e4449de98bdb7a22d958f3ded79decebeb490595247
                                                                • Instruction ID: 85c20a2ea37caf143f76c1ec3adcbc071a4477d42a39e1fe375730de87967a1c
                                                                • Opcode Fuzzy Hash: 46ee5dc24c6b831c1cc29e4449de98bdb7a22d958f3ded79decebeb490595247
                                                                • Instruction Fuzzy Hash: A2D0C9B96051406FE344C754D851E12BFA99B99201F14C19DA44887322DE319D56C700
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 823229f7e041d3cafb6174a2d97bbd050e78f2aa840b8d682e35fea10476d99b
                                                                • Instruction ID: 5d5daabd94edfc1a078876ca823cbc73bce37431980bc2aea1be930c15166a4b
                                                                • Opcode Fuzzy Hash: 823229f7e041d3cafb6174a2d97bbd050e78f2aa840b8d682e35fea10476d99b
                                                                • Instruction Fuzzy Hash: 30D0C97694120CAF8B01DFE4DA0159EBBFDEF85200B9045A69609D7221FE329A109BD2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 94c698d8b4de021d72d295796238898218652bc4e04c68935aa23000bcf23f00
                                                                • Instruction ID: 383c6ef378b636d503df5c750c2172573c17a73a32a5b22567027aff357380e1
                                                                • Opcode Fuzzy Hash: 94c698d8b4de021d72d295796238898218652bc4e04c68935aa23000bcf23f00
                                                                • Instruction Fuzzy Hash: B6D0C97194120CAFCF02DFA4DA1159EBBFDEF45200B9041A69608D7210FD319A10ABD2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4712ca6cd4fb1e0e01d59408095d40b9265fde31c890f0640d53249247c36eac
                                                                • Instruction ID: 7c726712dd2aa366999ce09ffb3616b0267724ebb87de1e466aedf7d387dc1d8
                                                                • Opcode Fuzzy Hash: 4712ca6cd4fb1e0e01d59408095d40b9265fde31c890f0640d53249247c36eac
                                                                • Instruction Fuzzy Hash: 8ED0A93242490046E300EA74CC12784BB71EBA2204F44C26EE1809A282EB22A14AE700
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a14d2b6515207dc58c1ebebb9e41df2bb7d9ea2b6ec03cde510f0150d9c7e694
                                                                • Instruction ID: ac5418cd574be2482ef5e137e7317fc20fcbe90c05df54b78230a04ae30ee04f
                                                                • Opcode Fuzzy Hash: a14d2b6515207dc58c1ebebb9e41df2bb7d9ea2b6ec03cde510f0150d9c7e694
                                                                • Instruction Fuzzy Hash: 45C012323010005BDB44C608CC82B96E3A2DFC8214F98E02C6409C73A1DA3AEE53CA10
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 762e602d9e2562823906d9fb314db672a313474f536d6d80de9d6135413808c5
                                                                • Instruction ID: 2c9f1e5104ef68e6af660764f7b25693ccf880b8019b492ec88524f1e0483404
                                                                • Opcode Fuzzy Hash: 762e602d9e2562823906d9fb314db672a313474f536d6d80de9d6135413808c5
                                                                • Instruction Fuzzy Hash: 9AD0C7342092805FD345DB24C9A4C51BFB19FCA115715C49ED494C7267DE35DD07C715
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ce40bc91febe934c453772ca6af4392c38009cb3533c108e64af9ab4a1de2497
                                                                • Instruction ID: b61407b6d4db2e85315d99c57ae7a5009724e9ba6afb20798920e9d0691d3a15
                                                                • Opcode Fuzzy Hash: ce40bc91febe934c453772ca6af4392c38009cb3533c108e64af9ab4a1de2497
                                                                • Instruction Fuzzy Hash: 98C080E2A755001BD344C634DD16D157791D775641714C965A04CC72D2D935D907CF51
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7fcac766c4ce8ac21331cb97a47e70ae1e3453101b51f2f6244f69ee36cba6a9
                                                                • Instruction ID: f968be1fe2a79dab78e7691b96f534d50c49c8269e8116e123811ae7608c1eba
                                                                • Opcode Fuzzy Hash: 7fcac766c4ce8ac21331cb97a47e70ae1e3453101b51f2f6244f69ee36cba6a9
                                                                • Instruction Fuzzy Hash: 85D0C9B66082508BE244DA84E851A46B752BFA4654F258C19E85193381CA62D91BCA60
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 930f812cb8b81fc03b6271282108e06942cefc215e62dc718e6a06d377710adc
                                                                • Instruction ID: 28a73bb081e61eea573b63d5cb645c429deee7a8602f9e1108fa4fb16893a6ce
                                                                • Opcode Fuzzy Hash: 930f812cb8b81fc03b6271282108e06942cefc215e62dc718e6a06d377710adc
                                                                • Instruction Fuzzy Hash: 14D0A7B151C3C04BD201DA50F410402BB61ABD5200B058C4ED44083282C621DC16CB62
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                                                                • Instruction ID: 1d2c5b51030abd186a83bee4b09449a282c16bbf154cb9b97365610c327b5c4c
                                                                • Opcode Fuzzy Hash: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                                                                • Instruction Fuzzy Hash: B8D0C9712081219F9244CA48E950C6BB7E9DBC9A10B14884EB88493241CA62DC16CBB2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ed7598bf2751ee1b20ed81c57cd2b325bd733eda1b1b4e39220da1c68b02774e
                                                                • Instruction ID: 2ea8dee69632e3e6eacb37020ec4bc56397fcb1f79fab95ca72bd69c8828dbab
                                                                • Opcode Fuzzy Hash: ed7598bf2751ee1b20ed81c57cd2b325bd733eda1b1b4e39220da1c68b02774e
                                                                • Instruction Fuzzy Hash: 8CC08CF3A210004BE300CA61CD0674BF3C1FBE0292F66D824888DC6291EA22DC438B40
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3b30319a07a66fec4d5dbeda7e2f4f00487c401c66ef2b3eb59a2102f9a65ef3
                                                                • Instruction ID: 05d396d02e5be3014e8e120c980ec6e3adc041e2a563130cc5a36e8747528af1
                                                                • Opcode Fuzzy Hash: 3b30319a07a66fec4d5dbeda7e2f4f00487c401c66ef2b3eb59a2102f9a65ef3
                                                                • Instruction Fuzzy Hash: 5AD017711082029FD345CF84FA40A09B7A2AB88600F50884EE44063222CB329C46CB62
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ad18dd7e0b44e443382a29da5fbb810ad57943f54ea3b7a51fae4aacd20d3264
                                                                • Instruction ID: ab9853b342209a07eb518332671dd019397d3cfb17a8bbc5b8aa374df9e26b8d
                                                                • Opcode Fuzzy Hash: ad18dd7e0b44e443382a29da5fbb810ad57943f54ea3b7a51fae4aacd20d3264
                                                                • Instruction Fuzzy Hash: 67D05E756083808FC741CB14E856915BBA1FF96200B08888AE89087252C761D91ACB52
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b779d4122bce568ff8f873037779e978c000ec32be19ffc3d990a78a5e035812
                                                                • Instruction ID: 65fdbe847d07dc480b0b167d3aab31fe7e271194f6e55f077235e88d6388e70c
                                                                • Opcode Fuzzy Hash: b779d4122bce568ff8f873037779e978c000ec32be19ffc3d990a78a5e035812
                                                                • Instruction Fuzzy Hash: 84C04C312CD7D94FCB4317E968261DC3FB59C8701434E19D299CC8B6A3D61548579791
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ef6909b843cb1766e2997363d4c440c32b7e747bd6b9289d5d1c5080d75458b7
                                                                • Instruction ID: 3efea3edf8ced077184727e08698fe36b51d2217a8d561766f4343fea20bbb55
                                                                • Opcode Fuzzy Hash: ef6909b843cb1766e2997363d4c440c32b7e747bd6b9289d5d1c5080d75458b7
                                                                • Instruction Fuzzy Hash: ECD0A77230C3D1CFD241CA04E410645FBA1BBE5200F588C4DD54047342C762DA16C7A1
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 38165c01511f5d15365e5753081ea0a19d1be3c64c715986d8e3f96c55d3a17d
                                                                • Instruction ID: 9604d37910dd87e2d199a289e16f8b788d9d8de77cb59ca92f9e8b59acfeda60
                                                                • Opcode Fuzzy Hash: 38165c01511f5d15365e5753081ea0a19d1be3c64c715986d8e3f96c55d3a17d
                                                                • Instruction Fuzzy Hash: 7DC012B76191808AE301C224CD63B44BB51DB41205F19C0EA84449B243D522D7079764
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cfde917710a9743d86443fd3a9eacbb7758201f40c94bfad13aa0fa721a7ffcc
                                                                • Instruction ID: 33eb67bf8ac947cf2e92740a0717e4a78d73ffb578ff0754873a6721ed5677f0
                                                                • Opcode Fuzzy Hash: cfde917710a9743d86443fd3a9eacbb7758201f40c94bfad13aa0fa721a7ffcc
                                                                • Instruction Fuzzy Hash: 26D022765281000BD340C320CCA2B827BC19B50304B04C069C00887262E6278D03CB42
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 83d816ba5e973a0fcc2b2505f92f3da513e2ad0b073d4d85548ad38c60f3c85c
                                                                • Instruction ID: 6e5a0775599d36281a614a66ef30e2abbcb53d0d8def93071473ca6bfec61920
                                                                • Opcode Fuzzy Hash: 83d816ba5e973a0fcc2b2505f92f3da513e2ad0b073d4d85548ad38c60f3c85c
                                                                • Instruction Fuzzy Hash: 80D0126155854047D240C7288D16B817FE29FD6115B58C5A88948872A3D92F98138714
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 32e19e554e6b1a9d2999b8290aba142506c0c06c87062622cae64bedcc16a5ca
                                                                • Instruction ID: b5b5e0523d629856c54152cf30353a9f81c20c3b9c57bb78f3e27fbbb1bb2f42
                                                                • Opcode Fuzzy Hash: 32e19e554e6b1a9d2999b8290aba142506c0c06c87062622cae64bedcc16a5ca
                                                                • Instruction Fuzzy Hash: 5FD0A7317082804FD304C714C855C05BFE09FD6611708C09EA444C7391EA32DC02CB01
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                                                                • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 12af346410960f74f2b01f4a49ae3bfe02469ca3dc9c7c9861d168d939eb31d3
                                                                • Instruction ID: dbf9252d2228933573478c2d798e5e85af30842e3a05fb282cdce6761d218660
                                                                • Opcode Fuzzy Hash: 12af346410960f74f2b01f4a49ae3bfe02469ca3dc9c7c9861d168d939eb31d3
                                                                • Instruction Fuzzy Hash: 9DD0C9743051815FD344C765CC91A12BBB1ABC5210F18C1AEA489C7353DA25DC52C701
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
                                                                • Instruction ID: 805465856a0e97f1801a7b9e58a9ccc16fe6aa036e262aa7ced1ad80dc8590cd
                                                                • Opcode Fuzzy Hash: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
                                                                • Instruction Fuzzy Hash: 59C012752142125BD254DA04C841D66B3A6FFC8314F14C86EE85083345CF76DC07C7A0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8d7c0a8d62f9efdebfdc5bf0ef43df5f5ca3062e9f926ef61c456533752d0343
                                                                • Instruction ID: b740e0fddb010fe065d20ed5dfd7f2dff3176edc5e44888fbc3df486aa3cf954
                                                                • Opcode Fuzzy Hash: 8d7c0a8d62f9efdebfdc5bf0ef43df5f5ca3062e9f926ef61c456533752d0343
                                                                • Instruction Fuzzy Hash: FAC012F256500017D340C670CE52682A781D751282B56D866C008C6296E521D803CB51
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 112b007b0a8244959e5c199a0612f431af15154c0d4a5577415932f138a8c9b4
                                                                • Instruction ID: 28252926d0eae9d3471907b4e1a4bd6d32ea735b20c6fec0dc0d2b033ba0e5d5
                                                                • Opcode Fuzzy Hash: 112b007b0a8244959e5c199a0612f431af15154c0d4a5577415932f138a8c9b4
                                                                • Instruction Fuzzy Hash: FCC012647085004BC748E228EDA1626B7E28BD9381F6988ADA40CC7785EA2ACC028A41
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 003a57d931266ec1064bc0b529f56ed678a5822a2b111dd4446a126ff0b51b6e
                                                                • Instruction ID: 797ec06023379020cad457a8c2675bdb116c14b0fabd624c8d9c3afaa71fdf5d
                                                                • Opcode Fuzzy Hash: 003a57d931266ec1064bc0b529f56ed678a5822a2b111dd4446a126ff0b51b6e
                                                                • Instruction Fuzzy Hash: 32D05E7120C2928FC701CF44F95090AFBB1EBC5704F05884EE880672A2C662DC16CB72
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dc06f5966d875f34c08d6bbf669723f761e6bec2850319c08aa883975978385f
                                                                • Instruction ID: 3b5fe39a9f7e1f7fb1d917651c6f09836a0d9a241542e37c07d070d0b85ef106
                                                                • Opcode Fuzzy Hash: dc06f5966d875f34c08d6bbf669723f761e6bec2850319c08aa883975978385f
                                                                • Instruction Fuzzy Hash: FAD0A7B560C3805FC301CE14EC10811BB61BF99610B08888FEC51C7352D726DC1AC761
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2c9d278d3b90f992e44583da02745963e4e4e53a3cfbe3c5f373ef58141bdc68
                                                                • Instruction ID: 9940792890ebb5921984ee18b656becc95cac0c98543d92f2ccb5545412718ca
                                                                • Opcode Fuzzy Hash: 2c9d278d3b90f992e44583da02745963e4e4e53a3cfbe3c5f373ef58141bdc68
                                                                • Instruction Fuzzy Hash: 15D012B67041406BC304CA18CCA6B16B7A2DBD5205F1CC46D6859C7356EA36EC12C711
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cfe227abe7016c98067aebf7e001c40c7ceb6541c8e4d62c74418ab96334809e
                                                                • Instruction ID: 93ffc30ebec08e26bd788cf70c63bd5668f23cb60eac0f041c89684a9eae2e4e
                                                                • Opcode Fuzzy Hash: cfe227abe7016c98067aebf7e001c40c7ceb6541c8e4d62c74418ab96334809e
                                                                • Instruction Fuzzy Hash: DEC02B331030004BCB05C608DCC1380A352CB80211F48E2581008CB3C2CF26C7034100
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e0a6b4539bea3bd08ea8b25cc18056afa305662a5570ee4d9ae67e5e6b9848c4
                                                                • Instruction ID: 8a5276e40caf713d8d52b03eff18f13b87741f7852f71d613e92510043411d13
                                                                • Opcode Fuzzy Hash: e0a6b4539bea3bd08ea8b25cc18056afa305662a5570ee4d9ae67e5e6b9848c4
                                                                • Instruction Fuzzy Hash: 24C04C7254500087CA498698ED817C46751AB8A329F98A259E40CCB685CA2AD6439940
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 76fd2e7719ebf22365decbfcb4b5aedd52003a5595ab3f08151d100f69ce39e2
                                                                • Instruction ID: 70c9b095e559cb15b32755ae9fdd1ecc6776ae693c20785955ec5d53ddbf06f5
                                                                • Opcode Fuzzy Hash: 76fd2e7719ebf22365decbfcb4b5aedd52003a5595ab3f08151d100f69ce39e2
                                                                • Instruction Fuzzy Hash: E3C04C712055029BC758DA24CC53745B375EF84304FB8C4A9B424C738BDB36E8139A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9e75cf80edc9ffed878c967a2c152c709198d5e4267354c30678955e909ec3d5
                                                                • Instruction ID: 9855d2b26506581297ad95382ab44b51c064e70ac4000c023657f9fdaaf0c36a
                                                                • Opcode Fuzzy Hash: 9e75cf80edc9ffed878c967a2c152c709198d5e4267354c30678955e909ec3d5
                                                                • Instruction Fuzzy Hash: ADC08C3220508157C3028608D842380BB60CBC0220F2CC0989004CB342CB26E9538600
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5585a056a36819e9ba639a14a1fa92dedad7f997e16906452388e3c50eb44994
                                                                • Instruction ID: 5799687cefcc97fcee362c76c7e60fecb911f1345e18f35b0e443ac874a98f17
                                                                • Opcode Fuzzy Hash: 5585a056a36819e9ba639a14a1fa92dedad7f997e16906452388e3c50eb44994
                                                                • Instruction Fuzzy Hash: 94C08CF05050C12AE305DBD09841E027F6497C9300F28C9FFE824CF203CB2684C2C300
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 277c0f0706bcc7f9e53876ef8924582fe41976a8269a4aaf13252ab2d89dcb02
                                                                • Instruction ID: f9c8edd5bf467571ec0ed994342f179e01da93f0277218e2d85ccfe4c274bac2
                                                                • Opcode Fuzzy Hash: 277c0f0706bcc7f9e53876ef8924582fe41976a8269a4aaf13252ab2d89dcb02
                                                                • Instruction Fuzzy Hash: EFC08CF26200004BE340C614CD42B42B3D1EB95286F15C834800CD72D6DE36DC078F8D
