Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Google_Chrome.exe

Overview

General Information

Sample name:Google_Chrome.exe
Analysis ID:1523595
MD5:b82c3d4143ea779b06ef4fbc965db624
SHA1:52172ad1a88ea85f679d8bf13f2567145a64f24b
SHA256:b87ef5f2289241d1f437924bee4cccfbb16554a6a71d23f6fd930ff5c7c30dd8
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Writes to foreign memory regions
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • Google_Chrome.exe (PID: 5812 cmdline: "C:\Users\user\Desktop\Google_Chrome.exe" MD5: B82C3D4143EA779B06EF4FBC965DB624)
    • BitLockerToGo.exe (PID: 3496 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["relaxatinownio.shop", "licenseodqwmqn.shop", "tryyudjasudqo.shop", "keennylrwmqlw.shop", "reggwardssdqw.shop", "tesecuuweqo.shop", "eemmbryequo.shop", "tendencctywop.shop"], "Build id": "05eF0T--Cpanel"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-01T20:15:26.995229+020020546531A Network Trojan was detected192.168.2.449736172.67.209.193443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-01T20:15:26.995229+020020498361A Network Trojan was detected192.168.2.449736172.67.209.193443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-01T20:15:24.300963+020020558791Domain Observed Used for C2 Detected192.168.2.4556051.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-01T20:15:24.232694+020020558811Domain Observed Used for C2 Detected192.168.2.4599261.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-01T20:15:24.245096+020020558831Domain Observed Used for C2 Detected192.168.2.4629081.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-01T20:15:24.284854+020020558851Domain Observed Used for C2 Detected192.168.2.4549071.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-01T20:15:24.270855+020020558871Domain Observed Used for C2 Detected192.168.2.4568881.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-01T20:15:24.220696+020020558911Domain Observed Used for C2 Detected192.168.2.4600101.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-01T20:15:24.258808+020020558931Domain Observed Used for C2 Detected192.168.2.4634061.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-01T20:15:24.313067+020020558951Domain Observed Used for C2 Detected192.168.2.4615541.1.1.153UDP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus detection for URL or domain
    Source: https://steamcommunity.com/profiles/76561199724331900URL Reputation: Label: malware
    Source: https://steamcommunity.com/profiles/76561199724331900/inventory/URL Reputation: Label: malware
    Found malware configuration
    Source: 0.2.Google_Chrome.exe.159a000.1.unpackMalware Configuration Extractor: LummaC {"C2 url": ["relaxatinownio.shop", "licenseodqwmqn.shop", "tryyudjasudqo.shop", "keennylrwmqlw.shop", "reggwardssdqw.shop", "tesecuuweqo.shop", "eemmbryequo.shop", "tendencctywop.shop"], "Build id": "05eF0T--Cpanel"}
    Multi AV Scanner detection for submitted file
    Source: Google_Chrome.exeReversingLabs: Detection: 70%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: Google_Chrome.exeJoe Sandbox ML: detected
    Sample uses string decryption to hide its real strings
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: tryyudjasudqo.shop
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: eemmbryequo.shop
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: reggwardssdqw.shop
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: relaxatinownio.shop
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: tesecuuweqo.shop
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: tendencctywop.shop
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: licenseodqwmqn.shop
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: keennylrwmqlw.shop
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: tendencctywop.shop
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
    Source: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpString decryptor: 05eF0T--Cpanel
    Source: Google_Chrome.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.209.193:443 -> 192.168.2.4:49736 version: TLS 1.2
    Source: Google_Chrome.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: Binary string: BitLockerToGo.pdb source: Google_Chrome.exe, 00000000.00000002.1935422366.0000000001560000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: BitLockerToGo.pdbGCTL source: Google_Chrome.exe, 00000000.00000002.1935422366.0000000001560000.00000004.00001000.00020000.00000000.sdmp
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [ebp-10h]1_2_02C702B8
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 68677325h1_2_02C702B8
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]1_2_02C6F9B1
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov edi, dword ptr [esi+0Ch]1_2_02C3F140
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esp]1_2_02C72EC0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [ecx], dx1_2_02C6FF03
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2EE0190Fh1_2_02C6FF03
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]1_2_02C70477
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp+48h]1_2_02C4AAC0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esp+14h]1_2_02C312F0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_02C54A4F
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx edx, word ptr [ecx]1_2_02C54A4F
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx esi, word ptr [edx]1_2_02C54A4F
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h1_2_02C52200
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], cx1_2_02C56230
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov dword ptr [esp], 00000000h1_2_02C493C0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esp]1_2_02C72380
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_02C58B4F
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_02C3EB20
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_02C3EB20
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp byte ptr [edi+01h], 00000000h1_2_02C530CB
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx ecx, word ptr [esi+eax]1_2_02C4B054
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx ecx, word ptr [esi+eax]1_2_02C4B054
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], cx1_2_02C4B054
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], cx1_2_02C4B054
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esp+14h]1_2_02C42001
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esp+48h]1_2_02C4A1C0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ecx, dword ptr [esp+64h]1_2_02C591C0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp word ptr [esi+ebp+02h], 0000h1_2_02C5998F
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov byte ptr [edx], bl1_2_02C3D140
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], cx1_2_02C53940
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then push eax1_2_02C686C0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp ebx1_2_02C3E6E5
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then jmp edx1_2_02C6C696
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h1_2_02C736A0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 0633C81Dh1_2_02C6D630
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]1_2_02C5AFD0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov edx, dword ptr [esp+10h]1_2_02C547E2
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov edx, dword ptr [esp+10h]1_2_02C547E2
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, ebp1_2_02C39F80
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, ebp1_2_02C39F80
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_02C587AA
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx ebx, byte ptr [edx]1_2_02C657B0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]1_2_02C35770
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]1_2_02C4FCFF
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov word ptr [eax], cx1_2_02C52480
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov byte ptr [ecx], al1_2_02C4CC90
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov edi, ecx1_2_02C4CC90
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [esp]1_2_02C6CC30
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]1_2_02C6AD90
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]1_2_02C70554
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov edx, dword ptr [ebp-10h]1_2_02C70554
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 625B6034h1_2_02C70554
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov ebx, dword ptr [ebp-10h]1_2_02C71D50
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]1_2_02C52D6A
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then mov edx, eax1_2_02C52D6A
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], CECD21FDh1_2_02C5CD06
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h1_2_02C5B510

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2055879 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eemmbryequo .shop) : 192.168.2.4:55605 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2055881 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (keennylrwmqlw .shop) : 192.168.2.4:59926 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2055887 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (relaxatinownio .shop) : 192.168.2.4:56888 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2055895 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tryyudjasudqo .shop) : 192.168.2.4:61554 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2055891 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tendencctywop .shop) : 192.168.2.4:60010 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2055885 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reggwardssdqw .shop) : 192.168.2.4:54907 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2055883 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licenseodqwmqn .shop) : 192.168.2.4:62908 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2055893 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tesecuuweqo .shop) : 192.168.2.4:63406 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49736 -> 172.67.209.193:443
    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49736 -> 172.67.209.193:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: relaxatinownio.shop
    Source: Malware configuration extractorURLs: licenseodqwmqn.shop
    Source: Malware configuration extractorURLs: tryyudjasudqo.shop
    Source: Malware configuration extractorURLs: keennylrwmqlw.shop
    Source: Malware configuration extractorURLs: reggwardssdqw.shop
    Source: Malware configuration extractorURLs: tesecuuweqo.shop
    Source: Malware configuration extractorURLs: eemmbryequo.shop
    Source: Malware configuration extractorURLs: tendencctywop.shop
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: om/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https equals www.youtube.com (Youtube)
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-sr equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: tendencctywop.shop
    Source: global trafficDNS traffic detected: DNS query: keennylrwmqlw.shop
    Source: global trafficDNS traffic detected: DNS query: licenseodqwmqn.shop
    Source: global trafficDNS traffic detected: DNS query: tesecuuweqo.shop
    Source: global trafficDNS traffic detected: DNS query: relaxatinownio.shop
    Source: global trafficDNS traffic detected: DNS query: reggwardssdqw.shop
    Source: global trafficDNS traffic detected: DNS query: eemmbryequo.shop
    Source: global trafficDNS traffic detected: DNS query: tryyudjasudqo.shop
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: global trafficDNS traffic detected: DNS query: gravvitywio.store
    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: gravvitywio.store
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: BitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: BitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: BitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a
    Source: BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampow
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/
    Source: BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=nSnUuYf7g6U1&a
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
    Source: BitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=PzKBszTg
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=0qXC
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=TlXuhKjTdHfu&l=e
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
    Source: BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gravvitywio.store/
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gravvitywio.store/V
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gravvitywio.store/api
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E81000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gravvitywio.store:443/api
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.st
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steamp
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized/
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E6D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: BitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E6D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: BitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptc
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49733 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.67.209.193:443 -> 192.168.2.4:49736 version: TLS 1.2
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C62D80 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,1_2_02C62D80
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C62D80 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,1_2_02C62D80
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C62EF0 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,1_2_02C62EF0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C3F1401_2_02C3F140
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C3F7C01_2_02C3F7C0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C392C51_2_02C392C5
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C312F01_2_02C312F0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C73AF01_2_02C73AF0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C3BA901_2_02C3BA90
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C54A4F1_2_02C54A4F
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C5BD101_2_02C5BD10
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C722621_2_02C72262
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C40A701_2_02C40A70
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C5E2231_2_02C5E223
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C42A2C1_2_02C42A2C
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C40BE01_2_02C40BE0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C723801_2_02C72380
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C3138D1_2_02C3138D
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C36BB01_2_02C36BB0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C423B01_2_02C423B0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C62B601_2_02C62B60
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C443741_2_02C44374
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C573701_2_02C57370
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C67B001_2_02C67B00
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C3EB201_2_02C3EB20
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C713301_2_02C71330
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C530CB1_2_02C530CB
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C718401_2_02C71840
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C4B0541_2_02C4B054
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C4E0701_2_02C4E070
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C310001_2_02C31000
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C400001_2_02C40000
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C420011_2_02C42001
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C4A1C01_2_02C4A1C0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C379801_2_02C37980
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C551981_2_02C55198
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C599B51_2_02C599B5
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C539401_2_02C53940
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C689651_2_02C68965
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C399091_2_02C39909
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C741101_2_02C74110
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C3913D1_2_02C3913D
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C34EC01_2_02C34EC0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C726B01_2_02C726B0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C536401_2_02C53640
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C576401_2_02C57640
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C58E631_2_02C58E63
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C536241_2_02C53624
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C6D6301_2_02C6D630
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C3D7D01_2_02C3D7D0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C3FFDE1_2_02C3FFDE
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C737E01_2_02C737E0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C70FE01_2_02C70FE0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C3AF801_2_02C3AF80
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C39F801_2_02C39F80
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C337901_2_02C33790
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C5C7521_2_02C5C752
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C707501_2_02C70750
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C36F701_2_02C36F70
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C56F101_2_02C56F10
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C524801_2_02C52480
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C4CC901_2_02C4CC90
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C3A4A01_2_02C3A4A0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C58C5E1_2_02C58C5E
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C42C3C1_2_02C42C3C
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C73DE01_2_02C73DE0
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C565A21_2_02C565A2
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C71D501_2_02C71D50
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C52D6A1_2_02C52D6A
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C5CD061_2_02C5CD06
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C5BD101_2_02C5BD10
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C49D221_2_02C49D22
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C43D231_2_02C43D23
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 02C3C590 appears 47 times
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: String function: 02C3DF50 appears 178 times
    Source: Google_Chrome.exe, 00000000.00000002.1934375018.0000000000D89000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameGoogle Chrome.exe DVarFileInfo$ vs Google_Chrome.exe
    Source: Google_Chrome.exe, 00000000.00000002.1935422366.0000000001560000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs Google_Chrome.exe
    Source: Google_Chrome.exeBinary or memory string: OriginalFilenameGoogle Chrome.exe DVarFileInfo$ vs Google_Chrome.exe
    Source: Google_Chrome.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: classification engineClassification label: mal100.troj.evad.winEXE@3/0@10/2
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C60AC0 CoCreateInstance,1_2_02C60AC0
    Source: Google_Chrome.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\Google_Chrome.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: Google_Chrome.exeReversingLabs: Detection: 70%
    Source: Google_Chrome.exeString found in binary or memory: net/addrselect.go
    Source: Google_Chrome.exeString found in binary or memory: github.com/saferwall/pe@v1.5.4/loadconfig.go
    Source: unknownProcess created: C:\Users\user\Desktop\Google_Chrome.exe "C:\Users\user\Desktop\Google_Chrome.exe"
    Source: C:\Users\user\Desktop\Google_Chrome.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
    Source: C:\Users\user\Desktop\Google_Chrome.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeSection loaded: powrprof.dllJump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeSection loaded: umpdc.dllJump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeSection loaded: pdh.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: webio.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dpapi.dllJump to behavior
    Source: Google_Chrome.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
    Source: Google_Chrome.exeStatic file information: File size 4921344 > 1048576
    Source: Google_Chrome.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x221c00
    Source: Google_Chrome.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x24ec00
    Source: Google_Chrome.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
    Source: Binary string: BitLockerToGo.pdb source: Google_Chrome.exe, 00000000.00000002.1935422366.0000000001560000.00000004.00001000.00020000.00000000.sdmp
    Source: Binary string: BitLockerToGo.pdbGCTL source: Google_Chrome.exe, 00000000.00000002.1935422366.0000000001560000.00000004.00001000.00020000.00000000.sdmp
    Source: Google_Chrome.exeStatic PE information: section name: .symtab
    Source: C:\Users\user\Desktop\Google_Chrome.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 6836Thread sleep time: -60000s >= -30000sJump to behavior
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpZ
    Source: Google_Chrome.exe, 00000000.00000002.1934429611.0000000000EDC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll"
    Source: BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW"
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 1_2_02C6F5F0 LdrInitializeThunk,1_2_02C6F5F0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Allocates memory in foreign processes
    Source: C:\Users\user\Desktop\Google_Chrome.exeMemory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2C30000 protect: page execute and read and writeJump to behavior
    Injects a PE file into a foreign processes
    Source: C:\Users\user\Desktop\Google_Chrome.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2C30000 value starts with: 4D5AJump to behavior
    LummaC encrypted strings found
    Source: Google_Chrome.exe, 00000000.00000002.1934798769.00000000014D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: tryyudjasudqo.shop
    Source: Google_Chrome.exe, 00000000.00000002.1934798769.00000000014D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: eemmbryequo.shop
    Source: Google_Chrome.exe, 00000000.00000002.1934798769.00000000014D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: reggwardssdqw.shop
    Source: Google_Chrome.exe, 00000000.00000002.1934798769.00000000014D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: relaxatinownio.shop
    Source: Google_Chrome.exe, 00000000.00000002.1934798769.00000000014D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: tesecuuweqo.shop
    Source: Google_Chrome.exe, 00000000.00000002.1934798769.00000000014D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: tendencctywop.shop
    Source: Google_Chrome.exe, 00000000.00000002.1934798769.00000000014D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: licenseodqwmqn.shop
    Source: Google_Chrome.exe, 00000000.00000002.1934798769.00000000014D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: keennylrwmqlw.shop
    Writes to foreign memory regions
    Source: C:\Users\user\Desktop\Google_Chrome.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2A5B008Jump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2C30000Jump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2C31000Jump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2C75000Jump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2C78000Jump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 2C88000Jump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeQueries volume information: C:\Windows VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeQueries volume information: C:\Windows\AppReadiness VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\Google_Chrome.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
    Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		311
    Process Injection    		1
    Virtualization/Sandbox Evasion    		OS Credential Dumping1
    Security Software Discovery    		Remote Services1
    Screen Capture    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell    		Boot or Logon Initialization Scripts1
    DLL Side-Loading    		311
    Process Injection    		LSASS Memory1
    Virtualization/Sandbox Evasion    		Remote Desktop Protocol1
    Archive Collected Data    		1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information    		Security Account Manager12
    System Information Discovery    		SMB/Windows Admin Shares2
    Clipboard Data    		3
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
    Obfuscated Files or Information    		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture14
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    DLL Side-Loading    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Google_Chrome.exe71%ReversingLabsWin32.Spyware.Lummastealer
    Google_Chrome.exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af60%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL0%URL Reputationsafe
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900100%URL Reputationmalware
    https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=english0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://steamcommunity.com/profiles/76561199724331900/inventory/100%URL Reputationmalware
    https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt00%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am0%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englis0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=en0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=10%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=e0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=engl0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=english0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=english0%URL Reputationsafe
    https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=engl0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		unknown
      gravvitywio.store
      		172.67.209.193
      		truetrue
        		unknown
        tryyudjasudqo.shop
        		unknown
        		unknowntrue
          		unknown
          keennylrwmqlw.shop
          		unknown
          		unknowntrue
            		unknown
            reggwardssdqw.shop
            		unknown
            		unknowntrue
              		unknown
              tesecuuweqo.shop
              		unknown
              		unknowntrue
                		unknown
                tendencctywop.shop
                		unknown
                		unknowntrue
                  		unknown
                  eemmbryequo.shop
                  		unknown
                  		unknowntrue
                    		unknown
                    licenseodqwmqn.shop
                    		unknown
                    		unknowntrue
                      		unknown
                      relaxatinownio.shop
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        relaxatinownio.shoptrue
                          		unknown
                          keennylrwmqlw.shoptrue
                            		unknown
                            tendencctywop.shoptrue
                              		unknown
                              tryyudjasudqo.shoptrue
                                		unknown
                                https://steamcommunity.com/profiles/76561199724331900true
                                • URL Reputation: malware
                                		unknown
                                tesecuuweqo.shoptrue
                                  		unknown
                                  eemmbryequo.shoptrue
                                    		unknown
                                    reggwardssdqw.shoptrue
                                      		unknown
                                      licenseodqwmqn.shoptrue
                                        		unknown
                                        https://gravvitywio.store/apitrue
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://player.vimeo.comBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://steamcommunity.com/?subsection=broadcastsBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://store.steampowered.com/subscriber_agreement/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.gstatic.cn/recaptcha/BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.google.com/recaptcBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://www.valvesoftware.com/legal.htmBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.youtube.comBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&ampBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://gravvitywio.store/BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://steambroadcast-test.akamaized/BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.google.comBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&amp;BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tLBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2aBitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://s.ytimg.com;BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://steam.tv/BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&amp;l=englishBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://store.steampowered.com/privacy_agreement/BitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://store.steampowered.com/points/shop/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://sketchfab.comBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://lv.queniujq.cnBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://steamcommunity.com/profiles/76561199724331900/inventory/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmptrue
                                                          • URL Reputation: malware
                                                          		unknown
                                                          https://www.youtube.com/BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpgBitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://store.steampowered.com/privacy_agreement/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&amp;l=enBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&amBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.google.com/recaptcha/BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://checkout.steampowered.com/BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&amp;l=englishBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=englishBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://cdn.akamai.BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.pngBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://help.stBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&amp;l=englisBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhCBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://store.steampowered.com/;BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://store.steampowered.com/about/BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://steamcommunity.com/my/wishlist/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&amp;l=englishBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://checkout.steampowBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://help.steampowered.com/en/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://steamcommunity.com/market/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://store.steampowered.com/news/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://community.akamai.steamstatic.com/BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://store.steampowered.com/subscriber_agreement/BitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgBitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://recaptcha.net/recaptcha/;BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&amp;l=enBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://login.steampBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://steamcommunity.com/discussions/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=nSnUuYf7g6U1&aBitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://gravvitywio.store:443/apiBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E81000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://store.steampowered.com/stats/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://medal.tvBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://broadcast.st.dl.eccdnx.comBitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1BitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://store.steampowered.com/steam_refunds/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=0qXCBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://steamcommunity.com/workshop/BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://gravvitywio.store/VBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://login.steampowered.com/BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=TlXuhKjTdHfu&amp;l=eBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/legal/BitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp;l=eBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&amp;l=englBitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://recaptcha.netBitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://store.steampowered.com/BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvwBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gifBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  http://127.0.0.1:27060BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E9A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=PzKBszTgBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&amp;l=englishBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://help.steampowered.com/BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://api.steampowered.com/BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://store.steampowered.com/account/cookiepreferences/BitLockerToGo.exe, 00000001.00000002.1962738078.0000000002EFA000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E5B000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://store.steampowered.com/mobileBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://steamcommunity.com/BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000002.1962601858.0000000002E6D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949590183.0000000002EAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&amp;l=englishBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&amp;l=englBitLockerToGo.exe, 00000001.00000003.1962305445.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000001.00000003.1949536021.0000000002EE1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown