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 96e48e3e8722bb7a7874c43d155291ff1d4398968e796cbe8b3aa4154dad41f4
                                                                • Instruction ID: 24f4e6f02dbf8bc2f192e83e5181bec97bebfab86e0316e1cd97351574bdb8c2
                                                                • Opcode Fuzzy Hash: 96e48e3e8722bb7a7874c43d155291ff1d4398968e796cbe8b3aa4154dad41f4
                                                                • Instruction Fuzzy Hash: A5D012717051406FD305CA14C865B11BFA59BD9210F19C4ADA448C7352DB71DC02C711
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6c16139269c15cef907d1af141c795f4ebec904a169eb0a4770e37d54b3e9e96
                                                                • Instruction ID: 08779871dba7fccd0c26afe84f45436a28710b1789fbdd01a0f8b93d368d3c91
                                                                • Opcode Fuzzy Hash: 6c16139269c15cef907d1af141c795f4ebec904a169eb0a4770e37d54b3e9e96
                                                                • Instruction Fuzzy Hash: 45D012B57042445FC345C694CCD5A23B7A5DBD4355F14D46D6449C7399EA35DC02C700
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 12ff67319ea692014d91b5851e3d207f5b99f88d8a416b93a43a203dc920b59c
                                                                • Instruction ID: 9470a16c13d39282f8b794b3312300ab3e0490b3cd6799183348e9ce2ac24226
                                                                • Opcode Fuzzy Hash: 12ff67319ea692014d91b5851e3d207f5b99f88d8a416b93a43a203dc920b59c
                                                                • Instruction Fuzzy Hash: 51D012BA1091409BC705CA50C894A02B771DFA5345F1AC49AA9088B3D2CA73DD03DF40
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2638c536fdcfcea33d6a5514979e16998ffaceebdbd8b4fdd0fcdff4fd7e3e79
                                                                • Instruction ID: 5e928a56ce7e1f8fc24c266ac934cac2c378aab3a3711cd5089055c3842c68c7
                                                                • Opcode Fuzzy Hash: 2638c536fdcfcea33d6a5514979e16998ffaceebdbd8b4fdd0fcdff4fd7e3e79
                                                                • Instruction Fuzzy Hash: 23C08CF2A600000BD300C2A0CD93642E781D7A1282F17D8AA8008C7292EA22D8038B00
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0d07ccd16ca3147732dd8b749b8ab0ad434213a6425bd37466548ea91d4baffd
                                                                • Instruction ID: dd9f1153a1b4c647ec2b0de9bc226487540c895a9ce6d1b9c1d2b071c0c98459
                                                                • Opcode Fuzzy Hash: 0d07ccd16ca3147732dd8b749b8ab0ad434213a6425bd37466548ea91d4baffd
                                                                • Instruction Fuzzy Hash: 06C0807521844007D340C734CD66B817F92DFC2505F18C4AED19887263C927D417C704
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c560356d82dead76ed704d536b232c9545770e1115fa15b3ccec74e482264a5a
                                                                • Instruction ID: 86b4690f15f564301944b5e5090abdcaf4387094da26b5a9bd305a377034b04a
                                                                • Opcode Fuzzy Hash: c560356d82dead76ed704d536b232c9545770e1115fa15b3ccec74e482264a5a
                                                                • Instruction Fuzzy Hash: 25D022B11091804BC300C720CC9ABB97BD0CB5131AF28C4FAD408CB143CE31E607CB00
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c4457c43b8cd08c0e4695b39974910533007c71015ddf53279fbc53eee67f83f
                                                                • Instruction ID: eebb482483892f39ff8cc042ff3e1955f63304c1d055890edc5d29f9db4d149c
                                                                • Opcode Fuzzy Hash: c4457c43b8cd08c0e4695b39974910533007c71015ddf53279fbc53eee67f83f
                                                                • Instruction Fuzzy Hash: E6C08CB05064803FE30AD350AF22E017F30B78A301F08C09EA4048B343CB22A786CB80
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1920bd300429fc41804c3bf915c58e619daa8388e81c8a1baa9c650a66951ede
                                                                • Instruction ID: 0cdf239093cd9c432367aa6f220047fbe4623b64ef843e44e2aba9acc70ae5ef
                                                                • Opcode Fuzzy Hash: 1920bd300429fc41804c3bf915c58e619daa8388e81c8a1baa9c650a66951ede
                                                                • Instruction Fuzzy Hash: 13C08CF09064802EF381C3649A026067F22D799200F08C0EEB45C8B203CF2284038380
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d542890c30dbd39be4e52c7ab6fb7994abe5792884bd71ade316d5d2cdbbeff6
                                                                • Instruction ID: 471a0eaa8ae875ac006b7cf4c8139c7fb0ab4c35d8e2f6fc4dc6efc509dcef5a
                                                                • Opcode Fuzzy Hash: d542890c30dbd39be4e52c7ab6fb7994abe5792884bd71ade316d5d2cdbbeff6
                                                                • Instruction Fuzzy Hash: 8EC08CB12045008BD380CB20CC82B45B7A2EB91301F24C87AE015CB302CB32ED03CB08
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ec121b8c9d01f1c609db3f687643efa70203baa7bf710950b4d2e09613fb6ad2
                                                                • Instruction ID: b69a167b70f7962e5f2158b3672a6ad384f16b1c9cecaf69a2b4c982dc23f201
                                                                • Opcode Fuzzy Hash: ec121b8c9d01f1c609db3f687643efa70203baa7bf710950b4d2e09613fb6ad2
                                                                • Instruction Fuzzy Hash: C1C04C34E54115EFDF056BA0E854AFD7A73FF85700F400435F912A6255DA315C19EB45
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a90d848e12ffdf8ad595ee9fda05c4d4af5ac64c9fb7eafac5840c0d1f173052
                                                                • Instruction ID: ed8a9f7c709d542ab52d1e2d5045318e162625a5822ac993a67fbd8c6817f1be
                                                                • Opcode Fuzzy Hash: a90d848e12ffdf8ad595ee9fda05c4d4af5ac64c9fb7eafac5840c0d1f173052
                                                                • Instruction Fuzzy Hash: F3C01230A00008AFDF052AA4E8449BCBA77EB88A00F008019F812762A0CE3A4C148F25
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dba42e7b99e4ed72c1ee1c3b901814ed7fe0cfc229a8f91f5344c86b4ebcd220
                                                                • Instruction ID: cc9e8593f48b5ec36d5f4f14690a621293f000712a7873ac3bd553d344e08b51
                                                                • Opcode Fuzzy Hash: dba42e7b99e4ed72c1ee1c3b901814ed7fe0cfc229a8f91f5344c86b4ebcd220
                                                                • Instruction Fuzzy Hash: D5C09B74D712359FE31D9771B8067347B5DE740504F808639BC18C70C2DB6464464F47
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f620b850e75d8a42a481d517ba817324f44f66707820a744b2c63eecd0c564d7
                                                                • Instruction ID: cc062034a97f51e6184ba1b939ee9e8369eab554de16122377c578ba0e9cb3a6
                                                                • Opcode Fuzzy Hash: f620b850e75d8a42a481d517ba817324f44f66707820a744b2c63eecd0c564d7
                                                                • Instruction Fuzzy Hash: F7C08C301140008FD288CB6CE880B44B3A0EBC1600F60848AE008CB118CF339403C600
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cc6986814db420d20678ae109947d7ee6048240504282610737cfa65f55afb1e
                                                                • Instruction ID: 42a02b92522636793529acf8f6edbdf8a27aa7274ffc36964bff8578b3da486b
                                                                • Opcode Fuzzy Hash: cc6986814db420d20678ae109947d7ee6048240504282610737cfa65f55afb1e
                                                                • Instruction Fuzzy Hash: BCC09B715161806EE341D755DC41FA07F2197A1304F19C5DDE54546253CF179987CB00
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 359916034f1dd607bab6a2e5bedb8e427ae4ac5b0ffa7317f99fef89d8b5c34f
                                                                • Instruction ID: c116e7548d1f12a6e1f434e4424ff45f93b4eecdec2ec57956a254a955d15100
                                                                • Opcode Fuzzy Hash: 359916034f1dd607bab6a2e5bedb8e427ae4ac5b0ffa7317f99fef89d8b5c34f
                                                                • Instruction Fuzzy Hash: 74C04C615161906EE341C7A498416607F21B792205F18C69E948546257CB169947D700
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: da1e3c24b9d4608ddc90a13d67cb88aebc8e72193cbfb7a1b7cea55a46264b5f
                                                                • Instruction ID: dc85f5c4e9d49a5ce96a1544fd89995ee3b8f60a740d6f5ae9e6d7cb224ee50c
                                                                • Opcode Fuzzy Hash: da1e3c24b9d4608ddc90a13d67cb88aebc8e72193cbfb7a1b7cea55a46264b5f
                                                                • Instruction Fuzzy Hash: F2C04C321000009FD340DB95CD427117361EF86304F59889594049B251CF36F913DE80
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 06df73506d69b90787cbf6c6ff1b6879786699946a619911b4b410e395f3552a
                                                                • Instruction ID: 8680abcf93284282b1bbecc2bb77e66148cb05611202447801bf3f66a73807d3
                                                                • Opcode Fuzzy Hash: 06df73506d69b90787cbf6c6ff1b6879786699946a619911b4b410e395f3552a
                                                                • Instruction Fuzzy Hash: B3C08CB268C0114BC349CA14CC9160567618B80306F28C0ED5408CB686CB22F4038500
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1c59c5151d66767c2e9749b2230eb335da8420fe661dee70f00a7c678dc93ad4
                                                                • Instruction ID: 2b2a595654630689837f9367ac504605c546843a033671177ee02283f1972fbe
                                                                • Opcode Fuzzy Hash: 1c59c5151d66767c2e9749b2230eb335da8420fe661dee70f00a7c678dc93ad4
                                                                • Instruction Fuzzy Hash: 81C08C70605280AEEB41C360A5826017F60D781208F18C4DFE004CB203CF2694438300
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c8868603c59d4e0cf64856aad009ff8232c2ce81a0b676431f851be1f0d07591
                                                                • Instruction ID: dda048447b5a78dd30d7c5ec7379f099428931325db60105153e84ff324805c5
                                                                • Opcode Fuzzy Hash: c8868603c59d4e0cf64856aad009ff8232c2ce81a0b676431f851be1f0d07591
                                                                • Instruction Fuzzy Hash: F5C04C705091817AEB55C764984175ABFB197C6204F19C0AFE444CB267CB229547AB46
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b4b400b64ddae94ccbcc306a8cec7a1760ce331f8a2773d582afbfa6aa0a0c58
                                                                • Instruction ID: 8f2d72259ee5e4d367e76a636520f0cd76621db49e71cf1a1c97dd4a9ad2b80a
                                                                • Opcode Fuzzy Hash: b4b400b64ddae94ccbcc306a8cec7a1760ce331f8a2773d582afbfa6aa0a0c58
                                                                • Instruction Fuzzy Hash: FCC04C755261009BD390CF38DC41750F7A1EB44605F148459E40487251DB379547CB11
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fc7b582c225bc65cc9e27914cffb538a1ece69791b04f28a92d3ba6d39e8d9cc
                                                                • Instruction ID: 2e8f6ee67c7a278f62676d0d76d935bb334b20cd76aab1cebce0449a89fde91b
                                                                • Opcode Fuzzy Hash: fc7b582c225bc65cc9e27914cffb538a1ece69791b04f28a92d3ba6d39e8d9cc
                                                                • Instruction Fuzzy Hash: 0AC04C755040505BD645CB18D981B04BBB1BB95209F58859D9455EB615CB36E502C780
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8082980384c4b1dea54e132366cbae18cca22081efd749e2a554a8e5cd0440e2
                                                                • Instruction ID: 447b4d0136c21dd27d7d16ec0b9fcbb64e7233fe2ecea4a7e58d4d28ba5ac674
                                                                • Opcode Fuzzy Hash: 8082980384c4b1dea54e132366cbae18cca22081efd749e2a554a8e5cd0440e2
                                                                • Instruction Fuzzy Hash: 45C08CA08090801BEB11C7909C822C07F61975A100F18C08AD00042153CB1689C3CF02
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 94ff41effcf38e94a0d89a9710103cecb314d218e2ae4171f84fc525e17d19a0
                                                                • Instruction ID: fd841404762861c2c9ba0d10393f0f40f96f656bc79515ee98dad598ba5f2384
                                                                • Opcode Fuzzy Hash: 94ff41effcf38e94a0d89a9710103cecb314d218e2ae4171f84fc525e17d19a0
                                                                • Instruction Fuzzy Hash: E3C02BA40071C07EE311CB70C480700BF20DB82104F1CC0CFD44403103CB22C447C300
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0b5218f6d1a94e4ea14f39acea7afff8117473f250dc14ab0f25a0598322fcf8
                                                                • Instruction ID: 9ce126baa97ede2d33435ae3a0e89be66c8cf6466bcea22a187dbf94ad57e565
                                                                • Opcode Fuzzy Hash: 0b5218f6d1a94e4ea14f39acea7afff8117473f250dc14ab0f25a0598322fcf8
                                                                • Instruction Fuzzy Hash: A1C04C605172C05EEB11C76495816507F21A741104F5884CED5844A253CF16A647E711
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 32329c23b2f8d3bb11faf2c74a024e76f0a50d003d3b67b43f260f6a1ab32824
                                                                • Instruction ID: 0ecc93c96d369731925170264721dc8d13fd0758124f79277d3a0a098ef30b69
                                                                • Opcode Fuzzy Hash: 32329c23b2f8d3bb11faf2c74a024e76f0a50d003d3b67b43f260f6a1ab32824
                                                                • Instruction Fuzzy Hash: 99C09BE0505180BEEF11C770D4517507FA1D792208F1CC4DFD45587153CB139987DB02
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: fada016cd52b8fbc64fbe99df9a2f9e290d754a3b89a472b782146999b5c3472
                                                                • Instruction ID: 6a7f796995e7ee2305aaa021bb619303cd5f7e9f915b53404bd0c37a3c124251
                                                                • Opcode Fuzzy Hash: fada016cd52b8fbc64fbe99df9a2f9e290d754a3b89a472b782146999b5c3472
                                                                • Instruction Fuzzy Hash: 5AC09B709092805FEB51C760DE927547F719745518F1CC4CFD4444A553CB1A9547CF02
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                                                                • Instruction ID: e80b9cbb32ce7aa80f269217a2acaa4f8c5de131eb2df65f765f3a476441bad2
                                                                • Opcode Fuzzy Hash: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                                                                • Instruction Fuzzy Hash: 3DB002747054005B8748D65DD951515A7D29BC9215728C4AD641DC7355DE22DD039644
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b8841239d9864d3dc57084e096015bb8a989195299eea356860fe0d910c4cbd1
                                                                • Instruction ID: 45d03bffd2584e6eae387e204991dfd53c41efd8b2d509f62635e3298219457b
                                                                • Opcode Fuzzy Hash: b8841239d9864d3dc57084e096015bb8a989195299eea356860fe0d910c4cbd1
                                                                • Instruction Fuzzy Hash: 949002314C860CCB564027D674095A5776CA5445157881551A50D416025E55642445A5
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5e4270626122b68003b5c29fdb59f758bd0fc5f5203eb34be468f562fc95b52f
                                                                • Instruction ID: 1574506dd61ceeb21da8df160c5101d967ebd6494f57965656ccfbe92e91e855
                                                                • Opcode Fuzzy Hash: 5e4270626122b68003b5c29fdb59f758bd0fc5f5203eb34be468f562fc95b52f
                                                                • Instruction Fuzzy Hash: 6F90223080020C8B00002380B00A020BB0C82800083C08000B00C000020E202000008A
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 507a752cc930062236ea5f5cb09fe50eaa2ab21d1561ef07ec80943ac52b740f
                                                                • Instruction ID: 6bea6ed6fdce95fd412f331aef08b71ac7cdb77fb2c13a13eabbab18bbd0938d
                                                                • Opcode Fuzzy Hash: 507a752cc930062236ea5f5cb09fe50eaa2ab21d1561ef07ec80943ac52b740f
                                                                • Instruction Fuzzy Hash: 0EA002296141C14AE7429F79A464BE43B70E319D44F451D40C9E472332DA26524BAE20
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2176412190.0000000005D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D80000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5d80000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 39c4297f70462fe2c7805639a0c65c6b595c4bbe11137f10e2f1b8600947c89f
                                                                • Instruction ID: 5ececba30890e9234ac07ab07dc7753fac7b6684824d95853c9616f3498ca4aa
                                                                • Opcode Fuzzy Hash: 39c4297f70462fe2c7805639a0c65c6b595c4bbe11137f10e2f1b8600947c89f
                                                                • Instruction Fuzzy Hash: A6A002D081B3C328FBA283B02C02788AF38E303904F084BCFD5920603BCB06008EA346
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $Tr$$Tr
                                                                • API String ID: 0-1836214260
                                                                • Opcode ID: 496b5d39b6be32b7a4f1a7f2d6e2d740e4248f4f07f7a772f3e4ae57b9412193