                                                                                                        World Map of Contacted IPs

                                                                                                        • No. of IPs < 25%
                                                                                                        • 25% < No. of IPs < 50%
                                                                                                        • 50% < No. of IPs < 75%
                                                                                                        • 75% < No. of IPs

                                                                                                        Public IPs

                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                        104.102.49.254
                                                                                                        		steamcommunity.comUnited States
                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                        172.67.209.193
                                                                                                        		gravvitywio.storeUnited States
                                                                                                        		13335CLOUDFLARENETUStrue

                                                                                                        General Information

                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                        Analysis ID:1523595
                                                                                                        Start date and time:2024-10-01 20:14:06 +02:00
                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                        Overall analysis duration:0h 3m 29s
                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                        Report type:full
                                                                                                        Cookbook file name:default.jbs
                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                        Number of analysed new started processes analysed:5
                                                                                                        Number of new started drivers analysed:0
                                                                                                        Number of existing processes analysed:0
                                                                                                        Number of existing drivers analysed:0
                                                                                                        Number of injected processes analysed:0
                                                                                                        Technologies:
                                                                                                        • HCA enabled
                                                                                                        • EGA enabled
                                                                                                        • AMSI enabled
                                                                                                        Analysis Mode:default
                                                                                                        Analysis stop reason:Timeout
                                                                                                        Sample name:Google_Chrome.exe
                                                                                                        Detection:MAL
                                                                                                        Classification:mal100.troj.evad.winEXE@3/0@10/2
                                                                                                        EGA Information:
                                                                                                        • Successful, ratio: 50%
                                                                                                        HCA Information:
                                                                                                        • Successful, ratio: 85%
                                                                                                        • Number of executed functions: 12
                                                                                                        • Number of non-executed functions: 104
                                                                                                        Cookbook Comments:
                                                                                                        • Found application associated with file extension: .exe
                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                        Warnings

                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                        • Execution Graph export aborted for target Google_Chrome.exe, PID 5812 because there are no executed function
                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                        • VT rate limit hit for: Google_Chrome.exe

                                                                                                        Simulations

                                                                                                        Behavior and APIs

                                                                                                        TimeTypeDescription
                                                                                                        14:15:23API Interceptor2x Sleep call for process: BitLockerToGo.exe modified