                                                                • Instruction ID: a5599a1acca045810f1daf200b1aab0489da64065914fce7c095d47ebffc7327
                                                                • Opcode Fuzzy Hash: 496b5d39b6be32b7a4f1a7f2d6e2d740e4248f4f07f7a772f3e4ae57b9412193
                                                                • Instruction Fuzzy Hash: 9E723034A005058FD705EBA8D995BBEB7B7FB88704F148055E916EB399DF349C42CBA0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $Tr$$Tr
                                                                • API String ID: 0-1836214260
                                                                • Opcode ID: 741cb60c83abb953b00ebce638eb780403dc1e87a1f4b31e91983b372e770f04
                                                                • Instruction ID: be51ec6ba2f09d8fb302792c825dce5d9423bdda80ccb4993fcf04a87ecaaa2a
                                                                • Opcode Fuzzy Hash: 741cb60c83abb953b00ebce638eb780403dc1e87a1f4b31e91983b372e770f04
                                                                • Instruction Fuzzy Hash: 86523834B006189FDB14EF68D995BADB7B2FF88304F0085A9D406AB369DB34AD45DF90
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $Tr$$Tr
                                                                • API String ID: 0-1836214260
                                                                • Opcode ID: 2ee0b31823fe082f1c96a103783d5563c1b429471c59da8dbe1d75ff044130b7
                                                                • Instruction ID: d7ef6dab4a8499f29c0ce0ceb9887a6fb1699070486b87952c1cc7f7ec6bee8f
                                                                • Opcode Fuzzy Hash: 2ee0b31823fe082f1c96a103783d5563c1b429471c59da8dbe1d75ff044130b7
                                                                • Instruction Fuzzy Hash: D9524734B006089FDB14EF68D995BAEB7B2FF88204F0085A9D406AB369DF349D45DF90
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $Tr$$Tr
                                                                • API String ID: 0-1836214260
                                                                • Opcode ID: 0f35caf0af613a6c4016a97b9e5540cc1da34d087158a9aa52f874038f08fabc
                                                                • Instruction ID: 1aba3f60f3751c4e072f00a304df0cf3e444f8a887cf57353c4ddb172d202a83
                                                                • Opcode Fuzzy Hash: 0f35caf0af613a6c4016a97b9e5540cc1da34d087158a9aa52f874038f08fabc
                                                                • Instruction Fuzzy Hash: 6D424934B006188FDB15EF24D995BADBBB2FF89304F0085A9D406AB369DB34AD45DF90
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: $Tr$$Tr
                                                                • API String ID: 0-1836214260
                                                                • Opcode ID: 0929355633ed2c8589467f7df49527792ab57a95792dce838ae5a7d5c20c9764
                                                                • Instruction ID: 58ff95b6b436689219a42b2ab62351221d7e329271f7084def6750eb284ac728
                                                                • Opcode Fuzzy Hash: 0929355633ed2c8589467f7df49527792ab57a95792dce838ae5a7d5c20c9764
                                                                • Instruction Fuzzy Hash: B5423634B006189FDB15EF28D995BAEB7B2FF88204F0085A9D406AB369DB349D45DF90
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$4'Tr
                                                                • API String ID: 0-3787567430
                                                                • Opcode ID: e7d3aa8b1994e96088b0354949917a3507a6993439670a3c68a88d4009307ba3
                                                                • Instruction ID: bd0dcb7e49b8a0e5e9ccdf7a4eb2824e805ad95c31958bf2d178a3a4bb4d66be
                                                                • Opcode Fuzzy Hash: e7d3aa8b1994e96088b0354949917a3507a6993439670a3c68a88d4009307ba3
                                                                • Instruction Fuzzy Hash: 4C223A35B006189FDB05EF64D995AAE77B7FF88304B108159D806EB3A9DF349C02DB91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2172891928.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_51d0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (Xr$,Xr
                                                                • API String ID: 0-3916087747
                                                                • Opcode ID: 38098d70cc89321abf9f3cfc6a599e3ca7ed5330f4ce18d86780c7ebce59585e
                                                                • Instruction ID: b9f2e70a5a2a51f4cd1c1af7a934edc51e38b60e7ff760e9924342730557b765
                                                                • Opcode Fuzzy Hash: 38098d70cc89321abf9f3cfc6a599e3ca7ed5330f4ce18d86780c7ebce59585e
                                                                • Instruction Fuzzy Hash: 1DF13C34B005188FDB15EFA8D594A6EBBF3FB88704F55C159E806AB395CB34DC428BA1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (Xr$4'Tr
                                                                • API String ID: 0-186216629
                                                                • Opcode ID: b90f54b1bc0f922047b150583224fee90b84c90beecc49300f62b24b350f7287
                                                                • Instruction ID: 658aa6c12e1710f5af61e2cf6890f7cb34eaaa377e0f3e310cbf78fbb92fc8e4
                                                                • Opcode Fuzzy Hash: b90f54b1bc0f922047b150583224fee90b84c90beecc49300f62b24b350f7287
                                                                • Instruction Fuzzy Hash: DCC18B31B00A059FDB16EF68D995A6E77EBFBC8304B504529D906DB3A8DF34AC01CB91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: HXr$HXr
                                                                • API String ID: 0-1962694353
                                                                • Opcode ID: 039616328d6b9613bbe9350f92d7706b20b60f3ad408292d24c6a5bd277aac29
                                                                • Instruction ID: bcd483d49a175c324452a89d4949a197bcb0bdc0c5ccc369fff3cfcdd1eacc82
                                                                • Opcode Fuzzy Hash: 039616328d6b9613bbe9350f92d7706b20b60f3ad408292d24c6a5bd277aac29
                                                                • Instruction Fuzzy Hash: 55C18D30A006099FDB15EF68D991AAE77F7BF88304F158525E806DB399DB34EC01CB91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$4'Tr
                                                                • API String ID: 0-3787567430
                                                                • Opcode ID: e7663658bb77722904c32036dc836081c7e0487cba1e2060556c581c9b14392e
                                                                • Instruction ID: 9cd725caa220faf2b03ce17216bdf48bf8dd4ce23f597dda7713cbcb1234f224
                                                                • Opcode Fuzzy Hash: e7663658bb77722904c32036dc836081c7e0487cba1e2060556c581c9b14392e
                                                                • Instruction Fuzzy Hash: 90511D71E146848FE74AEFBAE95169ABBF3ABC8304F14D42AC004D7269EF305809CF51
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$4'Tr
                                                                • API String ID: 0-3787567430
                                                                • Opcode ID: 18a747d3207cc9453fa6bfeb7ce7f2cedab6ee7ba8efb66a403c36de46827050
                                                                • Instruction ID: cd2dc9f46e7db504d296e422d0094b2de784b6c3ad278b7dc59243c699f5e04d
                                                                • Opcode Fuzzy Hash: 18a747d3207cc9453fa6bfeb7ce7f2cedab6ee7ba8efb66a403c36de46827050
                                                                • Instruction Fuzzy Hash: E4510D71E146848FE74AEFBAE95169ABBF3ABC8304F15D42AC004D7269EF305819CF51
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PlTr
                                                                • API String ID: 0-3411569338
                                                                • Opcode ID: bb87773687f76941c5b3aed2b8ed9fe5a7a99fffecd97d766ed8014c85d0e474
                                                                • Instruction ID: 0648d2bbdbb124becf0b6e79cde548f1a6086c29c6feda6d343c313af32bd50c
                                                                • Opcode Fuzzy Hash: bb87773687f76941c5b3aed2b8ed9fe5a7a99fffecd97d766ed8014c85d0e474
                                                                • Instruction Fuzzy Hash: C1F1E835B105189FDB05EFA4E995AAEB7B7FF88704F108519E806AB368CF34AC01DB50
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: PlTr
                                                                • API String ID: 0-3411569338
                                                                • Opcode ID: bf12cb7f48f3ec0cd96e8dad8b95deb8580e755c304859433fece39862213e66
                                                                • Instruction ID: a76c192b103d08d80fe368d5a65b867f934f21a2cfed850f72e93f659dce346b
                                                                • Opcode Fuzzy Hash: bf12cb7f48f3ec0cd96e8dad8b95deb8580e755c304859433fece39862213e66
                                                                • Instruction Fuzzy Hash: B8D1DA35B105189FDB05EFA4E995AAEB7B7FF88704F108519E806A7368DF34AC01DB90
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: @
                                                                • API String ID: 0-2766056989
                                                                • Opcode ID: d793aa10c4720d37824bffc8f53da7404fdb7d5595f4209d1fd474479c3e3326
                                                                • Instruction ID: d4a2634aa29f31fb8d3196417339b615b2fdeee0c9995dcf5df6b9f8b2955282
                                                                • Opcode Fuzzy Hash: d793aa10c4720d37824bffc8f53da7404fdb7d5595f4209d1fd474479c3e3326
                                                                • Instruction Fuzzy Hash: D3A11A386106018FD745FF24EAA5B663BFBBB9834C7014569E906DB369DF34AC01CB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: acb1d5a2f251fef01e097fc1e25cb8ac53c50423ce08a236a7a5aa78bc724c0c
                                                                • Instruction ID: 24fb3f50329f3948f846bbbd67b06dc0db5d7c718e8df488edd54ec65d397569
                                                                • Opcode Fuzzy Hash: acb1d5a2f251fef01e097fc1e25cb8ac53c50423ce08a236a7a5aa78bc724c0c
                                                                • Instruction Fuzzy Hash: 39620364A0A6C55BEB078BBCC4B76EAFFF1EE8B11075881D9CDC15A91BC620D91BC701
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f79d754bf6a92902223aae9a6147f7b83526075de2769b94b7467b56c89444b2
                                                                • Instruction ID: 0ea7207396f6dfc30f399afbd77b9f17ba1c882278b5ed5ef4ac18235b7a0311
                                                                • Opcode Fuzzy Hash: f79d754bf6a92902223aae9a6147f7b83526075de2769b94b7467b56c89444b2
                                                                • Instruction Fuzzy Hash: 5752D16490A6C56BEB474BBCC4BB2EAFFB1EE8B11075C81D9CDC14A92BC521D51BC702
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5b2459242ea42d909aeb571652ada8cac982c900e7a0b0cc8c213204875fbcc5
                                                                • Instruction ID: caeae71a2e6ac3b938e7d247d44d8d33964e02814f37a3851f97f6a1e90c2008
                                                                • Opcode Fuzzy Hash: 5b2459242ea42d909aeb571652ada8cac982c900e7a0b0cc8c213204875fbcc5
                                                                • Instruction Fuzzy Hash: B652D16490A6C56BEB074BBCC4BB2EAFFB1EE8B11075881D9CDC14A92BC521D51BC702
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f28103047d6d98e28c0228a76c521fc9c3d5c1ca40b7e893c20366cae67359dd
                                                                • Instruction ID: fa993dba20f69447d362361cc5d0cc08e25c9099bb1fd6c14fa409ecd4becc82
                                                                • Opcode Fuzzy Hash: f28103047d6d98e28c0228a76c521fc9c3d5c1ca40b7e893c20366cae67359dd
                                                                • Instruction Fuzzy Hash: FE52D16490A6C56BEB074BBCC4BB2EAFFF1EE8B11075881D9CDC14A92BC521D51BC702
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 352f8e8e1d063f7f25f1e88632f6525393e9e025be6fc828520379f8d7f9ac73
                                                                • Instruction ID: 9483ed4535d1854ae0e91057e4bea0319bc2b30ac0110411501fe2f0b80e359a
                                                                • Opcode Fuzzy Hash: 352f8e8e1d063f7f25f1e88632f6525393e9e025be6fc828520379f8d7f9ac73
                                                                • Instruction Fuzzy Hash: C852D16490A6C56BEB074BBCC4BB2EAFFB1EE8B11075881D9CDC14A92BC521D51BD702
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3fd724bc17f805ee6a01d2f6619ef0458cb2559932d599d7483ab3d92031a831
                                                                • Instruction ID: 323b940d8fa1f29607c994a64b31fd9d4c46e66bba3d22a9d3ddc422fddaf146
                                                                • Opcode Fuzzy Hash: 3fd724bc17f805ee6a01d2f6619ef0458cb2559932d599d7483ab3d92031a831
                                                                • Instruction Fuzzy Hash: 0552D16490A6C56BEB074BBCC4BB2EAFFB1EE8B11075881D9CDC14A92BC521D51BC702
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c746f9659f608b5afb463a145f5f895ffb9261319df37d7170d8e732be18cb57
                                                                • Instruction ID: 088530490a0a0c0e5fea1140f47d5e9236ee1403407d8a9229ca44679d090b1f
                                                                • Opcode Fuzzy Hash: c746f9659f608b5afb463a145f5f895ffb9261319df37d7170d8e732be18cb57
                                                                • Instruction Fuzzy Hash: 4B52D16490A6C56BEB074BBCC4BB2EAFFB1EE8B11075881D9CDC14A92BC521D51BC702
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f1b93c527a680a0e160a80cd8edb96fa8b0e658e084fedf1cf146d4cf4268cbf
                                                                • Instruction ID: 04cb478a7b1b32879fc2ca4375bc08eca6dbc7e2e5820cdd8b2ad96870d3ba7e
                                                                • Opcode Fuzzy Hash: f1b93c527a680a0e160a80cd8edb96fa8b0e658e084fedf1cf146d4cf4268cbf
                                                                • Instruction Fuzzy Hash: 3152D16490A6C56BEB074BBCC4BB2EAFFB1EE8B11075C81D9CDC14A82BC521D51BC702
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1cc35994b713a1607d514e68d1c5a6cb0657dd04121bd1e871a1165fda6f2d53
                                                                • Instruction ID: ebb9409132bd8f21f34ebcfaad3d3573a9759d557f0e1026a9f38555bc9ec8cf
                                                                • Opcode Fuzzy Hash: 1cc35994b713a1607d514e68d1c5a6cb0657dd04121bd1e871a1165fda6f2d53
                                                                • Instruction Fuzzy Hash: 7552D16490A6C56BEB074BBCC4BB2EAFFB1EE8B11075C81D9CDC14A92BC521D51BC702
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d1b77d2cc297fbfb27404dfb5a2def3981a91e64502d0535d75683ec89b10baa
                                                                • Instruction ID: c5ef84cf4084b094f0f103074079bb5064dd5b9705eeef869d42d7ee6b264413
                                                                • Opcode Fuzzy Hash: d1b77d2cc297fbfb27404dfb5a2def3981a91e64502d0535d75683ec89b10baa
                                                                • Instruction Fuzzy Hash: 29420834B106098FDB15EF64D995A6E7BB7FB89304F508165E806EB3A8DB349C42CF90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 88cdb12252ffbdf5826662754b3bf1156b5c98f47e3a709b089dbb1edbb890a2
                                                                • Instruction ID: 3a1620e54e3ecd98e6f96b18c7393fba68aa96f8c208e14380eb7bbce9db1efa
                                                                • Opcode Fuzzy Hash: 88cdb12252ffbdf5826662754b3bf1156b5c98f47e3a709b089dbb1edbb890a2
                                                                • Instruction Fuzzy Hash: 83022E35B006089FCB14FFA8D995AADB7B6FF88304F508529D806EB359DB34AC45CB90
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eee02ece7489177e888f7e94755942dce4b7d0436d05f2cadd1855d31951f379
                                                                • Instruction ID: d9ff8df332f9c26a37eb72e8637344cff12e3085aa5a3cf303e80056fbc22578
                                                                • Opcode Fuzzy Hash: eee02ece7489177e888f7e94755942dce4b7d0436d05f2cadd1855d31951f379
                                                                • Instruction Fuzzy Hash: 0B025870B006158FDB18DFA8C5A5A7EFBF2FB88301F208669D5569B794DB34AC11CB84
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 07e57fe4096bec570fac55407e15731a221cb219127157bb18defc99ffd233cf
                                                                • Instruction ID: 1322ac940c6d218938dbe7821192c48af25103e0720ba315ef47eb4341f5288d
                                                                • Opcode Fuzzy Hash: 07e57fe4096bec570fac55407e15731a221cb219127157bb18defc99ffd233cf
                                                                • Instruction Fuzzy Hash: 81D11534B002148FD794EB68DA95BAA77F7AB8C744F1481A9950ADB398DF389C41CF81
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9c560aa37498378a2591a530ddaff573775b201f3e1d612e5fbe3f533de8a150
                                                                • Instruction ID: 4c32455e2ed6ee74b09822c457aa0dad7806da81092f1c9db1f2529466a819e9
                                                                • Opcode Fuzzy Hash: 9c560aa37498378a2591a530ddaff573775b201f3e1d612e5fbe3f533de8a150
                                                                • Instruction Fuzzy Hash: 60D11534B002158FD794EB28DA95BAA77F7BB8C744F1481A9950ADB398DF389C41CF81
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 95fe794fc35afff6b4e876e5afce70196c57cf8eba6610c4248b12bce01f971f
                                                                • Instruction ID: 2bf8514b253fbc35b8520e0de6e97acafecbf75490b9c467dd1977ec91da3d4f
                                                                • Opcode Fuzzy Hash: 95fe794fc35afff6b4e876e5afce70196c57cf8eba6610c4248b12bce01f971f
                                                                • Instruction Fuzzy Hash: A8B15C71E001298FDB15CBA9C9806EDFBF5BF48304F688A69D455EB206DB34ED45CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: febd0e11b1725cb5a4c34f59028a60d47ef17e534f6c17277303d976de4893e3
                                                                • Instruction ID: 6d3e43878bd9b3b143f643f8d1fb5c03d91fa22a3cd733b45b908658fcadf942
                                                                • Opcode Fuzzy Hash: febd0e11b1725cb5a4c34f59028a60d47ef17e534f6c17277303d976de4893e3
                                                                • Instruction Fuzzy Hash: DFA13D357006099FDB05FF68E991B6E77A3FBC9344B108125D906DB3A9DB349C02CB91
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2174141038.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4aa0c520ef2525eba43a5b69811aeb6350a4cb003f4e65995006e5a94dfb21a8
                                                                • Instruction ID: 203cc9760cbb374d8da57e1c06b6bd4eeea149f503c6a35e9711c85f7dbb692a
                                                                • Opcode Fuzzy Hash: 4aa0c520ef2525eba43a5b69811aeb6350a4cb003f4e65995006e5a94dfb21a8
                                                                • Instruction Fuzzy Hash: 32B12734B002148FD754EB68DA99BAA77F7BB8C744F1481A9950ADB358DF389C41CF81
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cbdb7d9c88938f179013cbac5891a596cc4a9033bd73f3c32c0966d1dc7d37ce
                                                                • Instruction ID: 55d7db8a457cfe0ba919ddbf5460bbaf2245cac7308f77471ce56ea317e71497
                                                                • Opcode Fuzzy Hash: cbdb7d9c88938f179013cbac5891a596cc4a9033bd73f3c32c0966d1dc7d37ce
                                                                • Instruction Fuzzy Hash: F8715A71E006298BDB15CFA9C8906EEFBF5FF88315F148229D425E7246DB34E946CB90
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173686192.0000000005370000.00000040.00000800.00020000.00000000.sdmp, Offset: 05370000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_5370000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (Xr$4'Tr$4'Tr$4'Tr$4'Tr$pXr
                                                                • API String ID: 0-864406450
                                                                • Opcode ID: 4a9f6d144adda262f7f4bdf028aa0713dbde2513165aed082270bb13f9f5dc37
                                                                • Instruction ID: 446efa7431a2395075f3db165642b5b0e44108ff98f47c4d49f9165144f44cea
                                                                • Opcode Fuzzy Hash: 4a9f6d144adda262f7f4bdf028aa0713dbde2513165aed082270bb13f9f5dc37
                                                                • Instruction Fuzzy Hash: CD7190306412049FD749EB78DA95BAE7BF7EFC8304B10452AD446DB3A9DE34AD01CBA1
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2173896140.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (_Tr$(_Tr$(_Tr$(_Tr
                                                                • API String ID: 0-2314919433
                                                                • Opcode ID: 91173a198af7baf006608130fd1c468adf26c2f1897d4a9c9f1124438542d1e0
                                                                • Instruction ID: 0cdd83069e349242f37b8a74e2b8bece76d442f912930349391ed742a0117878
                                                                • Opcode Fuzzy Hash: 91173a198af7baf006608130fd1c468adf26c2f1897d4a9c9f1124438542d1e0
                                                                • Instruction Fuzzy Hash: A5819F31B141089FC709EF68E999AAEB7F6EFC9304B508529D446AB398DF349C41CB91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000020.00000002.2164103786.0000000002AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AB0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_32_2_2ab0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: &(,k$('Y{$e'o$}IIS
                                                                • API String ID: 0-1374273654
                                                                • Opcode ID: 47ed121dedc6e45f5a58dd60176ca4aa022a6df8aa200fe21d416c80bd480216
                                                                • Instruction ID: 19c30946d8552b663ce6ad4f2efecd81be09d39939ce1198e8d2d05a588a02fc
                                                                • Opcode Fuzzy Hash: 47ed121dedc6e45f5a58dd60176ca4aa022a6df8aa200fe21d416c80bd480216
                                                                • Instruction Fuzzy Hash: 728147B0805A448FD349CF1A8589BE1BBE1BF89710F5A86FAC15D9F236EB708045CF55

                                                                Execution Graph

                                                                Execution Coverage:5.3%
                                                                Dynamic/Decrypted Code Coverage:100%
                                                                Signature Coverage:14.6%
                                                                Total number of Nodes:96
                                                                Total number of Limit Nodes:10
                                                                execution_graph 44035 2530751 44036 253075f 44035->44036 44049 25310a1 44036->44049 44038 2530be5 44039 25308f7 GetPEB 44041 2530974 44039->44041 44040 25308b2 44040->44038 44040->44039 44052 2530e61 44041->44052 44044 25309d5 CreateThread 44045 25309ad 44044->44045 44063 2530d11 GetPEB 44044->44063 44045->44038 44060 2531361 GetPEB 44045->44060 44047 2530e61 4 API calls 44047->44038 44048 2530a2f 44048->44038 44048->44047 44061 25310c1 GetPEB 44049->44061 44051 25310ae 44051->44040 44053 2530e77 CreateToolhelp32Snapshot 44052->44053 44055 2530eae Thread32First 44053->44055 44056 25309a7 44053->44056 44055->44056 44057 2530ed5 44055->44057 44056->44044 44056->44045 44057->44056 44058 2530f0c Wow64SuspendThread 44057->44058 44059 2530f36 CloseHandle 44057->44059 44058->44059 44059->44057 44060->44048 44062 25310dc 44061->44062 44062->44051 44066 2530d6a 44063->44066 44064 2530dca CreateThread 44064->44066 44067 2531541 44064->44067 44065 2530e17 44066->44064 44066->44065 44070 258bf06 44067->44070 44069 2531546 44071 258f3fc 44070->44071 44072 258bf10 44070->44072 44073 258f50a 44071->44073 44074 258f420 44071->44074 44072->44069 44084 25906d6 44073->44084 44108 2591c7d 44074->44108 44077 258f4b0 44077->44069 44078 258f438 44078->44077 44079 2591c7d LoadLibraryA 44078->44079 44080 258f47a 44079->44080 44081 2591c7d LoadLibraryA 44080->44081 44082 258f496 44081->44082 44083 2591c7d LoadLibraryA 44082->44083 44083->44077 44085 2591c7d LoadLibraryA 44084->44085 44086 25906f9 44085->44086 44087 2591c7d LoadLibraryA 44086->44087 44088 2590711 44087->44088 44089 2591c7d LoadLibraryA 44088->44089 44090 259072f 44089->44090 44091 2590758 44090->44091 44092 2590744 VirtualAlloc 44090->44092 44091->44077 44092->44091 44094 2590772 44092->44094 44093 2591c7d LoadLibraryA 44097 25907f0 44093->44097 44094->44091 44094->44093 44095 2590846 44095->44091 44096 2591c7d LoadLibraryA 44095->44096 44098 25908a8 44095->44098 44096->44095 44097->44091 44097->44095 44112 2591a84 44097->44112 44098->44091 44105 259090a 44098->44105 44116 258f866 44098->44116 44102 2590a16 44143 2590e06 LoadLibraryA 44102->44143 44103 25909cb 44103->44091 44139 25904c7 44103->44139 44105->44091 44105->44102 44105->44103 44109 2591c94 44108->44109 44110 2591cbb 44109->44110 44149 258fd82 LoadLibraryA 44109->44149 44110->44078 44114 2591a99 44112->44114 44113 2591b0f LoadLibraryA 44115 2591b19 44113->44115 44114->44113 44114->44115 44115->44097 44117 2591a84 LoadLibraryA 44116->44117 44118 258f87a 44117->44118 44121 258f882 44118->44121 44144 2591b22 44118->44144 44121->44091 44130 258f961 44121->44130 44122 258f8b8 VirtualProtect 44122->44121 44123 258f8cc 44122->44123 44124 258f8e6 VirtualProtect 44123->44124 44125 2591b22 LoadLibraryA 44124->44125 44126 258f907 44125->44126 44126->44121 44127 258f91e VirtualProtect 44126->44127 44127->44121 44128 258f92e 44127->44128 44129 258f943 VirtualProtect 44128->44129 44129->44121 44131 2591a84 LoadLibraryA 44130->44131 44132 258f977 44131->44132 44133 2591b22 LoadLibraryA 44132->44133 44134 258f987 44133->44134 44135 258f990 VirtualProtect 44134->44135 44136 258f9c4 44134->44136 44135->44136 44137 258f9a0 44135->44137 44136->44105 44138 258f9af VirtualProtect 44137->44138 44138->44136 44140 25904fa 44139->44140 44141 2590640 SafeArrayCreate 44140->44141 44142 25905a5 44140->44142 44141->44142 44142->44091 44142->44142 44143->44091 44145 2591b3d 44144->44145 44147 258f89a 44144->44147 44145->44147 44148 258ff27 LoadLibraryA 44145->44148 44147->44121 44147->44122 44148->44147 44149->44109
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,Xr$4$$Tr$$Tr$$Tr$$Tr$$Tr$$Tr$$Tr$$Tr$$Tr$$Tr
                                                                • API String ID: 0-1420815133
                                                                • Opcode ID: 7faf45b963faba05760fc8f78e079b0c55e49b1aac798c4beb1e01f00e9ae130
                                                                • Instruction ID: f18d4254ef534934d5568396724591994282e1c59ee709a69c98a07785ffe4a2
                                                                • Opcode Fuzzy Hash: 7faf45b963faba05760fc8f78e079b0c55e49b1aac798c4beb1e01f00e9ae130
                                                                • Instruction Fuzzy Hash: D2E20076B10118DFDB55EF64D994AAEBBB6FF88300F108099E90A9B394DB309D41CF91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: ,Xr$4$$Tr$$Tr$$Tr$$Tr
                                                                • API String ID: 0-822711912
                                                                • Opcode ID: 630a283964a0a24d3ed96f8a75f366cbf182e8185db5e4e8af2cb63ec0ff9d92
                                                                • Instruction ID: a9737b597bd701a3cf53ae471d775832e27cffd4804fec9d52908ef79aec6eda
                                                                • Opcode Fuzzy Hash: 630a283964a0a24d3ed96f8a75f366cbf182e8185db5e4e8af2cb63ec0ff9d92
                                                                • Instruction Fuzzy Hash: CF621E72A20114DFDB55EF64D894BAEBBB6FF88300F5480A9D50A9B398DB309D81CF51

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 778 29c5b30-29c5b62 780 29c5b68-29c5b7c 778->780 781 29c5f94-29c5fb2 778->781 782 29c5b7e 780->782 783 29c5b83-29c5c3a 780->783 785 29c63bf-29c63cb 781->785 782->783 827 29c5ed6-29c5efa 783->827 828 29c5c40-29c5c48 783->828 787 29c5fc0-29c5fcc 785->787 788 29c63d1-29c63e5 785->788 790 29c63ac-29c63b1 787->790 791 29c5fd2-29c6052 787->791 798 29c63bc 790->798 809 29c606a-29c6083 791->809 810 29c6054-29c605a 791->810 798->785 816 29c6085-29c60ae 809->816 817 29c60b3-29c60f1 809->817 811 29c605c 810->811 812 29c605e-29c6060 810->812 811->809 812->809 816->798 835 29c6116-29c6123 817->835 836 29c60f3-29c6114 817->836 837 29c5f7e-29c5f84 827->837 829 29c5c4f-29c5c57 828->829 830 29c5c4a-29c5c4e 828->830 833 29c5c5c-29c5c7e 829->833 834 29c5c59 829->834 830->829 843 29c5c80 833->843 844 29c5c83-29c5c89 833->844 834->833 848 29c612a-29c6130 835->848 836->848 839 29c5f86 837->839 840 29c5f91 837->840 839->840 840->781 843->844 846 29c5c8f-29c5ca9 844->846 847 29c5e43-29c5e4e 844->847 849 29c5ce9-29c5cf2 846->849 850 29c5cab-29c5caf 846->850 853 29c5e50 847->853 854 29c5e53-29c5e9d call 29c013c 847->854 851 29c614f-29c61a1 848->851 852 29c6132-29c614d 848->852 857 29c5cf8-29c5d08 849->857 858 29c5f79 849->858 850->849 856 29c5cb1-29c5cb9 850->856 892 29c62bc-29c62fb 851->892 893 29c61a7-29c61ac 851->893 852->851 853->854 902 29c5e9f-29c5ec9 854->902 903 29c5ecb-29c5ed0 854->903 859 29c5cbf 856->859 860 29c5d42-29c5ddb 856->860 857->858 862 29c5d0e-29c5d1f 857->862 858->837 865 29c5cc2-29c5cc4 859->865 875 29c5eff-29c5f13 860->875 876 29c5de1-29c5de5 860->876 862->858 866 29c5d25-29c5d35 862->866 871 29c5cc9-29c5cd4 865->871 872 29c5cc6 865->872 866->858 874 29c5d3b-29c5d40 866->874 871->858 877 29c5cda-29c5ce5 871->877 872->871 874->860 875->858 881 29c5f15-29c5f2f 875->881 876->875 879 29c5deb-29c5df9 876->879 877->865 882 29c5ce7 877->882 883 29c5e39-29c5e3d 879->883 884 29c5dfb 879->884 881->858 885 29c5f31-29c5f4e 881->885 882->860 883->846 883->847 887 29c5e01-29c5e03 884->887 885->858 889 29c5f50-29c5f6e 885->889 890 29c5e0d-29c5e29 887->890 891 29c5e05-29c5e09 887->891 889->858 894 29c5f70 889->894 890->858 896 29c5e2f-29c5e37 890->896 891->890 910 29c62fd-29c6315 892->910 911 29c6317-29c6326 892->911 897 29c61b6-29c61b9 893->897 894->858 896->883 896->887 900 29c61bf 897->900 901 29c6284-29c62ac 897->901 904 29c6228-29c6254 900->904 905 29c61c6-29c61f2 900->905 906 29c6256-29c6282 900->906 907 29c61f7-29c6223 900->907 909 29c62b2-29c62b6 901->909 902->903 903->827 904->909 905->909 906->909 907->909 909->892 909->897 912 29c632f-29c6391 910->912 911->912 922 29c639c-29c63aa 912->922 922->798
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$TJYr$TJYr$TeTr$pXr$xbWr
                                                                • API String ID: 0-3260586633
                                                                • Opcode ID: d727cf730714e6bbeb1e624857cdb9482064512eb44a66e4b5c9fc38972244c6
                                                                • Instruction ID: c861f91015561ae969f067dd14152f9498188047238c47b193febc24250ef9ca
                                                                • Opcode Fuzzy Hash: d727cf730714e6bbeb1e624857cdb9482064512eb44a66e4b5c9fc38972244c6
                                                                • Instruction Fuzzy Hash: 72521475A002149FDB55DFA8C984B69BBB2FF88304F5681A8E509AB376CB31EC51CF41

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2566 2530e61-2530ea8 CreateToolhelp32Snapshot 2569 2530f7e-2530f81 2566->2569 2570 2530eae-2530ecf Thread32First 2566->2570 2571 2530ed5-2530edb 2570->2571 2572 2530f6a-2530f79 2570->2572 2573 2530f4a-2530f64 2571->2573 2574 2530edd-2530ee3 2571->2574 2572->2569 2573->2571 2573->2572 2574->2573 2575 2530ee5-2530f04 2574->2575 2575->2573 2578 2530f06-2530f0a 2575->2578 2579 2530f22-2530f31 2578->2579 2580 2530f0c-2530f20 Wow64SuspendThread 2578->2580 2581 2530f36-2530f48 CloseHandle 2579->2581 2580->2581 2581->2573
                                                                APIs
                                                                • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,025309A7,?,00000001,?,81EC8B55,000000FF), ref: 02530E9F
                                                                • Thread32First.KERNEL32(00000000,0000001C), ref: 02530ECB
                                                                • Wow64SuspendThread.KERNEL32(00000000), ref: 02530F1E
                                                                • CloseHandle.KERNELBASE(00000000), ref: 02530F48
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmp, Offset: 02530000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_2530000_BtowsPlayer.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CloseCreateFirstHandleSnapshotSuspendThreadThread32Toolhelp32Wow64
                                                                • String ID:
                                                                • API String ID: 1849706056-0
                                                                • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                • Instruction ID: ccfd003b1c7edb91397d25d62cb042949d144c9efa18723003bf631704523e05
                                                                • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                • Instruction Fuzzy Hash: F141FB75A00209AFDB18DF98C491BADBBB6EF88300F10C168EA15DB7D4DB34AE45CB54

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2774 2530d11-2530d68 GetPEB 2775 2530d73-2530d77 2774->2775 2776 2530e17-2530e1e 2775->2776 2777 2530d7d-2530d88 2775->2777 2778 2530e29-2530e2d 2776->2778 2779 2530e12 2777->2779 2780 2530d8e-2530da5 2777->2780 2782 2530e2f-2530e3c 2778->2782 2783 2530e3e-2530e45 2778->2783 2779->2775 2784 2530da7-2530dc8 2780->2784 2785 2530dca-2530de2 CreateThread 2780->2785 2782->2778 2788 2530e47-2530e49 2783->2788 2789 2530e4e-2530e53 2783->2789 2786 2530de6-2530dee 2784->2786 2785->2786 2786->2779 2791 2530df0-2530e0d 2786->2791 2788->2789 2791->2779
                                                                APIs
                                                                • CreateThread.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000), ref: 02530DDD
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmp, Offset: 02530000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_2530000_BtowsPlayer.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateThread
                                                                • String ID: ,
                                                                • API String ID: 2422867632-3772416878
                                                                • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                • Instruction ID: bdce9c18b444453f50303cdcc1f3309c6d27784f7f1b65fbc5fe2ae386236f2a
                                                                • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                • Instruction Fuzzy Hash: E441B474A00209EFDB14CF98C994BAEBBB1BF48314F208598D5156B391C771AE91DF98

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 3078 29c53c0-29c53c2 3079 29c53cd-29c53e1 3078->3079 3080 29c53e9-29c5649 3079->3080