                                                                                                        Joe Sandbox View / Context

                                                                                                        IPs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                        • www.valvesoftware.com/legal.htm
                                                                                                        172.67.209.193https://finalstepgetshere.com/uploads/beta111.zipGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                                                          file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            gravvitywio.storehttps://finalstepgetshere.com/uploads/beta111.zipGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                                                            • 172.67.209.193
                                                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                            • 172.67.209.193
                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.21.16.12
                                                                                                            steamcommunity.comhttps://finalstepgetshere.com/uploads/beta111.zipGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                                                            • 104.102.49.254
                                                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                            • 104.102.49.254
                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            ZJh3V10O2e.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            ZJh3V10O2e.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            tomarket_app.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            tomarket_app.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            6JA2YPtbeB.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                            • 23.192.247.89
                                                                                                            hTR7xY0d0V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                            • 104.102.49.254
                                                                                                            N83LFtMTUS.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                            • 104.102.49.254

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            AKAMAI-ASUShttps://finalstepgetshere.com/uploads/beta111.zipGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                                                            • 104.102.49.254
                                                                                                            vFjfAgq5PM.msiGet hashmaliciousAmadeyBrowse
                                                                                                            • 2.19.126.136
                                                                                                            moba-24.2-installer_M64ZB-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                            • 88.221.169.152
                                                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                            • 104.102.49.254
                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            moba-24.2-installer_M64ZB-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                            • 184.28.90.27
                                                                                                            Sales_Contract_Main_417053608_09.2024.pdfGet hashmaliciousUnknownBrowse
                                                                                                            • 184.28.88.176
                                                                                                            ZJh3V10O2e.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            ZJh3V10O2e.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            Message_2477367.emlGet hashmaliciousUnknownBrowse
                                                                                                            • 184.28.90.27
                                                                                                            CLOUDFLARENETUShttps://finalstepgetshere.com/uploads/beta111.zipGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                                                            • 172.67.209.193
                                                                                                            Translink_rishi.vasandani_Advice81108.pdfGet hashmaliciousUnknownBrowse
                                                                                                            • 104.18.42.178
                                                                                                            https://hwvtu.us17.list-manage.com/track/click?u=b34582412f60404066a5f49b0&id=a034dac789&e=6353042e9aGet hashmaliciousUnknownBrowse
                                                                                                            • 104.18.69.40
                                                                                                            upd_9686786.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.178.253
                                                                                                            Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                                                            • 172.67.74.152
                                                                                                            Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                                                            • 104.26.12.205
                                                                                                            moba-24.2-installer_M64ZB-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                            • 104.22.74.216
                                                                                                            Audio_Msg..00299229202324Transcript.htmlGet hashmaliciousUnknownBrowse
                                                                                                            • 104.17.25.14
                                                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                            • 172.67.183.74
                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.21.77.132

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            a0e9f5d64349fb13191bc781f81f42e1https://finalstepgetshere.com/uploads/beta111.zipGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                                                                                                            • 104.102.49.254
                                                                                                            • 172.67.209.193
                                                                                                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                                                                                                            • 104.102.49.254
                                                                                                            • 172.67.209.193
                                                                                                            file.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            • 172.67.209.193
                                                                                                            test.xlsmGet hashmaliciousUnknownBrowse
                                                                                                            • 104.102.49.254
                                                                                                            • 172.67.209.193
                                                                                                            ZJh3V10O2e.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            • 172.67.209.193
                                                                                                            ZJh3V10O2e.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            • 172.67.209.193
                                                                                                            tomarket_app.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            • 172.67.209.193
                                                                                                            tomarket_app.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.102.49.254
                                                                                                            • 172.67.209.193
                                                                                                            Deolane-Video-PDF.vbsGet hashmaliciousUnknownBrowse
                                                                                                            • 104.102.49.254
                                                                                                            • 172.67.209.193
                                                                                                            SecuriteInfo.com.PUA.Win32.Lutimani.SMA.20966.14164.dllGet hashmaliciousUnknownBrowse
                                                                                                            • 104.102.49.254
                                                                                                            • 172.67.209.193

                                                                                                            Dropped Files

                                                                                                            No context

                                                                                                            Created / dropped Files

                                                                                                            No created / dropped files found

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                            Entropy (8bit):6.47735772157448
                                                                                                            TrID:
                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.53%
                                                                                                            • InstallShield setup (43055/19) 0.43%
                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                            File name:Google_Chrome.exe
                                                                                                            File size:4'921'344 bytes
                                                                                                            MD5:b82c3d4143ea779b06ef4fbc965db624
                                                                                                            SHA1:52172ad1a88ea85f679d8bf13f2567145a64f24b
                                                                                                            SHA256:b87ef5f2289241d1f437924bee4cccfbb16554a6a71d23f6fd930ff5c7c30dd8
                                                                                                            SHA512:561dc26a6ea6fb0694af632fe4ba8aef927d8e1c0159ea5d8d72c45cf50cf522d3296c7382eda1891746202feacac6ae5e17cbd8502dc1b09926f0a7023593fa
                                                                                                            SSDEEP:49152:MRTNHl10MKCLvJpx2CmAtIh5aGBLWAHrLPjQd4R+j0kYHuE36+OhS0gxf30F5cEC:oTNHl7d2Hd5lXHpKvhgZkF5
                                                                                                            TLSH:F7363811FAC785F5E9031934506BA27F5730AE098B34DB9BEB507B6AF9376920C36309
                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.........J..............."..\......`........ G...@...........................M.......L...@................................

                                                                                                            File Icon

                                                                                                            Icon Hash:28236ae4b692c637

                                                                                                            Static PE Info

                                                                                                            General

                                                                                                            Entrypoint:0x471760
                                                                                                            Entrypoint Section:.text
                                                                                                            Digitally signed:false
                                                                                                            Imagebase:0x400000
                                                                                                            Subsystem:windows gui
                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                            Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                            TLS Callbacks:
                                                                                                            CLR (.Net) Version:
                                                                                                            OS Version Major:6
                                                                                                            OS Version Minor:1
                                                                                                            File Version Major:6
                                                                                                            File Version Minor:1
                                                                                                            Subsystem Version Major:6
                                                                                                            Subsystem Version Minor:1
                                                                                                            Import Hash:1aae8bf580c846f39c71c05898e57e88

                                                                                                            Entrypoint Preview

                                                                                                            Instruction
                                                                                                            jmp 00007F64A51127A0h
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            sub esp, 28h
                                                                                                            mov dword ptr [esp+1Ch], ebx
                                                                                                            mov dword ptr [esp+10h], ebp
                                                                                                            mov dword ptr [esp+14h], esi
                                                                                                            mov dword ptr [esp+18h], edi
                                                                                                            mov dword ptr [esp], eax
                                                                                                            mov dword ptr [esp+04h], ecx
                                                                                                            call 00007F64A50EF176h
                                                                                                            mov eax, dword ptr [esp+08h]
                                                                                                            mov edi, dword ptr [esp+18h]
                                                                                                            mov esi, dword ptr [esp+14h]
                                                                                                            mov ebp, dword ptr [esp+10h]
                                                                                                            mov ebx, dword ptr [esp+1Ch]
                                                                                                            add esp, 28h
                                                                                                            retn 0004h
                                                                                                            ret
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            sub esp, 08h
                                                                                                            mov ecx, dword ptr [esp+0Ch]
                                                                                                            mov edx, dword ptr [ecx]
                                                                                                            mov eax, esp
                                                                                                            mov dword ptr [edx+04h], eax
                                                                                                            sub eax, 00010000h
                                                                                                            mov dword ptr [edx], eax
                                                                                                            add eax, 00000BA0h
                                                                                                            mov dword ptr [edx+08h], eax
                                                                                                            mov dword ptr [edx+0Ch], eax
                                                                                                            lea edi, dword ptr [ecx+34h]
                                                                                                            mov dword ptr [edx+18h], ecx
                                                                                                            mov dword ptr [edi], edx
                                                                                                            mov dword ptr [esp+04h], edi
                                                                                                            call 00007F64A5114C04h
                                                                                                            cld
                                                                                                            call 00007F64A5113C8Eh
                                                                                                            call 00007F64A51128C9h
                                                                                                            add esp, 08h
                                                                                                            ret
                                                                                                            jmp 00007F64A5114AB0h
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            int3
                                                                                                            mov ebx, dword ptr [esp+04h]
                                                                                                            mov ebp, esp
                                                                                                            mov dword ptr fs:[00000034h], 00000000h
                                                                                                            mov ecx, dword ptr [ebx+04h]
                                                                                                            cmp ecx, 00000000h
                                                                                                            je 00007F64A5114AB1h
                                                                                                            mov eax, ecx
                                                                                                            shl eax, 02h
                                                                                                            sub esp, eax
                                                                                                            mov edi, esp
                                                                                                            mov esi, dword ptr [ebx+08h]
                                                                                                            cld
                                                                                                            rep movsd

                                                                                                            Data Directories

                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x4bc0000x44c.idata
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x4d90000x327c.rsrc
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x4bd0000x1a60c.reloc
                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x4729c00xb4.data
                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                            Sections

                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                            .text0x10000x221b880x221c00ab70e55ad895869c15c459092f901fbaunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                            .rdata0x2230000x24eba00x24ec00320724d65cb04e12967b059377161ef8unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .data0x4720000x49f800x228002d19425a43797935d35317b95e88c77bFalse0.4301474750905797data4.932928119055307IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                            .idata0x4bc0000x44c0x6004fb56c95a5562a4bcc77f4014f9e37faFalse0.357421875OpenPGP Public Key3.8675703135794492IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                            .reloc0x4bd0000x1a60c0x1a8002e099bd6a246db4f5870c69597814f10False0.6015625data6.649813179570731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                            .symtab0x4d80000x40x20007b5472d347d42780469fb2654b7fc54False0.02734375data0.020393135236084953IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                            .rsrc0x4d90000x327c0x34007c58c13455990538d196e65154328078False0.3993389423076923data5.294660262195849IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                            Resources

                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                            RT_ICON0x4d91300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.41504149377593363
                                                                                                            RT_GROUP_ICON0x4db6d80x14data1.1
                                                                                                            RT_VERSION0x4db6ec0x564data0.3072463768115942
                                                                                                            RT_MANIFEST0x4dbc500x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924

                                                                                                            Imports

                                                                                                            DLLImport
                                                                                                            kernel32.dllWriteFile, WriteConsoleW, WerSetFlags, WerGetFlags, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, RaiseFailFastException, PostQueuedCompletionStatus, LoadLibraryW, LoadLibraryExW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetErrorMode, GetEnvironmentStringsW, GetCurrentThreadId, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateEventA, CloseHandle, AddVectoredExceptionHandler

                                                                                                            Possible Origin

                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                            EnglishUnited States

                                                                                                            Network Behavior

                                                                                                            Suricata IDS Alerts

                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                            2024-10-01T20:15:24.220696+02002055891ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tendencctywop .shop)1192.168.2.4600101.1.1.153UDP
                                                                                                            2024-10-01T20:15:24.232694+02002055881ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (keennylrwmqlw .shop)1192.168.2.4599261.1.1.153UDP
                                                                                                            2024-10-01T20:15:24.245096+02002055883ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licenseodqwmqn .shop)1192.168.2.4629081.1.1.153UDP
                                                                                                            2024-10-01T20:15:24.258808+02002055893ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tesecuuweqo .shop)1192.168.2.4634061.1.1.153UDP
                                                                                                            2024-10-01T20:15:24.270855+02002055887ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (relaxatinownio .shop)1192.168.2.4568881.1.1.153UDP
                                                                                                            2024-10-01T20:15:24.284854+02002055885ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reggwardssdqw .shop)1192.168.2.4549071.1.1.153UDP
                                                                                                            2024-10-01T20:15:24.300963+02002055879ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eemmbryequo .shop)1192.168.2.4556051.1.1.153UDP
                                                                                                            2024-10-01T20:15:24.313067+02002055895ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (tryyudjasudqo .shop)1192.168.2.4615541.1.1.153UDP
                                                                                                            2024-10-01T20:15:26.995229+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449736172.67.209.193443TCP
                                                                                                            2024-10-01T20:15:26.995229+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449736172.67.209.193443TCP

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Oct 1, 2024 20:15:24.340842962 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:24.340872049 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:24.340945005 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:24.369396925 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:24.369422913 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.051172018 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.051245928 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.054790020 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.054804087 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.055058002 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.098830938 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.171237946 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.215394974 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.588512897 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.588572025 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.588592052 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.588617086 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.588643074 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.588660002 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.588666916 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.588670969 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.588697910 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.588722944 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.588737965 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.588756084 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.630098104 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.687107086 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.687130928 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.687174082 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.687189102 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.687208891 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.687220097 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.687251091 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.687274933 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.692344904 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.692400932 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.692435026 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.692481995 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.692492008 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.692583084 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.692631006 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.712966919 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.712986946 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.712999105 CEST49733443192.168.2.4104.102.49.254
                                                                                                            Oct 1, 2024 20:15:25.713004112 CEST44349733104.102.49.254192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.744131088 CEST49736443192.168.2.4172.67.209.193
                                                                                                            Oct 1, 2024 20:15:25.744189024 CEST44349736172.67.209.193192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.744262934 CEST49736443192.168.2.4172.67.209.193
                                                                                                            Oct 1, 2024 20:15:25.744609118 CEST49736443192.168.2.4172.67.209.193
                                                                                                            Oct 1, 2024 20:15:25.744640112 CEST44349736172.67.209.193192.168.2.4
                                                                                                            Oct 1, 2024 20:15:26.249895096 CEST44349736172.67.209.193192.168.2.4
                                                                                                            Oct 1, 2024 20:15:26.250005007 CEST49736443192.168.2.4172.67.209.193
                                                                                                            Oct 1, 2024 20:15:26.253806114 CEST49736443192.168.2.4172.67.209.193
                                                                                                            Oct 1, 2024 20:15:26.253832102 CEST44349736172.67.209.193192.168.2.4
                                                                                                            Oct 1, 2024 20:15:26.254062891 CEST44349736172.67.209.193192.168.2.4
                                                                                                            Oct 1, 2024 20:15:26.261658907 CEST49736443192.168.2.4172.67.209.193
                                                                                                            Oct 1, 2024 20:15:26.261698008 CEST49736443192.168.2.4172.67.209.193
                                                                                                            Oct 1, 2024 20:15:26.261771917 CEST44349736172.67.209.193192.168.2.4
                                                                                                            Oct 1, 2024 20:15:26.995255947 CEST44349736172.67.209.193192.168.2.4
                                                                                                            Oct 1, 2024 20:15:26.995345116 CEST44349736172.67.209.193192.168.2.4
                                                                                                            Oct 1, 2024 20:15:26.995410919 CEST49736443192.168.2.4172.67.209.193
                                                                                                            Oct 1, 2024 20:15:26.995596886 CEST49736443192.168.2.4172.67.209.193
                                                                                                            Oct 1, 2024 20:15:26.995625973 CEST44349736172.67.209.193192.168.2.4
                                                                                                            Oct 1, 2024 20:15:26.995644093 CEST49736443192.168.2.4172.67.209.193
                                                                                                            Oct 1, 2024 20:15:26.995651007 CEST44349736172.67.209.193192.168.2.4