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$4'Tr
                                                                • API String ID: 0-3787567430
                                                                • Opcode ID: 97133d25f4e13e1080e2548c220974c6cd3d535f97d1844138971edfe5e3cc55
                                                                • Instruction ID: f21f776c5a199d67a33543f6aeb91965a28f0e3c3d9c4b0184fc68b3e4a2f384
                                                                • Opcode Fuzzy Hash: 97133d25f4e13e1080e2548c220974c6cd3d535f97d1844138971edfe5e3cc55
                                                                • Instruction Fuzzy Hash: 3B515071E212408BD749EF6AE956699FFF3AFD8300F14D47AD0049B3A8EF3055069B51

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 3111 29c53d0-29c53e1 3112 29c53e9-29c5649 3111->3112
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr$4'Tr
                                                                • API String ID: 0-3787567430
                                                                • Opcode ID: 412c80d7bf26de6f4ccca3ce78dd6e52f260c9beab9601cc8dfdbcf2d8cbcaa5
                                                                • Instruction ID: f6423dd661cc70db50b9355d52d91ef252bb4417cc16b6cb98e2b1fd8aa00b5a
                                                                • Opcode Fuzzy Hash: 412c80d7bf26de6f4ccca3ce78dd6e52f260c9beab9601cc8dfdbcf2d8cbcaa5
                                                                • Instruction Fuzzy Hash: 4B512E71E212448BD749EF6AE95A699FFF3AFD8300F14D47AD0049B3A8EF3015069B51
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (_Tr
                                                                • API String ID: 0-1140766976
                                                                • Opcode ID: c08def90c8bf27abbd26228ef275341e958e602aa9ff09e17aab9c91d91168bb
                                                                • Instruction ID: d5f8c01f0681e59dcedd59307e7585dfc33263278ff9290a8dbc6a79bea0608e
                                                                • Opcode Fuzzy Hash: c08def90c8bf27abbd26228ef275341e958e602aa9ff09e17aab9c91d91168bb
                                                                • Instruction Fuzzy Hash: C3522E72B201059BDB15EF69D494A6E7BB7FF88300F148169E906AB398DF709C42CF91
                                                                APIs
                                                                • CreateThread.KERNELBASE(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 025309F4
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmp, Offset: 02530000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_2530000_BtowsPlayer.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: CreateThread
                                                                • String ID:
                                                                • API String ID: 2422867632-0
                                                                • Opcode ID: ab5d47d79a2d43a5b885d4cd1ac6413eb39dbc8d65d1c3a23088184392affe3b
                                                                • Instruction ID: 9ac5594606234364a68462d1aebee052d36a6ae4cd5381d0eeb5ec48043e710e
                                                                • Opcode Fuzzy Hash: ab5d47d79a2d43a5b885d4cd1ac6413eb39dbc8d65d1c3a23088184392affe3b
                                                                • Instruction Fuzzy Hash: 9412C0B0E00219DFDB15CF98C990BADBBB2FF88304F2482A9D515AB385D734AA41CF54
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: D[r
                                                                • API String ID: 0-3764133591
                                                                • Opcode ID: 9b7485684163c60ccde9ab510d75f6ccafe679e98f9990be0ffd918187314e33
                                                                • Instruction ID: e820249bade755b02cfa335b37ed5f5a35546b2827d178d1bc00035f710ba7f3
                                                                • Opcode Fuzzy Hash: 9b7485684163c60ccde9ab510d75f6ccafe679e98f9990be0ffd918187314e33
                                                                • Instruction Fuzzy Hash: 23E12670A012809FC712DF78D4A5AA9BFF2FF89314B2D819DE4459BB56C7349D42CB81
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 28ed1191ff7c74d3cedc0be86cd13a37dcf8d48f8763fe54d3b51171bf35605c
                                                                • Instruction ID: f95b94c8b59d60b2c525382fc9cb2e89713e28c36db8359f29e03ee4fe75ef9d
                                                                • Opcode Fuzzy Hash: 28ed1191ff7c74d3cedc0be86cd13a37dcf8d48f8763fe54d3b51171bf35605c
                                                                • Instruction Fuzzy Hash: 0C124F727241059BDB05EF69D4A4A6E7BB3EFC8710F148169E9069B388DF709C42CF91

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2582 258f866-258f880 call 2591a84 2585 258f888-258f8a1 call 2591b22 2582->2585 2586 258f882-258f883 2582->2586 2590 258f959 2585->2590 2591 258f8a7-258f8b2 2585->2591 2587 258f95d-258f960 2586->2587 2592 258f95b-258f95c 2590->2592 2591->2590 2593 258f8b8-258f8c6 VirtualProtect 2591->2593 2592->2587 2593->2590 2594 258f8cc-258f90e call 2591a7a call 25920f2 VirtualProtect call 2591b22 2593->2594 2594->2590 2601 258f910-258f91c 2594->2601 2601->2590 2602 258f91e-258f92c VirtualProtect 2601->2602 2602->2590 2603 258f92e-258f957 call 2591a7a call 25920f2 VirtualProtect 2602->2603 2603->2592
                                                                APIs
                                                                  • Part of subcall function 02591A84: LoadLibraryA.KERNELBASE(00000000,?,?), ref: 02591B16
                                                                • VirtualProtect.KERNELBASE(00000000,0000000C,00000040,?), ref: 0258F8C1
                                                                • VirtualProtect.KERNELBASE(00000000,0000000C,?,?), ref: 0258F8F4
                                                                • VirtualProtect.KERNELBASE(00000000,0040145E,00000040,?), ref: 0258F927
                                                                • VirtualProtect.KERNELBASE(00000000,0040145E,?,?), ref: 0258F951
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmp, Offset: 02530000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_2530000_BtowsPlayer.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ProtectVirtual$LibraryLoad
                                                                • String ID:
                                                                • API String ID: 895956442-0
                                                                • Opcode ID: 2e97600cb857c96b3e27a7ca78dc6b50189988e4741ea1636e9ebab3cfc04358
                                                                • Instruction ID: d9787e533f38c71c951270ec8a5821575c117499f944376b3373f8dfef9d7e15
                                                                • Opcode Fuzzy Hash: 2e97600cb857c96b3e27a7ca78dc6b50189988e4741ea1636e9ebab3cfc04358
                                                                • Instruction Fuzzy Hash: 7221DB721046077FE710BD659C44FB7779DEB89304F44083EFB4AE1450EBA9A90587B9

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2608 29c6e71-29c6e78 2609 29c6e7a-29c71a6 2608->2609 2610 29c6e0b-29c6e61 2608->2610 2613 29c6e69-29c6e6a 2610->2613
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: &(,k$('Y{$e'o$}IIS
                                                                • API String ID: 0-1374273654
                                                                • Opcode ID: 9bbd092c6b4756c2a10f33673ac518ca38d40e322dd7dd53a73c35f8455001e2
                                                                • Instruction ID: 9b3b3bd6159f3f4a28624122587363cd50636de23154e1d8c2a88f06f0da03ba
                                                                • Opcode Fuzzy Hash: 9bbd092c6b4756c2a10f33673ac518ca38d40e322dd7dd53a73c35f8455001e2
                                                                • Instruction Fuzzy Hash: A99187B1815A448FD349DF0A8589BE5BBE0BF89350F5A82FAC14D8F332EB7580458F95

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2793 2591a84-2591a97 2794 2591a99-2591a9c 2793->2794 2795 2591aaf-2591ab9 2793->2795 2796 2591a9e-2591aa1 2794->2796 2797 2591ac8-2591ad4 2795->2797 2798 2591abb-2591ac3 2795->2798 2796->2795 2799 2591aa3-2591aad 2796->2799 2800 2591ad7-2591adc 2797->2800 2798->2797 2799->2795 2799->2796 2801 2591b0f-2591b16 LoadLibraryA 2800->2801 2802 2591ade-2591ae9 2800->2802 2805 2591b19-2591b1d 2801->2805 2803 2591aeb-2591b03 call 2592152 2802->2803 2804 2591b05-2591b09 2802->2804 2803->2804 2809 2591b1e-2591b20 2803->2809 2804->2800 2807 2591b0b-2591b0d 2804->2807 2807->2801 2807->2805 2809->2805
                                                                APIs
                                                                • LoadLibraryA.KERNELBASE(00000000,?,?), ref: 02591B16
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmp, Offset: 02530000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_2530000_BtowsPlayer.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: LibraryLoad
                                                                • String ID: .dll
                                                                • API String ID: 1029625771-2738580789
                                                                • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                • Instruction ID: 524e90dbcfa4993f8c77a341c8e1f8b62c50108d60c2d94037c903c15a0d97f5
                                                                • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                • Instruction Fuzzy Hash: B721E7356006A69FEF21DFACC844B6D7FA6BF05264F19806CD80987A41D730EC45C794

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 2810 258f961-258f98e call 2591a84 call 2591b22 2815 258f990-258f99e VirtualProtect 2810->2815 2816 258f9c4 2810->2816 2815->2816 2818 258f9a0-258f9c2 call 25920f2 VirtualProtect 2815->2818 2817 258f9c6-258f9c9 2816->2817 2818->2817
                                                                APIs
                                                                  • Part of subcall function 02591A84: LoadLibraryA.KERNELBASE(00000000,?,?), ref: 02591B16
                                                                • VirtualProtect.KERNELBASE(00000000,00000004,00000040,?), ref: 0258F999
                                                                • VirtualProtect.KERNELBASE(00000000,00000004,?,?), ref: 0258F9BC
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmp, Offset: 02530000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_2530000_BtowsPlayer.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ProtectVirtual$LibraryLoad
                                                                • String ID:
                                                                • API String ID: 895956442-0
                                                                • Opcode ID: 31a2c6fb5a155253d75781cd9ceba9c7cc267d2f06376007566f6440306b8afe
                                                                • Instruction ID: ae2e1ad98930c27d5e90d2917916286e311c08f8d161aa68efdcf90920abc30b
                                                                • Opcode Fuzzy Hash: 31a2c6fb5a155253d75781cd9ceba9c7cc267d2f06376007566f6440306b8afe
                                                                • Instruction Fuzzy Hash: A1F0A4B22406147EE611AA64CC41FFB37ADEF89B14F400419FB0AE6080FBA5E605C7B9

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 3027 52a3730-52a3738 3028 52a373a-52a374c 3027->3028 3029 52a37a7-52a3805 3027->3029 3076 52a374f call 52a3768 3028->3076 3077 52a374f call 52a3758 3028->3077 3037 52a380b-52a380d 3029->3037 3038 52a390c-52a393e 3029->3038 3030 52a3751 3039 52a3813-52a3832 3037->3039 3040 52a3945-52a3974 3037->3040 3038->3040 3047 52a397b-52a3998 3039->3047 3048 52a3838-52a385a 3039->3048 3040->3047 3055 52a399f-52a39fb 3047->3055 3048->3055 3056 52a3860-52a3882 call 52a04d0 3048->3056 3065 52a3888-52a38fc 3056->3065 3066 52a3904-52a3909 3056->3066 3065->3066 3076->3030 3077->3030
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (Xr$(Xr
                                                                • API String ID: 0-1929085909
                                                                • Opcode ID: 42132cf3d510c75ac97eda670cc4fbdcbdd1ee0828f16f70e863dc53064aab92
                                                                • Instruction ID: 4ec0957563cb9a1e14a2ba6cc077247f44bcdc7889e86faa4679d4a803800aa4
                                                                • Opcode Fuzzy Hash: 42132cf3d510c75ac97eda670cc4fbdcbdd1ee0828f16f70e863dc53064aab92
                                                                • Instruction Fuzzy Hash: FB5191327242445BD708EF79D8A5A2E7BE6EFD5210B50846EE5068B398EE309C06CBD1

                                                                Control-flow Graph

                                                                • Executed
                                                                • Not Executed
                                                                control_flow_graph 3143 29c18ed-29c19b4 call 29c1d80 call 29c012c 3161 29c18ff-29c1a22 call 29c013c call 29c014c call 29c015c 3143->3161 3162 29c1986 3143->3162 3174 29c1a2a-29c1a46 3161->3174 3162->3161 3176 29c1a48 3174->3176 3177 29c1a51 3174->3177 3176->3177
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TeTr$TeTr
                                                                • API String ID: 0-2653051871
                                                                • Opcode ID: adc8bb9b80bd4407b84c72bc94f4eaef4e5e867ccc05e98efdbeb33eba4d2339
                                                                • Instruction ID: d870f2909246e23296eac9214db2d25aebc83754c1f03f2d28c3db0720ec4d40
                                                                • Opcode Fuzzy Hash: adc8bb9b80bd4407b84c72bc94f4eaef4e5e867ccc05e98efdbeb33eba4d2339
                                                                • Instruction Fuzzy Hash: AB41E474B00104CFCB48DFA8E598AADBBF2BF8C310F6544A9E50AAB361CA359C40CF55
                                                                APIs
                                                                • SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 02590658
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmp, Offset: 02530000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_2530000_BtowsPlayer.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: ArrayCreateSafe
                                                                • String ID:
                                                                • API String ID: 37945469-0
                                                                • Opcode ID: 3a71c02433a8139c968cc3f30c4dd14e73a6b67554079fc4c70d085402dfb9e4
                                                                • Instruction ID: 12086885e3d906fe0e367b6effd4c54d52fbe3597cbf90ac80e1bb4b649cdf39
                                                                • Opcode Fuzzy Hash: 3a71c02433a8139c968cc3f30c4dd14e73a6b67554079fc4c70d085402dfb9e4
                                                                • Instruction Fuzzy Hash: 99614B71200256AFDB14DF60C884FABBBE8BF89315F048969E959CB141DB30E945CFA5
                                                                APIs
                                                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 02590750
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1241190201.0000000002530000.00000040.00001000.00020000.00000000.sdmp, Offset: 02530000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_2530000_BtowsPlayer.jbxd
                                                                Yara matches
                                                                Similarity
                                                                • API ID: AllocVirtual
                                                                • String ID:
                                                                • API String ID: 4275171209-0
                                                                • Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                • Instruction ID: 9b9dd10b6e87ce135f3909087919ff0d89d1533262011129dc5de525ed7e18d2
                                                                • Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                • Instruction Fuzzy Hash: B4B1BF32600A06EFDF21AB64CC80BBBBBE9FF45314F140D29E95996190E731E550DFA9
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: D[r
                                                                • API String ID: 0-3764133591
                                                                • Opcode ID: d4dffa1b0ce0ffa9bb56bdebef271eb3d4d528006c0cc2938537689f49184cc9
                                                                • Instruction ID: 5295b40449507da285498160fd745a489a313267eea24c00b86e9eb6d042d60f
                                                                • Opcode Fuzzy Hash: d4dffa1b0ce0ffa9bb56bdebef271eb3d4d528006c0cc2938537689f49184cc9
                                                                • Instruction Fuzzy Hash: 5CB19D71A002009FD714EF69D599A59BBF6FF88710F2585A9E406AB3A5DB30EC01CF91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: (Xr
                                                                • API String ID: 0-3024585269
                                                                • Opcode ID: c050ff1b42076c414da1cb3b108f6d363ae9341fc9029f114d0893a83ab398ab
                                                                • Instruction ID: 0e3c0bfe2e99ba849f463d820cb5bfc192995b1a6d6853224caada5bb6d286b0
                                                                • Opcode Fuzzy Hash: c050ff1b42076c414da1cb3b108f6d363ae9341fc9029f114d0893a83ab398ab
                                                                • Instruction Fuzzy Hash: 7061AE76A106048FCB14DF68D59455EBBF2FFC9310B1089AED95ADB748EB30AC018F81
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: D[r
                                                                • API String ID: 0-3764133591
                                                                • Opcode ID: c267c219fb76e6e87094c58054539611fc9a81d0458ec8a3fecca21082608976
                                                                • Instruction ID: b7bb77adc749e27c82d9b474bdddc777166bc1616c8fc728614ec1e0ae8cd6d3
                                                                • Opcode Fuzzy Hash: c267c219fb76e6e87094c58054539611fc9a81d0458ec8a3fecca21082608976
                                                                • Instruction Fuzzy Hash: 5B618D75A106009FC714EF29D589A59FBF6FF88310B2585A9E416EB3A4EB30EC41CF91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: pXr
                                                                • API String ID: 0-1419380911
                                                                • Opcode ID: eff5cfbf86cd3288b250d29d355579861e8363387f8fd73dbe437891fdfd1eef
                                                                • Instruction ID: 4c4348d312d8e6863c049d6b9b54c15790e0b9022187de7adc5b36a91c236cb9
                                                                • Opcode Fuzzy Hash: eff5cfbf86cd3288b250d29d355579861e8363387f8fd73dbe437891fdfd1eef
                                                                • Instruction Fuzzy Hash: 4E51FC36210100AFDB45AFA8D958D6ABFB7FF8C3107558099E6068B3B9DB31D812DF91
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: p<Tr
                                                                • API String ID: 0-131525428
                                                                • Opcode ID: 339aaf00fda997f8a04b8409be149252e379b4b98ed2f2be488c990b74745a3a
                                                                • Instruction ID: 3c6bdaecf738504cb31b86ab11207172a9e705486f1b3fe834d54237bbcb5623
                                                                • Opcode Fuzzy Hash: 339aaf00fda997f8a04b8409be149252e379b4b98ed2f2be488c990b74745a3a
                                                                • Instruction Fuzzy Hash: 84316D723141559FDB05DE6AD890AAA3BABFF89340F044455FD09C73A4DB34DC91CB60
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: p<Tr
                                                                • API String ID: 0-131525428
                                                                • Opcode ID: 15ca347a59c94ab1447f6535fdfb26a88a7f105044ca77c217452edc30b82de5
                                                                • Instruction ID: 7a2b827f912df1da314e37de71e65b501b60213af831578fc375a9faf425342e
                                                                • Opcode Fuzzy Hash: 15ca347a59c94ab1447f6535fdfb26a88a7f105044ca77c217452edc30b82de5
                                                                • Instruction Fuzzy Hash: B5219C32314155AFDB05EF5AD890AAA3BABFF89340B448415FD09C73A4DB30DC91CB60
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: fYr
                                                                • API String ID: 0-408826301
                                                                • Opcode ID: 32bc3b276a332315879a3bb678eb56a46d30f6aeadbdec15c28e925955a97e22
                                                                • Instruction ID: 16a2bf735ea03986eca21ace226a7499fc5ce615c4b8a8755ada8d95d4273862
                                                                • Opcode Fuzzy Hash: 32bc3b276a332315879a3bb678eb56a46d30f6aeadbdec15c28e925955a97e22
                                                                • Instruction Fuzzy Hash: 1E11E6327152115BEB18DA69A850AAFBF9BFBC0B65F10407EF505C7684DE729C0147D0
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: dXr
                                                                • API String ID: 0-3437053986
                                                                • Opcode ID: 52a0a1757b76cdb67b7b1c3d990330325dd0ccdbef57b0f124c7fc79f70928d2
                                                                • Instruction ID: a0ea81536e26b71f107ad01e6fb82d22b71498b22fa6f7cb54622cc95598ce99
                                                                • Opcode Fuzzy Hash: 52a0a1757b76cdb67b7b1c3d990330325dd0ccdbef57b0f124c7fc79f70928d2
                                                                • Instruction Fuzzy Hash: 1D11A376A201048BCB04FFB8E5461AE7BB5EB88310F50496AE505E7348EF7059198BD2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: TeTr
                                                                • API String ID: 0-1273742946
                                                                • Opcode ID: 22a6be4f01ba9bad7ffde92f16bf6e27f62116e182c08161446511c5bdd52072
                                                                • Instruction ID: 304b8e9a31c20c84610842890d2fc8c778db25f1503825f020b448daa568fdd4
                                                                • Opcode Fuzzy Hash: 22a6be4f01ba9bad7ffde92f16bf6e27f62116e182c08161446511c5bdd52072
                                                                • Instruction Fuzzy Hash: 0311733172421497DB14AF58E46A7AF7AB2DBC8715F60416DD502AB3C8CF744C068BE2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: dXr
                                                                • API String ID: 0-3437053986
                                                                • Opcode ID: cc2a03d4264f0bbd886a521ddbfa5d17358bed568bae3464c52f63f246b43d74
                                                                • Instruction ID: 0bb1ff7f376a0a196083cf8c51fe42fffa97162aff8d1fd88e77876fa07bcb15
                                                                • Opcode Fuzzy Hash: cc2a03d4264f0bbd886a521ddbfa5d17358bed568bae3464c52f63f246b43d74
                                                                • Instruction Fuzzy Hash: 8011A532A201098FC704FF78E4455AE7BB5EBC8310F50456AE505E7348EF705D558BE2
                                                                Strings
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID: 4'Tr
                                                                • API String ID: 0-64186575
                                                                • Opcode ID: 669b8b641fd14775101559670dd4e9006a15941f6d921f8a583b8fbd7ec0f6dc
                                                                • Instruction ID: 5a853c8eb10625f9656db4f6e4ff852c44d44cf2a3120b18e7bc8f58b34c3c68
                                                                • Opcode Fuzzy Hash: 669b8b641fd14775101559670dd4e9006a15941f6d921f8a583b8fbd7ec0f6dc
                                                                • Instruction Fuzzy Hash: C401F732A211049FCB04EF68D892659BB76EFD1300F9084ED9505CB395EE31AD01CB42
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 44a3708f96544c7ff5ec9b2ccf5a93861ddef4f4b48235c8739c0e60eb7428ae
                                                                • Instruction ID: 3934b9820b482fb5500bfc8dd3068580f8e477b8856a38c0e466658a6642f9f2
                                                                • Opcode Fuzzy Hash: 44a3708f96544c7ff5ec9b2ccf5a93861ddef4f4b48235c8739c0e60eb7428ae
                                                                • Instruction Fuzzy Hash: 96A17172B102148FDB15EF65D484A5EBBB6EF88310F11816AE9069B798DB30ED42CFD1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 24b54faabcd1e28e4c917b486a803521efa313326d8c0458310d7219b60c2eb8
                                                                • Instruction ID: 9a1604c059a467bbe22bb0c4fbf41089a4d5c14e1cfbae85e60062afd9eccbcf
                                                                • Opcode Fuzzy Hash: 24b54faabcd1e28e4c917b486a803521efa313326d8c0458310d7219b60c2eb8
                                                                • Instruction Fuzzy Hash: 3C7150723341409BD748AFA8E49462E3EA7EFC8701B5494BEA607DB3C9DD709C468F91
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 06b9231270999eeb4d6d9df51b1b8bc92f500cd4f8e266e0c22639078b492e7c
                                                                • Instruction ID: 89af2923a983fc5d7493f06aa521233f7753682fe45b06cdbfb39f95c30a9257
                                                                • Opcode Fuzzy Hash: 06b9231270999eeb4d6d9df51b1b8bc92f500cd4f8e266e0c22639078b492e7c
                                                                • Instruction Fuzzy Hash: 5D515132B202059BDB15EF69D899B5ABBB6FFC8714F108429990697388DF709C068FD1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256420504.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 0a92e276d0386f5b9ca5eca827112ad9ce200277deaf893ba26a7e3902309012
                                                                • Instruction ID: d02b6fdad31140cf4a8b90b9da1543ee060b0aa6ef677b6b310685b1fea87753
                                                                • Opcode Fuzzy Hash: 0a92e276d0386f5b9ca5eca827112ad9ce200277deaf893ba26a7e3902309012
                                                                • Instruction Fuzzy Hash: A3216BB3A092446FC701DBA4EC51A5BBFBAEB85250B1580ABE445D7351E931DC02CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1a99f75c72f48e1746ffd8d88c83161d00d7b2bf74339c7c2bb802e9ed7c0056
                                                                • Instruction ID: a783e5cc35e82d73ade51598aaa5f51ed9c8843225996d1bc4c166f75ff1b925
                                                                • Opcode Fuzzy Hash: 1a99f75c72f48e1746ffd8d88c83161d00d7b2bf74339c7c2bb802e9ed7c0056
                                                                • Instruction Fuzzy Hash: 95314171610108ABDB04EFA9D49499FBFBAEFCC720F508169E916A73C8DE709C458F91
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: beccd170906bf3e37d566afc90ba33cba81a716ea6dd07af5fa50b5a312656ec
                                                                • Instruction ID: 4d6e4f849c5e028afabc0c3d8ffdb2d873141c1f92d2d8f2d969a7fcc5554cc4
                                                                • Opcode Fuzzy Hash: beccd170906bf3e37d566afc90ba33cba81a716ea6dd07af5fa50b5a312656ec
                                                                • Instruction Fuzzy Hash: D92153317202045FDB15AE69949576E7AE7EFC8750F20406AEA06DB388EF748C45CBA2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1240919167.000000000240D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0240D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_240d000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4fd8c7de7dbf23134fd31e8a4fbf0d90044605fc71a9f85bdd0463a3a5da7b52
                                                                • Instruction ID: ef1a31bc5b68f9f9c619a822378e56752cd1c663f55a1625bf7f7e70a9ce893d
                                                                • Opcode Fuzzy Hash: 4fd8c7de7dbf23134fd31e8a4fbf0d90044605fc71a9f85bdd0463a3a5da7b52
                                                                • Instruction Fuzzy Hash: 34210371904240DFDB10DF94D9C0B27BF61FB88714F24897AE8090B38AC336D49ACAA2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c5cca0ea29d1d7b8f1bc73451d44f801fe3b9c511022d75010bda75e15fee153
                                                                • Instruction ID: e2c8cc80ce831a874ab3625cac70c6818246536b07c4ae1378a118095b66d3b0
                                                                • Opcode Fuzzy Hash: c5cca0ea29d1d7b8f1bc73451d44f801fe3b9c511022d75010bda75e15fee153
                                                                • Instruction Fuzzy Hash: 3311B4377301004BD705BB64E09925A7BB7EBD8361B6480AADC028B3C8EF749C468BD2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bffbb6b20a05591f028782a7a16d90ab9ecbf41c37f125be534fbca667a67b12
                                                                • Instruction ID: b4129684bc4e5dec17f5c4e7a991bd767c1871b720ac283b7a0d20cd3aaf12f6
                                                                • Opcode Fuzzy Hash: bffbb6b20a05591f028782a7a16d90ab9ecbf41c37f125be534fbca667a67b12
                                                                • Instruction Fuzzy Hash: 2A1172367202104BC705BB64E05961A7BA7EBC976176481AADC028B388EF749C468BD2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 121f68b4ff06ad8f052ec9264909ea3f5dc00f8244fb80df1b79d2fe48e3f687
                                                                • Instruction ID: 02128aa6e7d46cd648852824c8e505109d61bae36195c5a0d27464eebae8af66
                                                                • Opcode Fuzzy Hash: 121f68b4ff06ad8f052ec9264909ea3f5dc00f8244fb80df1b79d2fe48e3f687
                                                                • Instruction Fuzzy Hash: 00110632605258AFC701CBA9E850A46FFA9EF86320B2581BBD558C7642CB31EC05C7D1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1240919167.000000000240D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0240D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_240d000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 44195b226622b2357867078cbf7d777eed692dc547cb2d0e6dead9440e4eb0ea
                                                                • Instruction ID: f70e37ca35f104c1fbd61cf27bc536aa81720b808e036928206da2a640eab450
                                                                • Opcode Fuzzy Hash: 44195b226622b2357867078cbf7d777eed692dc547cb2d0e6dead9440e4eb0ea
                                                                • Instruction Fuzzy Hash: 1111B176904280CFCB11CF94D9C4B16BF62FB84714F2486AAD8094B356C336D49ACBA1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: eac457f550ac62464d2d31499306770d58cc80fce002bc777ccdd0b82d1a03c6
                                                                • Instruction ID: ced299477500e9b7fed413251e3fd6c2d3eba398ecc8f76573b4a1b4c0ab3199
                                                                • Opcode Fuzzy Hash: eac457f550ac62464d2d31499306770d58cc80fce002bc777ccdd0b82d1a03c6
                                                                • Instruction Fuzzy Hash: E60188363111147B8B055E59EC8486FBF6AEFC8270700803DFB0587384CE718C159B91
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1240919167.000000000240D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0240D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_240d000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: dfe2b6e3c0d56fbd955089896401ef6c9b3dc06b4bfedd3a4a4a7a2e988f7415
                                                                • Instruction ID: ec73b35cd04cade115ff83c46897f1192b8bacee3dca836414f89045d4c0014f
                                                                • Opcode Fuzzy Hash: dfe2b6e3c0d56fbd955089896401ef6c9b3dc06b4bfedd3a4a4a7a2e988f7415
                                                                • Instruction Fuzzy Hash: 6F01527140D3C09FD7128B658894B52BFB4DF43224F1981DBD9988F2E3C2699849CB72
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1240919167.000000000240D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0240D000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_240d000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 58937c315bc04168d9665c436177d6a279556ff18ed20c9ebcdb3bebb773a4c4
                                                                • Instruction ID: f7b94694c0f3422a13d39e12ce2c6ab3d4508d1586085a4a8f95b18571245838
                                                                • Opcode Fuzzy Hash: 58937c315bc04168d9665c436177d6a279556ff18ed20c9ebcdb3bebb773a4c4
                                                                • Instruction Fuzzy Hash: 8801D471908340DBE7108AA5C9C4F63BF88DF81228F18C43BED481A2C6C37994CACAB1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2bb9e7f3d26ca5b9a913be839b9cac9c0be2d406bb548a53477f366d4c928198
                                                                • Instruction ID: a183fd432229711380432d92d1c63f02707c1c2a1573373034e1f290e99a5933
                                                                • Opcode Fuzzy Hash: 2bb9e7f3d26ca5b9a913be839b9cac9c0be2d406bb548a53477f366d4c928198
                                                                • Instruction Fuzzy Hash: 6DF0F9356452801FC3459778E896BB63BA5EFCA324F19409AD046CB247C8158C078B22
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: f22a16d58074cd700932b40b554a70e670bcf08795e38f9a53be1559473d3624
                                                                • Instruction ID: aaeec9d4affedb1c44065db430b5585618d7436a1e844a46a340bbb9eddcb517
                                                                • Opcode Fuzzy Hash: f22a16d58074cd700932b40b554a70e670bcf08795e38f9a53be1559473d3624
                                                                • Instruction Fuzzy Hash: CEF0EC721051987FCF439E95DC10CFA7FB9EF4D250B099086FE9482262C676D961EFA0
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ba0c7195ce391cb052ad33717cf3225309e8a7c1b449ebc9746f4c7f6fed9e27
                                                                • Instruction ID: 144e02ca41c8a12bd17d55a1da21ba3e61387dba9fe85df4ebed80563b1d388e
                                                                • Opcode Fuzzy Hash: ba0c7195ce391cb052ad33717cf3225309e8a7c1b449ebc9746f4c7f6fed9e27
                                                                • Instruction Fuzzy Hash: ABF024316443805FC3098768E8A1BF63FB1DFC6329B2D409BE98ACB283D8564803CB56
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1d74881c3dc7a6d795c10c4524332b9d8ac0d88f87938b01a9c5ab7bd9cbfe37
                                                                • Instruction ID: f93bf6252f52fb524b40fcda9ad6378f20691a3237c7e5786413f8d3128555a2
                                                                • Opcode Fuzzy Hash: 1d74881c3dc7a6d795c10c4524332b9d8ac0d88f87938b01a9c5ab7bd9cbfe37
                                                                • Instruction Fuzzy Hash: 64F0E577D15245AFDB05CB60CC81719BBB5EF45204FA841EED408D7701FA71E90187C1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 29d63e9e5e373a2acb58fcab000d360f40aa3200cbb7f39aab94ecd9188af9eb