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Oct 1, 2024 20:15:24.220695972 CEST6001053192.168.2.41.1.1.1
                                                                                                            Oct 1, 2024 20:15:24.230619907 CEST53600101.1.1.1192.168.2.4
                                                                                                            Oct 1, 2024 20:15:24.232693911 CEST5992653192.168.2.41.1.1.1
                                                                                                            Oct 1, 2024 20:15:24.242696047 CEST53599261.1.1.1192.168.2.4
                                                                                                            Oct 1, 2024 20:15:24.245095968 CEST6290853192.168.2.41.1.1.1
                                                                                                            Oct 1, 2024 20:15:24.254477024 CEST53629081.1.1.1192.168.2.4
                                                                                                            Oct 1, 2024 20:15:24.258807898 CEST6340653192.168.2.41.1.1.1
                                                                                                            Oct 1, 2024 20:15:24.269575119 CEST53634061.1.1.1192.168.2.4
                                                                                                            Oct 1, 2024 20:15:24.270854950 CEST5688853192.168.2.41.1.1.1
                                                                                                            Oct 1, 2024 20:15:24.281819105 CEST53568881.1.1.1192.168.2.4
                                                                                                            Oct 1, 2024 20:15:24.284853935 CEST5490753192.168.2.41.1.1.1
                                                                                                            Oct 1, 2024 20:15:24.294207096 CEST53549071.1.1.1192.168.2.4
                                                                                                            Oct 1, 2024 20:15:24.300962925 CEST5560553192.168.2.41.1.1.1
                                                                                                            Oct 1, 2024 20:15:24.310463905 CEST53556051.1.1.1192.168.2.4
                                                                                                            Oct 1, 2024 20:15:24.313066959 CEST6155453192.168.2.41.1.1.1
                                                                                                            Oct 1, 2024 20:15:24.322681904 CEST53615541.1.1.1192.168.2.4
                                                                                                            Oct 1, 2024 20:15:24.325129986 CEST6179253192.168.2.41.1.1.1
                                                                                                            Oct 1, 2024 20:15:24.335666895 CEST53617921.1.1.1192.168.2.4
                                                                                                            Oct 1, 2024 20:15:25.728353977 CEST6052953192.168.2.41.1.1.1
                                                                                                            Oct 1, 2024 20:15:25.740187883 CEST53605291.1.1.1192.168.2.4

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Oct 1, 2024 20:15:24.220695972 CEST192.168.2.41.1.1.10xde04Standard query (0)tendencctywop.shopA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.232693911 CEST192.168.2.41.1.1.10x42a5Standard query (0)keennylrwmqlw.shopA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.245095968 CEST192.168.2.41.1.1.10x5792Standard query (0)licenseodqwmqn.shopA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.258807898 CEST192.168.2.41.1.1.10x939fStandard query (0)tesecuuweqo.shopA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.270854950 CEST192.168.2.41.1.1.10x2996Standard query (0)relaxatinownio.shopA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.284853935 CEST192.168.2.41.1.1.10xbb17Standard query (0)reggwardssdqw.shopA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.300962925 CEST192.168.2.41.1.1.10xc028Standard query (0)eemmbryequo.shopA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.313066959 CEST192.168.2.41.1.1.10x42c1Standard query (0)tryyudjasudqo.shopA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.325129986 CEST192.168.2.41.1.1.10x3696Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:25.728353977 CEST192.168.2.41.1.1.10x96b9Standard query (0)gravvitywio.storeA (IP address)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Oct 1, 2024 20:15:24.230619907 CEST1.1.1.1192.168.2.40xde04Name error (3)tendencctywop.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.242696047 CEST1.1.1.1192.168.2.40x42a5Name error (3)keennylrwmqlw.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.254477024 CEST1.1.1.1192.168.2.40x5792Name error (3)licenseodqwmqn.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.269575119 CEST1.1.1.1192.168.2.40x939fName error (3)tesecuuweqo.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.281819105 CEST1.1.1.1192.168.2.40x2996Name error (3)relaxatinownio.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.294207096 CEST1.1.1.1192.168.2.40xbb17Name error (3)reggwardssdqw.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.310463905 CEST1.1.1.1192.168.2.40xc028Name error (3)eemmbryequo.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.322681904 CEST1.1.1.1192.168.2.40x42c1Name error (3)tryyudjasudqo.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:24.335666895 CEST1.1.1.1192.168.2.40x3696No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:25.740187883 CEST1.1.1.1192.168.2.40x96b9No error (0)gravvitywio.store172.67.209.193A (IP address)IN (0x0001)false
                                                                                                            Oct 1, 2024 20:15:25.740187883 CEST1.1.1.1192.168.2.40x96b9No error (0)gravvitywio.store104.21.16.12A (IP address)IN (0x0001)false

                                                                                                            HTTP Request Dependency Graph

                                                                                                            • steamcommunity.com
                                                                                                            • gravvitywio.store

                                                                                                            HTTPS Proxied Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.449733104.102.49.2544433496C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-10-01 18:15:25 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                            Connection: Keep-Alive
                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                            Host: steamcommunity.com
                                                                                                            2024-10-01 18:15:25 UTC1870INHTTP/1.1 200 OK
                                                                                                            Server: nginx
                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                            Cache-Control: no-cache
                                                                                                            Date: Tue, 01 Oct 2024 18:15:25 GMT
                                                                                                            Content-Length: 34678
                                                                                                            Connection: close
                                                                                                            Set-Cookie: sessionid=81281b1add1d89c1e58099e6; Path=/; Secure; SameSite=None
                                                                                                            Set-Cookie: steamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                            2024-10-01 18:15:25 UTC14514INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                            2024-10-01 18:15:25 UTC16384INData Raw: 73 73 27 3a 20 27 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 65 6e 74 27 2c 20 27 6f 66 66 73 65 74 59 27 3a 2d 36 2c 20 27 6f 66 66 73 65 74 58 27 3a 20 31 2c 20 27 68 6f 72 69 7a 6f 6e 74 61 6c 53 6e 61 70 27 3a 20 34 2c 20 27 74 6f 6f 6c 74 69 70 50 61 72 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f
                                                                                                            Data Ascii: ss': 'supernav_content', 'offsetY':-6, 'offsetX': 1, 'horizontalSnap': 4, 'tooltipParent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_actio
                                                                                                            2024-10-01 18:15:25 UTC3768INData Raw: 65 4c 69 6e 6b 22 3e 56 69 65 77 20 6d 6f 72 65 20 69 6e 66 6f 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 09 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 20 24 4a 28 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 20 49 6e 69 74 50 72 6f 66 69 6c 65 53 75 6d 6d 61 72 79 28 20 67 5f 72 67 50 72 6f 66 69 6c 65 44 61 74 61 5b 27 73 75 6d 6d 61 72 79 27 5d 20 29 3b 20 7d 20 29 3b 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 63 6f 6e 74 65 6e 74 20 22 3e 0d 0a
                                                                                                            Data Ascii: eLink">View more info</span></div><script type="text/javascript"> $J( function() { InitProfileSummary( g_rgProfileData['summary'] ); } ); </script></div></div></div></div></div><div class="profile_content ">
                                                                                                            2024-10-01 18:15:25 UTC12INData Raw: 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e
                                                                                                            Data Ascii: dy></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.449736172.67.209.1934433496C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            2024-10-01 18:15:26 UTC264OUTPOST /api HTTP/1.1
                                                                                                            Connection: Keep-Alive
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                            Content-Length: 8
                                                                                                            Host: gravvitywio.store
                                                                                                            2024-10-01 18:15:26 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                            Data Ascii: act=life
                                                                                                            2024-10-01 18:15:26 UTC772INHTTP/1.1 200 OK
                                                                                                            Date: Tue, 01 Oct 2024 18:15:26 GMT
                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Set-Cookie: PHPSESSID=duqkq6imfo80k6b2c0up593d9a; expires=Sat, 25 Jan 2025 12:02:05 GMT; Max-Age=9999999; path=/
                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                            Pragma: no-cache
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cB2vQfCm67EmmdO4bUFGgAsbeUMnKI%2Fb7lG43X3ws2ymuML9XsUsXOl9rDkSc%2BY2UEJRnCuVca9TUtLrAmsX2nE2OnjZsQdNegeyoA7MEHnzNSX0MMSNCFVIlKAQwKW4o8X7aw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8cbe70275c218c1d-EWR
                                                                                                            2024-10-01 18:15:26 UTC15INData Raw: 61 0d 0a 65 72 72 6f 72 20 23 44 31 32 0d 0a
                                                                                                            Data Ascii: aerror #D12
                                                                                                            2024-10-01 18:15:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:14:15:04
                                                                                                            Start date:01/10/2024
                                                                                                            Path:C:\Users\user\Desktop\Google_Chrome.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\Google_Chrome.exe"
                                                                                                            Imagebase:0x8b0000
                                                                                                            File size:4'921'344 bytes
                                                                                                            MD5 hash:B82C3D4143EA779B06EF4FBC965DB624
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:1
                                                                                                            Start time:14:15:16
                                                                                                            Start date:01/10/2024
                                                                                                            Path:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                            Imagebase:0x440000
                                                                                                            File size:231'736 bytes
                                                                                                            MD5 hash:A64BEAB5D4516BECA4C40B25DC0C1CD8
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:moderate
                                                                                                            Has exited:true