                                                                • Instruction ID: c5c57fe39003effe0d3e96202f7c914ee51536112466dd10b92ec923f2d1edb3
                                                                • Opcode Fuzzy Hash: 29d63e9e5e373a2acb58fcab000d360f40aa3200cbb7f39aab94ecd9188af9eb
                                                                • Instruction Fuzzy Hash: 07F0C21048E7E05FD32B077818721E47FB4DD4326535A16DBD9C29B163C00E582BC7A2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 297574ae21173f7cdded02dcfe8a9870a3173aeecfbb28d15b734818f15df7a7
                                                                • Instruction ID: cc1a13e177bfd9c92b695566f7f22b63208981fd827c1f6f7013e93892590cd6
                                                                • Opcode Fuzzy Hash: 297574ae21173f7cdded02dcfe8a9870a3173aeecfbb28d15b734818f15df7a7
                                                                • Instruction Fuzzy Hash: E2F0EC333302045BCE14AD5E9C10B2637ABAFC5750F25006AA605DB384DDB0D812C792
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 430e6f56bfb0f88d01ec7e96ac5cfc8840b9db5c1311ebc1aa84e1d7cc54baaa
                                                                • Instruction ID: 23fc94ee5a7132e3100378891f80a89abdcb49f595c05a5fca6c135ca6a2b2fa
                                                                • Opcode Fuzzy Hash: 430e6f56bfb0f88d01ec7e96ac5cfc8840b9db5c1311ebc1aa84e1d7cc54baaa
                                                                • Instruction Fuzzy Hash: 7DF0BB3252D3C04FC342FB60E9A5415BF76FFC230471848DEE4854B26BD6619D06CB62
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 2b6f7d399200406b2c579997c1881e9f68d8db8529b96d1161aee4492b9e6df1
                                                                • Instruction ID: 2793c69bddd4eb19be9453f3ad41583067ea04cb6185e49eef9b96ec73ad7e53
                                                                • Opcode Fuzzy Hash: 2b6f7d399200406b2c579997c1881e9f68d8db8529b96d1161aee4492b9e6df1
                                                                • Instruction Fuzzy Hash: 0CF0553333024097CF14AE2DAC54B267BABBF81710F2900AEE609DF280DE708816C762
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 061cebdefb489c2b2f80bda839debd269e6ada2f72ffe257377362219437d71c
                                                                • Instruction ID: ad38fa75b8bd197f0e08eea54d2b4304a8c79fb2292b3718c38db01a06401c37
                                                                • Opcode Fuzzy Hash: 061cebdefb489c2b2f80bda839debd269e6ada2f72ffe257377362219437d71c
                                                                • Instruction Fuzzy Hash: 55F01C72104198BFDB028FA5CC01DFA7FB9EF4A264F098186FD9492251C676DD21DBA0
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 79157f3c516dd3ff5a61283e0137b07536ae75a42f8f37162da7434943d73a31
                                                                • Instruction ID: 53dbc0b32632a0c1b9adab0a411a3f5152180b0cf7e716f7cce39521a9bd7ec7
                                                                • Opcode Fuzzy Hash: 79157f3c516dd3ff5a61283e0137b07536ae75a42f8f37162da7434943d73a31
                                                                • Instruction Fuzzy Hash: 62E0D83A3051111BD6041BA6749457A6FABDBD965171841ABE909C3384CA304C128790
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4662b9943cd168513b5f31ad022cbac1631ebd1d5e7623f489b337995f0dd42f
                                                                • Instruction ID: 8b6c533f17587c46503f561b1617c7d47440be6a0f2d7f57fba4e09ca4ffd882
                                                                • Opcode Fuzzy Hash: 4662b9943cd168513b5f31ad022cbac1631ebd1d5e7623f489b337995f0dd42f
                                                                • Instruction Fuzzy Hash: 4AE0D8F2805148AFC700DEB4C96164B7FB9DF81241B4644FE9008DF250FE36DD049B92
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6201a26636d0cbbb77e3f658f4ce490177a0afbb2385f7cdf32d613e5eb4fbdd
                                                                • Instruction ID: a21b5855270da01502715cc397ebaf054fc58c300184c776db440c573b673d91
                                                                • Opcode Fuzzy Hash: 6201a26636d0cbbb77e3f658f4ce490177a0afbb2385f7cdf32d613e5eb4fbdd
                                                                • Instruction Fuzzy Hash: 32E06D32931208DFC700FF60DA9665EBBB6EFD8205F5040A8D40997358EA316E01EB91
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 004e156d1466bac2fdc7006af1cb705e2f8df82c7d0e1dd6cd66a18b23d98c74
                                                                • Instruction ID: b777478cc5f24fc1b8e883a2cd73aea3b936e075d5f7559a5966f7b34bedf036
                                                                • Opcode Fuzzy Hash: 004e156d1466bac2fdc7006af1cb705e2f8df82c7d0e1dd6cd66a18b23d98c74
                                                                • Instruction Fuzzy Hash: FDE0C236311111274604264B78C483BBFAFEBC96A1314403BF90DC3384CE715C1286E1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb50538a20d761b1bd0eb8853c7262ec8cc49f2e77f894ec518bebe0180ef7cc
                                                                • Instruction ID: 30830188eb4ba0405c03122c7d96ae955c371845cc83d3e29e624e55dd9c79b4
                                                                • Opcode Fuzzy Hash: bb50538a20d761b1bd0eb8853c7262ec8cc49f2e77f894ec518bebe0180ef7cc
                                                                • Instruction Fuzzy Hash: 03E01A75A041D09FC3899B7CE1A9AE93FF1EF4E25178504E6E44ACB322DA219D23CF51
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 567d301de30e3b8d4d63a654f917858e9cc33466a1910d9270fc81ca7aee995a
                                                                • Instruction ID: 57b2fdcae052896e8a7ee8c2e55aa4e6ce372fde4333f2c7a020c3a4f10870df
                                                                • Opcode Fuzzy Hash: 567d301de30e3b8d4d63a654f917858e9cc33466a1910d9270fc81ca7aee995a
                                                                • Instruction Fuzzy Hash: 51E0E532110108BFDF01CF84EC41DEA7BAAFB5C320F04841AFE0486220C672E862EB90
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4649851a4c836cfbeec0f1b7691c97b8ed5e06f3624a75fff8a4f404bff0861e
                                                                • Instruction ID: 11e71b19483e67cc971d6b13f158fc69a3c590578d85d8feb7816a9db2c47df5
                                                                • Opcode Fuzzy Hash: 4649851a4c836cfbeec0f1b7691c97b8ed5e06f3624a75fff8a4f404bff0861e
                                                                • Instruction Fuzzy Hash: 18E01231A212089FC700FF64D95556EB7B6EBC4304F5040ADD90997358EA715E01DB92
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9259f276637f4d2da5b65bb19f7450bdaf2bceb0257a868bad70807b718aeb43
                                                                • Instruction ID: 6ad0e8f928579f5aba7c748cd4eefd1597d9726e414b794cbe630c2304aaf679
                                                                • Opcode Fuzzy Hash: 9259f276637f4d2da5b65bb19f7450bdaf2bceb0257a868bad70807b718aeb43
                                                                • Instruction Fuzzy Hash: 7FD0123332011477DB056D9DE844EAB7B5EEBD8761F44806AF6068B384CE719C169BE1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 36b456ed130113ab9ed5c758e7a79e92ae058d84c4f4e4208c4502d6720d0a04
                                                                • Instruction ID: ac2a080c0b7bb1b74b625ddc468b329ae3438d852c4f4d33006a2b14508faf49
                                                                • Opcode Fuzzy Hash: 36b456ed130113ab9ed5c758e7a79e92ae058d84c4f4e4208c4502d6720d0a04
                                                                • Instruction Fuzzy Hash: D0E02B31B451D04FC7525B78D0544DC3FB2DF8632038400E5E086CB223DE554C03CB50
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 3b20efdfddafad473d0d14676dfc4b8667a5b9f98f769c590e1350cd9c40e680
                                                                • Instruction ID: 8af1bc98708d3db0683c4b718f6bca493d85166a17e36d764bc3275911c8105c
                                                                • Opcode Fuzzy Hash: 3b20efdfddafad473d0d14676dfc4b8667a5b9f98f769c590e1350cd9c40e680
                                                                • Instruction Fuzzy Hash: F1D02B32B44220CF82495A39840042A37E9AF8972031595F8E405CF360CE32CC4087D1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bf86e985ccd4532283e6b2076cfe9615bc83003c6898239c49268093274cef69
                                                                • Instruction ID: 4d00dd83000d72df4c62051f03df8744e46e40d286c769e9480202a271fe218d
                                                                • Opcode Fuzzy Hash: bf86e985ccd4532283e6b2076cfe9615bc83003c6898239c49268093274cef69
                                                                • Instruction Fuzzy Hash: 38E01A31A21208DFCB00FF64EA5695EBBBAEBC4205B5040A9D50997358EE312E00EB91
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5bd5e710004956d66dfe3e2215aab6d0f81319c1ea20041723a612196364da64
                                                                • Instruction ID: 0e78a27741c7657a89158647ee5ee4e5ddb29d7e211c5697c5f048b27a1ad32d
                                                                • Opcode Fuzzy Hash: 5bd5e710004956d66dfe3e2215aab6d0f81319c1ea20041723a612196364da64
                                                                • Instruction Fuzzy Hash: 1BE02636100119BF9F059E84DC41CEA7B6AEB99664B14805AFE1556221C673D932EB90
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 89673832edfff9f9bfe54c431dfd79f5486c9437fbd24a2311619e2551f18f99
                                                                • Instruction ID: 2c14e3ae64cb184cdc39c1b0f1a0f43a41f0013729e1aba34359663b054b16bb
                                                                • Opcode Fuzzy Hash: 89673832edfff9f9bfe54c431dfd79f5486c9437fbd24a2311619e2551f18f99
                                                                • Instruction Fuzzy Hash: 05D0C2B32182505BD241E908E884996A761EBD4320F08C82FE40083305CA62DC56C361
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d31bba036535300563a34da1a22f05515f5577d0394155e15fb232e84e47c7b8
                                                                • Instruction ID: ed6634e8a45aa5c09dc07bf5e0c684ace79826ccda49531e322569dcc36df736
                                                                • Opcode Fuzzy Hash: d31bba036535300563a34da1a22f05515f5577d0394155e15fb232e84e47c7b8
                                                                • Instruction Fuzzy Hash: AED012721181A01BD340D758CC91BA2BBE5AFDB615F18888EA490C7245C555E802C7A1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: bb6527ef7e0759b759fe0b3e2d45836faa1ed271fba9e6fde0de6708176979b9
                                                                • Instruction ID: 4dd825576a49a701a0ddd8a3e93bae26aa9340259e1309987e508b192b27e7f4
                                                                • Opcode Fuzzy Hash: bb6527ef7e0759b759fe0b3e2d45836faa1ed271fba9e6fde0de6708176979b9
                                                                • Instruction Fuzzy Hash: BBE0127181130CAFDB40EFE4E5C1B9B7BFAEF49300F90519AD504D7111E9319A015BC5
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256420504.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 76e7ac50f3e425859741c4dc5d5d7d446904bd10c5b35c5acca7a2c3440fc5f7
                                                                • Instruction ID: ce1cb9e0f19e7407cf42d9c5da392714d90cf53eabb12e15d7f00900531c975c
                                                                • Opcode Fuzzy Hash: 76e7ac50f3e425859741c4dc5d5d7d446904bd10c5b35c5acca7a2c3440fc5f7
                                                                • Instruction Fuzzy Hash: 02E0C2B35000446FDB00CE84DD40AA63B65DB95211B04C45AF85987241CA72CC22DF60
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 4723bef98eb472a49564406ff8c6489e54fd48426a2a0616d3bd91d1784b2722
                                                                • Instruction ID: fdc8b03fa4749fc77f48f35acf39367b18bcdfe941e34476a8ee177538514c4c
                                                                • Opcode Fuzzy Hash: 4723bef98eb472a49564406ff8c6489e54fd48426a2a0616d3bd91d1784b2722
                                                                • Instruction Fuzzy Hash: 25E017396401149FC348EBACF558A9A3BF9EB8C22178200A5E50ACB321CA60AC118F95
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6b417fbedd69518297140a2575ea98b1c55f991b39a2be2de5da4f6d0e513a59
                                                                • Instruction ID: c9edb5d2c5bb153419ce968623c0800119028a6f95f6905c688fdc4fe9539a3f
                                                                • Opcode Fuzzy Hash: 6b417fbedd69518297140a2575ea98b1c55f991b39a2be2de5da4f6d0e513a59
                                                                • Instruction Fuzzy Hash: C2E08C35D48291CBD3019FB9905835A3691BF49B20F9685BEC8499B246DB3888228E9B
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5ebdc773297253fd61bbd0d9c59fc7cfb27da579a74730f2c81e693dd11b5373
                                                                • Instruction ID: 19b0181b5a9e534244066d40b27ea6a151a7b52232525f768ecf9ce45c3ace53
                                                                • Opcode Fuzzy Hash: 5ebdc773297253fd61bbd0d9c59fc7cfb27da579a74730f2c81e693dd11b5373
                                                                • Instruction Fuzzy Hash: 5ED02E7790A248DFC702CFA08A1018A7FB68F4A210B4000EFD848EB221FE31DB088782
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f995fcfea616d215700479df6319ef4c781ef3e20f9af3652e1698832835a97
                                                                • Instruction ID: 0f069fc6f1d5ae03eec6f0aeeca4502df8d21bedeb6f71d4c96e7f4302ef7bcb
                                                                • Opcode Fuzzy Hash: 7f995fcfea616d215700479df6319ef4c781ef3e20f9af3652e1698832835a97
                                                                • Instruction Fuzzy Hash: 8ED017725142209FD744CA08CC82A96B3A9FF99304F19884AAC50A7304C6B1BC129AA1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8e07470999f7a11fdb990592e0a7f741b9780c98b06f18548634a49583df0865
                                                                • Instruction ID: 099fd02b5f4bb506c0b026dd9597e2cbe5a94b00700ec572c2f38a9434203161
                                                                • Opcode Fuzzy Hash: 8e07470999f7a11fdb990592e0a7f741b9780c98b06f18548634a49583df0865
                                                                • Instruction Fuzzy Hash: CEE012766181519FD706CB58E945E16BBE5DFD9700F04889EF4409B351D662DC02CBB2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256420504.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1fc158e1450c88d29e063d85d263e16064dccdf0d8ea8b8714b3c9e1d2220cb0
                                                                • Instruction ID: e11d4ce1e89fdbbaf2babf525b27bdcd91182c37417492870a9f324f121a654e
                                                                • Opcode Fuzzy Hash: 1fc158e1450c88d29e063d85d263e16064dccdf0d8ea8b8714b3c9e1d2220cb0
                                                                • Instruction Fuzzy Hash: FCE01276500004AFDB41CED4DD519667B21EB88351B0AC45BFD54972A1DA72DD22EB40
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1e8d0e92cc212f8614493f1a98d51ccfdf7d7fdff33b400c74fe24d9f34822e1
                                                                • Instruction ID: 035ff23e187856d321b93e707644857948a2cbe5c043c04fbde87a4760337fe8
                                                                • Opcode Fuzzy Hash: 1e8d0e92cc212f8614493f1a98d51ccfdf7d7fdff33b400c74fe24d9f34822e1
                                                                • Instruction Fuzzy Hash: FFD02EB6108000AFC300CE40ECA0E5BB7F6DBC8700F26881FB804A3340DA62DC02CB62
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a5d88944a1673462e7663b349725180e6bc998c5adb7a85b7365dd0702900402
                                                                • Instruction ID: 764a68d9881dee851df2ef7fb803eff2ed4cd170a3b5ad2ba861dbc5bbe4c620
                                                                • Opcode Fuzzy Hash: a5d88944a1673462e7663b349725180e6bc998c5adb7a85b7365dd0702900402
                                                                • Instruction Fuzzy Hash: 43E0C232909204DFCF02CFA09904889BFB0EF05202F0200F7D804C7560F9314A14D783
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256420504.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                                • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                                • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256420504.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a74995118321cbf27df7ba45ef6a8c30c01933b2996151411a1a1e4175e136f6
                                                                • Instruction ID: 54c09cf46cb72975f4ea5108164b527448a772d7c3ace219490901e74eeb2da6
                                                                • Opcode Fuzzy Hash: a74995118321cbf27df7ba45ef6a8c30c01933b2996151411a1a1e4175e136f6
                                                                • Instruction Fuzzy Hash: 7AD0A7B151C3505FD240DA14D810853B7A5EBD5300B06CC5FE440C3341E661DC07CBA1
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 48a5fd1e4217d29b54cbfc3fee64033358298d074385ecf5e3cf7108f888399d
                                                                • Instruction ID: 8e94994b2312fdd510b40cd113714f25696c539fdc11c5d78529ee8b343dac63
                                                                • Opcode Fuzzy Hash: 48a5fd1e4217d29b54cbfc3fee64033358298d074385ecf5e3cf7108f888399d
                                                                • Instruction Fuzzy Hash: A6C012373090018F5B05A504F0A45A97755FAC0666714009EF505C2644DB219C014750
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: ad5b358013c39a2d5cff3691b547bbbf0ac29b94ac63cd48f9bedcd9f2420770
                                                                • Instruction ID: a7246f35eae3818985329ef7586cc56a10024ebfb2e5243d95b42746615c0e4b
                                                                • Opcode Fuzzy Hash: ad5b358013c39a2d5cff3691b547bbbf0ac29b94ac63cd48f9bedcd9f2420770
                                                                • Instruction Fuzzy Hash: F0D0A77180110CAFC702EFA4D94156E7BF9DF8410079091EF9408E3214FD319E1057D2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 948c9d54ae258648f17988c328c38ba4d59716eb08cb4a8ed2ca66008be9a502
                                                                • Instruction ID: 700f1426f758841a9e8649523015b379015ba6905e929dd858e4327811e80237
                                                                • Opcode Fuzzy Hash: 948c9d54ae258648f17988c328c38ba4d59716eb08cb4a8ed2ca66008be9a502
                                                                • Instruction Fuzzy Hash: A6D0C9B194120CAFCB01EFA499115AEBBF9DF85200B9151EB9508E7214FD31AE105BD2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 45e74b3312f1721012f6b01cbd959d47cca0d0f81f1df6cd2b05d303d7122f27
                                                                • Instruction ID: 6b8d915c65a2be9eccd4093fbda880a45d1f6851d5a0589866c5ec0fa18e78a8
                                                                • Opcode Fuzzy Hash: 45e74b3312f1721012f6b01cbd959d47cca0d0f81f1df6cd2b05d303d7122f27
                                                                • Instruction Fuzzy Hash: B9D0C97291120CEF8B00DFA4E90559EFBF9EF45211B5041A6E909D3210FE319E14ABD2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7f5a9a78045e9c60526400285ed2a1a9c1e2200276aee3c55e3b4d63d94d3d9a
                                                                • Instruction ID: 0e20cc5929e5335bea628f3fd4e7d72baf23ed9118100b7b27516cf6539329f0
                                                                • Opcode Fuzzy Hash: 7f5a9a78045e9c60526400285ed2a1a9c1e2200276aee3c55e3b4d63d94d3d9a
                                                                • Instruction Fuzzy Hash: 4BD0C97191120CAFCB11DFA4990159EBBFADF85210B9041AA9909E7210FE31AA105BD2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 058c0642941b31a26eabc57805e15262e4b45f143d5dc4f05afa81d454495c99
                                                                • Instruction ID: d901e5561b7b65a45334823a6d530efbace2b174664d3a29c1690319b0cac57d
                                                                • Opcode Fuzzy Hash: 058c0642941b31a26eabc57805e15262e4b45f143d5dc4f05afa81d454495c99
                                                                • Instruction Fuzzy Hash: 01D0C97191120CAF8B00EFE4994169EBBFADF85200B9041AA9508E7210FD719A105BD2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d2810592b8e147b0ab7f89c22952067b6d004d74d250a86bfff3daf8c54cf5ce
                                                                • Instruction ID: c3f67320c51adbb4f0840b3b5f7fc57aae918fb435ba2e2cb776641c8ce0836b
                                                                • Opcode Fuzzy Hash: d2810592b8e147b0ab7f89c22952067b6d004d74d250a86bfff3daf8c54cf5ce
                                                                • Instruction Fuzzy Hash: 32D0C9B66082508BE644DA84E841A86B752BB94254F258C19E45193381CA62D81BCB60
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c236dcce06da09b16da9faad11d4c2dd6bfb7fd0c6fd2ed0a1e4a5b130cd61e1
                                                                • Instruction ID: 476a329d253bd1e0c7b5ef536b87a0824749b4d6adeb6f583992467a0953672a
                                                                • Opcode Fuzzy Hash: c236dcce06da09b16da9faad11d4c2dd6bfb7fd0c6fd2ed0a1e4a5b130cd61e1
                                                                • Instruction Fuzzy Hash: AAD05E351082818BD301CF78F554A1AFBA2EB95604F15889EE48057212C7328C17CB23
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 1536334406ff1dc596f6d3a5782871ffd470a42d56bf09256e1e78c3eb87a748
                                                                • Instruction ID: e093eac02c48a94ad7426b5a71cd12aec4c9ca58aec833757d7fdff6c30e3768
                                                                • Opcode Fuzzy Hash: 1536334406ff1dc596f6d3a5782871ffd470a42d56bf09256e1e78c3eb87a748
                                                                • Instruction Fuzzy Hash: 61D0C9352001009BD394CA18C996B52B7E1EF98304F14C469E889C7355EA31EC03CA41
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
                                                                • Instruction ID: 805465856a0e97f1801a7b9e58a9ccc16fe6aa036e262aa7ced1ad80dc8590cd
                                                                • Opcode Fuzzy Hash: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
                                                                • Instruction Fuzzy Hash: 59C012752142125BD254DA04C841D66B3A6FFC8314F14C86EE85083345CF76DC07C7A0
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 8d7c0a8d62f9efdebfdc5bf0ef43df5f5ca3062e9f926ef61c456533752d0343
                                                                • Instruction ID: b740e0fddb010fe065d20ed5dfd7f2dff3176edc5e44888fbc3df486aa3cf954
                                                                • Opcode Fuzzy Hash: 8d7c0a8d62f9efdebfdc5bf0ef43df5f5ca3062e9f926ef61c456533752d0343
                                                                • Instruction Fuzzy Hash: FAC012F256500017D340C670CE52682A781D751282B56D866C008C6296E521D803CB51
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 215f2df5c82428b84af6f8f083c2bf49798f8bc6c0201a80d803f3062dec8d29
                                                                • Instruction ID: 40142ee7c509349d5bd201cb7e3fdd446c97bb06e201f634e6f9fa520cace84c
                                                                • Opcode Fuzzy Hash: 215f2df5c82428b84af6f8f083c2bf49798f8bc6c0201a80d803f3062dec8d29
                                                                • Instruction Fuzzy Hash: BDC04C710C86D44FD74A17E564171D43FA49C5726031A14D6D9C947123A91D04579B51
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7eef998ec7db8fbc5a555d0e4635c0c0446d18d14346e76d0519e2b125ba8cd5
                                                                • Instruction ID: 7fe97dc30034f72732d82b0e8c313cc496bc43681c4178dd4dca8aa8aedf790b
                                                                • Opcode Fuzzy Hash: 7eef998ec7db8fbc5a555d0e4635c0c0446d18d14346e76d0519e2b125ba8cd5
                                                                • Instruction Fuzzy Hash: 1FD0A93810B2808FD302E7308C29A207FE08F8720230CC0EBC080AB123CA22CA03C765
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 52714933daaae277e53dba3b1afe33ee22c0d7d4ee27f2d47c9ed8284924e05a
                                                                • Instruction ID: d09ae0f4fd0f63864e4a978fbc548987f9cb70904c13dc74e09ddf1db204b8c5
                                                                • Opcode Fuzzy Hash: 52714933daaae277e53dba3b1afe33ee22c0d7d4ee27f2d47c9ed8284924e05a
                                                                • Instruction Fuzzy Hash: 3CD0CA782140009BD2C8DB28E889A13B7E5EB88304F14C828A80AC33A6DA32E803CA00
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 96674a8203f5d0dadd060537b2a7ad1259f225be978770267ef54471a74128f3
                                                                • Instruction ID: 1bc5d9dead856c5ecbb60ac763b514705a623db05af6a36ad3fc902e069d9811
                                                                • Opcode Fuzzy Hash: 96674a8203f5d0dadd060537b2a7ad1259f225be978770267ef54471a74128f3
                                                                • Instruction Fuzzy Hash: 15D0C97270A3C05FC309C765CC5A816BFA5AFD6624718C09FE598CB3A6EE319D06DB11
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                                                                • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                                • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: a86ad8872c6e24283aa0dfa52d954dd7d4bcd4e581717911ee5cfcc2cb3681e0
                                                                • Instruction ID: f78f12079ca89ced120c19138a78c46178c524f1191a7ff4b3e9d062f6fede79
                                                                • Opcode Fuzzy Hash: a86ad8872c6e24283aa0dfa52d954dd7d4bcd4e581717911ee5cfcc2cb3681e0
                                                                • Instruction Fuzzy Hash: 83D012BE1081405BC705C650C890A02B771DBA5345F1AC499B9088B3D2C673DD03DF40
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 277c0f0706bcc7f9e53876ef8924582fe41976a8269a4aaf13252ab2d89dcb02
                                                                • Instruction ID: f9c8edd5bf467571ec0ed994342f179e01da93f0277218e2d85ccfe4c274bac2
                                                                • Opcode Fuzzy Hash: 277c0f0706bcc7f9e53876ef8924582fe41976a8269a4aaf13252ab2d89dcb02
                                                                • Instruction Fuzzy Hash: EFC08CF26200004BE340C614CD42B42B3D1EB95286F15C834800CD72D6DE36DC078F8D
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 6c16139269c15cef907d1af141c795f4ebec904a169eb0a4770e37d54b3e9e96
                                                                • Instruction ID: 08779871dba7fccd0c26afe84f45436a28710b1789fbdd01a0f8b93d368d3c91
                                                                • Opcode Fuzzy Hash: 6c16139269c15cef907d1af141c795f4ebec904a169eb0a4770e37d54b3e9e96
                                                                • Instruction Fuzzy Hash: 45D012B57042445FC345C694CCD5A23B7A5DBD4355F14D46D6449C7399EA35DC02C700
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 36712210213959a7acac02f93e5fd766024d96648eb76a0e2090e188f143cc73
                                                                • Instruction ID: 123fedbf9e7435c99edd2a1dfc1a600c640ac4be5afa70264cfb338a4942bf32
                                                                • Opcode Fuzzy Hash: 36712210213959a7acac02f93e5fd766024d96648eb76a0e2090e188f143cc73
                                                                • Instruction Fuzzy Hash: 86D012B67041405BC304CA18CC96B15B7A1DFE9255F18C46D6849C7356EA31EC02C711
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 7670a42df0320efb770e19e0cd383d9bcd74494801d40ec7bbf85d356a6392bc
                                                                • Instruction ID: 9f4d0b10a7a4a6174c5b2981e7cffa058abc2d44a48ac24be47fa4cf33a33858
                                                                • Opcode Fuzzy Hash: 7670a42df0320efb770e19e0cd383d9bcd74494801d40ec7bbf85d356a6392bc
                                                                • Instruction Fuzzy Hash: 95D012762050804FD301DB7588197A47FA1DB55205F18C49BC498A7213DF319643D710
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256420504.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                                • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                                • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256420504.00000000053A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 9d0345fb8212506c60af304acafd50a262e22be5a19401b3807144f382894573
                                                                • Instruction ID: 1fc96308319b9f7434dee7cccffe902bc4d950673a472fbee3045855143ff002
                                                                • Opcode Fuzzy Hash: 9d0345fb8212506c60af304acafd50a262e22be5a19401b3807144f382894573
                                                                • Instruction Fuzzy Hash: 99C08CF2A210000BD300C260CD53642E381D7A1286F17C8AA8008C7292EA22D8038B00
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: c428676f04582f99d4275b41f844d72a364ffacd1b190d33872354cdf84a9c54
                                                                • Instruction ID: 6a1a3b2f5eb03e44a5f29bc61b074e66c99cb6f2181dd01eb19ff8f0fd324586
                                                                • Opcode Fuzzy Hash: c428676f04582f99d4275b41f844d72a364ffacd1b190d33872354cdf84a9c54
                                                                • Instruction Fuzzy Hash: 16C09BF36050005BC340C578CC9170167A1979D115F69D4D45415C7395DB3ADC07C641
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5c44dd23f95f488c47e326b7333ae793e99028a6cbb8b8c673290dc2747122e6
                                                                • Instruction ID: 6ba7605885de9a4d031ef5fa5c499fa08840360c929cd73cd8acecc0f5c23ff0
                                                                • Opcode Fuzzy Hash: 5c44dd23f95f488c47e326b7333ae793e99028a6cbb8b8c673290dc2747122e6
                                                                • Instruction Fuzzy Hash: E0C01230A61014AFCB086B90E850AAC7A33FB84300F00042AF80266298CA210C10AF01
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 5927504c2a1bd71278f3ef2ffa9947f06a45bfe6f9012bd67073dea5cce13104
                                                                • Instruction ID: 0a85a6ef8468b912b9d9e2433a9446a1a6e0721df719f84a5c2c1c80fdab19e2
                                                                • Opcode Fuzzy Hash: 5927504c2a1bd71278f3ef2ffa9947f06a45bfe6f9012bd67073dea5cce13104
                                                                • Instruction Fuzzy Hash: 20C01230E20108ABCF096BA0E8849ACBE73EF48210F60842AF906622A0CE325C50AF11
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: e1d803c45a9ad0bc38f03258088fc67705287df879c69dc214c7a651fcba0f61
                                                                • Instruction ID: bd03e56ed5f1b1be8f8a5ac2229a632abb3b89537a7273306c258e208cc0dc58
                                                                • Opcode Fuzzy Hash: e1d803c45a9ad0bc38f03258088fc67705287df879c69dc214c7a651fcba0f61
                                                                • Instruction Fuzzy Hash: ACB092331E462A4BE20A2244AC8B389BA1C8B00328F948025640CC7383CEACD40200C6
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1256541368.00000000053C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_53c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16c1a19aaf750842342de6cff71fd3b3f60bc855e641a95c0316a63f61317f02
                                                                • Instruction ID: b644f00dc3767e9f2012605de5a314795e816e761376149bfa25eb52d9849475
                                                                • Opcode Fuzzy Hash: 16c1a19aaf750842342de6cff71fd3b3f60bc855e641a95c0316a63f61317f02
                                                                • Instruction Fuzzy Hash: 6EB092F362100047E2408620CC82748E3A0DB96235F98C8AA98048A351EA33DB03C650
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: d2db50883070e523940abb9fc006d2764af48f97bb784adbe22746a937fae29d
                                                                • Instruction ID: 29cda0842cce6dcd8435ad7b1f93c92995b3bf529115e471c97b3028ff9f5c4e
                                                                • Opcode Fuzzy Hash: d2db50883070e523940abb9fc006d2764af48f97bb784adbe22746a937fae29d
                                                                • Instruction Fuzzy Hash: C3C09BF244D6404FD705DF70C9554447F71E95521530940DED054CB552DF19C906CB10
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                                • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                                • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                                                                • Instruction ID: e80b9cbb32ce7aa80f269217a2acaa4f8c5de131eb2df65f765f3a476441bad2
                                                                • Opcode Fuzzy Hash: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                                                                • Instruction Fuzzy Hash: 3DB002747054005B8748D65DD951515A7D29BC9215728C4AD641DC7355DE22DD039644
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 21f9a48e4cdb399f3f6cd1c6bf1b652b1cf7e6261a984e5ab43d15ea2be4fd21
                                                                • Instruction ID: 7c31c4dd020417aa57553f2c7c201a1bc455f2f27413c76d7368ba908e98b386
                                                                • Opcode Fuzzy Hash: 21f9a48e4cdb399f3f6cd1c6bf1b652b1cf7e6261a984e5ab43d15ea2be4fd21
                                                                • Instruction Fuzzy Hash: 1C90027148460C8B464427D67409555775CA5456157850551A50D42601AE55642045A5
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 66665593dc636464a98531fdd6ca993f9dc32dc7e12f4e822e5d759920a46983
                                                                • Instruction ID: e3a6a83fbb20b0e40f02b2b33b57417446f5cce719be9ec561e1b3f3f2d78a52
                                                                • Opcode Fuzzy Hash: 66665593dc636464a98531fdd6ca993f9dc32dc7e12f4e822e5d759920a46983
                                                                • Instruction Fuzzy Hash: 1B90223002030C8B00002380300E000FB0C88000083808000B00C002020EB0200000CA
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1255620211.00000000052A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052A0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_52a0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                Memory Dump Source
                                                                • Source File: 00000021.00000002.1242584886.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                                Joe Sandbox IDA Plugin
                                                                • Snapshot File: hcaresult_33_2_29c0000_BtowsPlayer.jbxd
                                                                Similarity
                                                                • API ID:
                                                                • String ID:
                                                                • API String ID:
                                                                • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40