                                                                                                            Disassembly

                                                                                                            Reset < >

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:1.9%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:45.9%
                                                                                                              Total number of Nodes:85
                                                                                                              Total number of Limit Nodes:6
                                                                                                              execution_graph 14980 2c3cc70 14981 2c3cc79 14980->14981 14982 2c3cec1 ExitProcess 14981->14982 14983 2c3cc81 GetInputState 14981->14983 14984 2c3cc8e 14983->14984 14985 2c3cc96 GetCurrentThreadId GetCurrentProcessId 14984->14985 14986 2c3cebc 14984->14986 14988 2c3ccc8 14985->14988 15031 2c6f4f0 14986->15031 14988->14986 14992 2c40be0 CoInitialize 14988->14992 14990 2c3ceb7 15030 2c3f7b0 FreeLibrary 14990->15030 14993 2c40d04 CoInitializeSecurity 14992->14993 14994 2c40e73 14992->14994 14995 2c410c3 GetSystemDirectoryW 14992->14995 14996 2c40e6d CoUninitialize 14992->14996 14998 2c40d26 14992->14998 14993->14995 14993->14996 14993->14998 14994->14990 14995->14998 14996->14994 14997 2c411ea 14997->14990 14998->14995 14998->14996 14998->14997 15000 2c41215 14998->15000 15034 2c6c6c0 14998->15034 15038 2c41da0 15000->15038 15002 2c41386 15042 2c53940 15002->15042 15004 2c413a3 15051 2c540f0 15004->15051 15030->14986 15075 2c70da0 15031->15075 15033 2c6f4f5 FreeLibrary 15033->14982 15035 2c6c74e 15034->15035 15037 2c6c6d6 15034->15037 15035->14998 15036 2c6c73b RtlFreeHeap 15036->15035 15037->15036 15037->15037 15039 2c41a6a 15038->15039 15039->15039 15041 2c41d44 15039->15041 15055 2c6f5f0 LdrInitializeThunk 15039->15055 15041->15002 15043 2c539a2 15042->15043 15056 2c73080 15043->15056 15045 2c53dc7 15047 2c53efd 15045->15047 15060 2c50f00 15045->15060 15047->15004 15047->15047 15048 2c53db1 GetLogicalDrives 15050 2c73080 LdrInitializeThunk 15048->15050 15049 2c53c18 15049->15045 15049->15047 15049->15048 15050->15045 15052 2c5418b 15051->15052 15069 2c4e690 15052->15069 15054 2c5439a 15055->15041 15057 2c730a0 15056->15057 15058 2c731de 15057->15058 15063 2c6f5f0 LdrInitializeThunk 15057->15063 15058->15049 15061 2c50f52 15060->15061 15064 2c72ec0 15060->15064 15063->15058 15066 2c72ee0 15064->15066 15065 2c7302e 15065->15061 15066->15065 15068 2c6f5f0 LdrInitializeThunk 15066->15068 15068->15065 15070 2c4e6a0 15069->15070 15071 2c73080 LdrInitializeThunk 15070->15071 15072 2c4e6f9 15071->15072 15072->15072 15073 2c50f00 LdrInitializeThunk 15072->15073 15074 2c4e7e7 15072->15074 15073->15074 15074->15054 15076 2c70da9 15075->15076 15076->15033 15077 2c70554 15078 2c70477 15077->15078 15080 2c7048e 15078->15080 15084 2c6f5f0 LdrInitializeThunk 15078->15084 15083 2c6f5f0 LdrInitializeThunk 15080->15083 15082 2c70606 15083->15082 15084->15080 14967 2c6c6a2 RtlAllocateHeap 15085 2c6f532 15086 2c6f540 15085->15086 15087 2c6f5c1 15085->15087 15088 2c6f5cc 15086->15088 15091 2c6f54e 15086->15091 15090 2c6c6c0 RtlFreeHeap 15088->15090 15089 2c6f5ab RtlReAllocateHeap 15089->15087 15090->15087 15091->15089 15091->15091 14968 2c6ff03 14969 2c6ff0d 14968->14969 14971 2c7000e 14969->14971 14974 2c6f5f0 LdrInitializeThunk 14969->14974 14973 2c6f5f0 LdrInitializeThunk 14971->14973 14973->14971 14974->14971 15092 2c6f9b1 15093 2c6f9cc 15092->15093 15096 2c6f5f0 LdrInitializeThunk 15093->15096 15095 2c6fb41 15096->15095 15097 2c70670 15099 2c7069d 15097->15099 15098 2c7071e 15099->15098 15101 2c6f5f0 LdrInitializeThunk 15099->15101 15101->15098

                                                                                                              Executed Functions

                                                                                                              Function 02C3F7C0 Relevance: 23.0, Strings: 18, Instructions: 516COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 0 2c3f7c0-2c3fa2c 1 2c3fa7a-2c3faa2 0->1 2 2c3fa2e-2c3fa2f 0->2 5 2c3fae0-2c3fafb 1->5 6 2c3fb80-2c3fba5 1->6 7 2c3fce0-2c3fd51 1->7 8 2c3fe60-2c3fe74 1->8 9 2c3fb77-2c3fb7b 1->9 10 2c3fcc6-2c3fcd3 1->10 11 2c3fe84-2c3fe98 1->11 12 2c3fe3b-2c3fe54 1->12 13 2c3faa9-2c3fab2 1->13 14 2c3fcb8-2c3fcbf 1->14 15 2c3fcaf-2c3fcb3 1->15 3 2c3fa30-2c3fa78 2->3 3->1 3->3 32 2c3fb51-2c3fb70 5->32 33 2c3fafd-2c3faff 5->33 17 2c3fba7 6->17 18 2c3fbfc-2c3fc33 6->18 35 2c3fd53 7->35 36 2c3fda0-2c3fda8 7->36 40 2c3fe7e 8->40 16 2c3ff95-2c3ffad 9->16 10->7 19 2c3ff40-2c3ff45 11->19 20 2c3ff80 11->20 21 2c3ff84 11->21 22 2c3ff52-2c3ff57 11->22 23 2c3ff72-2c3ff79 11->23 24 2c3ff11-2c3ff36 11->24 25 2c3ff50 11->25 26 2c3fed0-2c3feef 11->26 27 2c3ff70 11->27 28 2c3fef6-2c3ff0a call 2c6f510 11->28 29 2c3feba-2c3fec6 11->29 30 2c3fe9f-2c3feb3 11->30 31 2c3ff5e-2c3ff63 11->31 12->8 13->5 14->7 14->8 14->10 14->11 14->12 14->19 14->20 14->21 14->22 14->23 14->24 14->25 14->26 14->27 14->28 14->29 14->30 14->31 34 2c3ff8b 15->34 16->7 16->8 16->10 16->11 16->12 16->14 16->15 16->19 16->20 16->21 16->22 16->23 16->24 16->25 16->26 16->27 16->28 16->29 16->30 16->31 43 2c3fbb0-2c3fbfa 17->43 44 2c3fc35 18->44 45 2c3fc88-2c3fca8 18->45 19->25 20->21 21->34 22->20 22->21 22->23 22->26 22->27 22->31 23->20 23->21 24->19 24->20 24->21 24->23 24->26 24->27 24->31 26->19 26->20 26->21 26->22 26->23 26->24 26->25 26->27 26->28 26->31 28->19 28->20 28->21 28->22 28->23 28->24 28->25 28->26 28->27 28->31 29->26 30->19 30->20 30->21 30->22 30->23 30->24 30->25 30->26 30->27 30->28 30->29 30->31 31->27 32->6 32->7 32->8 32->9 32->10 32->11 32->12 32->14 32->15 42 2c3fb00-2c3fb4f 33->42 34->16 46 2c3fd60-2c3fd9e 35->46 37 2c3fdd1-2c3fde2 36->37 38 2c3fdaa-2c3fdb2 36->38 48 2c3fde4-2c3fde6 37->48 49 2c3fe09 37->49 47 2c3fdc0-2c3fdcf 38->47 40->11 42->32 42->42 43->18 43->43 53 2c3fc40-2c3fc86 44->53 45->7 45->8 45->10 45->11 45->12 45->14 45->15 45->19 45->20 45->21 45->22 45->23 45->24 45->25 45->26 45->27 45->28 45->29 45->30 45->31 46->36 46->46 47->37 47->47 57 2c3fdf0-2c3fe01 48->57 58 2c3fe0b-2c3fe2e 49->58 53->45 53->53 57->57 60 2c3fe03-2c3fe07 57->60 58->12 60->58
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 3[7]$47$;_~a$C{$K/L1$KH$Lo+q$O+s-$T'J)$c#R%$dGnI$tW:Y$uCtE$wI$}3Y5$35$?1$?1
                                                                                                              • API String ID: 0-3860861081
                                                                                                              • Opcode ID: a74d6588c1e273e6122cc927749ec2dcd05b87d91f17b8393feecc4f785d7c04
                                                                                                              • Instruction ID: 5d7fec1f16c128b5ff66f895f69c6ec7952426d184d4b37071a36c85e9d9c0a8
                                                                                                              • Opcode Fuzzy Hash: a74d6588c1e273e6122cc927749ec2dcd05b87d91f17b8393feecc4f785d7c04
                                                                                                              • Instruction Fuzzy Hash: A21273B8548381CBD324CF24D894B6BBBF5EB8A704F118E2CE6C99B250D7759815CB92
                                                                                                              Function 02C3F140 Relevance: 20.8, Strings: 16, Instructions: 821COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 62 2c3f140-2c3f1c8 63 2c3f1d0-2c3f1d9 62->63 63->63 64 2c3f1db-2c3f1ee 63->64 66 2c3f202-2c3f204 64->66 67 2c3f200 64->67 68 2c3f546-2c3f54f 64->68 69 2c3f1f5-2c3f1fa 64->69 70 2c3f4c5-2c3f4c9 64->70 71 2c3f554-2c3f566 64->71 72 2c3f574-2c3f593 64->72 73 2c3f209-2c3f438 64->73 74 2c3f4ce-2c3f53f call 2c3c4e0 64->74 75 2c3f56d-2c3f572 64->75 93 2c3f6d5-2c3f6dc 66->93 67->66 76 2c3f6bc 68->76 69->67 98 2c3f6c6-2c3f6d2 70->98 71->72 71->75 77 2c3f700-2c3f701 71->77 78 2c3f7a0 71->78 79 2c3f727-2c3f741 call 2c6f510 71->79 80 2c3f6e6-2c3f6f3 71->80 81 2c3f786 71->81 82 2c3f748-2c3f770 71->82 83 2c3f70e-2c3f720 71->83 84 2c3f78c-2c3f794 71->84 85 2c3f692-2c3f695 71->85 86 2c3f777-2c3f77f 71->86 87 2c3f656-2c3f672 71->87 88 2c3f679-2c3f68b 71->88 89 2c3f799 71->89 90 2c3f69e-2c3f6b3 71->90 91 2c3f6dd 71->91 94 2c3f595 72->94 95 2c3f5c9 72->95 96 2c3f4a7-2c3f4b2 73->96 97 2c3f43a 73->97 74->68 74->71 74->72 74->75 74->77 74->78 74->79 74->80 74->81 74->82 74->83 74->84 74->85 74->86 74->87 74->88 74->89 74->90 74->91 92 2c3f5cc-2c3f5ea 75->92 111 2c3f6c3 76->111 116 2c3f708 77->116 110 2c3f7a7 78->110 79->78 79->80 79->81 79->82 79->86 79->89 79->91 100 2c3fae0-2c3fafb 79->100 101 2c3faa9-2c3fab2 79->101 80->76 82->78 82->80 82->81 82->86 82->89 82->91 82->100 82->101 83->78 83->79 83->80 83->81 83->82 83->86 83->89 83->91 83->100 83->101 84->77 85->90 86->78 86->80 86->81 86->89 86->91 86->100 86->101 87->77 87->78 87->79 87->80 87->81 87->82 87->83 87->84 87->85 87->86 87->88 87->89 87->90 87->91 88->77 88->78 88->79 88->80 88->81 88->82 88->83 88->84 88->85 88->86 88->89 88->90 88->91 89->78 90->76 91->80 106 2c3f625-2c3f64f 92->106 107 2c3f5ec-2c3f5ef 92->107 105 2c3f5a0-2c3f5c7 94->105 95->92 112 2c3f4b5-2c3f4be 96->112 103 2c3f440-2c3f4a5 97->103 98->93 113 2c3fb51-2c3fb70 100->113 114 2c3fafd-2c3faff 100->114 101->100 103->96 103->103 105->95 105->105 106->77 106->78 106->79 106->80 106->81 106->82 106->83 106->84 106->85 106->86 106->87 106->88 106->89 106->90 106->91 118 2c3f5f0-2c3f623 107->118 110->101 111->98 112->68 112->70 112->71 112->72 112->74 112->75 112->77 112->78 112->79 112->80 112->81 112->82 112->83 112->84 112->85 112->86 112->87 112->88 112->89 112->90 112->91 125 2c3fb80-2c3fba5 113->125 126 2c3fce0-2c3fd51 113->126 127 2c3fe60-2c3fe74 113->127 128 2c3fb77-2c3fb7b 113->128 129 2c3fcc6-2c3fcd3 113->129 130 2c3fe84-2c3fe98 113->130 131 2c3fe3b-2c3fe54 113->131 132 2c3fcb8-2c3fcbf 113->132 133 2c3fcaf-2c3fcb3 113->133 121 2c3fb00-2c3fb4f 114->121 116->83 118->106 118->118 121->113 121->121 135 2c3fba7 125->135 136 2c3fbfc-2c3fc33 125->136 151 2c3fd53 126->151 152 2c3fda0-2c3fda8 126->152 156 2c3fe7e 127->156 134 2c3ff95-2c3ffad 128->134 129->126 137 2c3ff40-2c3ff45 130->137 138 2c3ff80 130->138 139 2c3ff84 130->139 140 2c3ff52-2c3ff57 130->140 141 2c3ff72-2c3ff79 130->141 142 2c3ff11-2c3ff36 130->142 143 2c3ff50 130->143 144 2c3fed0-2c3feef 130->144 145 2c3ff70 130->145 146 2c3fef6-2c3ff0a call 2c6f510 130->146 147 2c3feba-2c3fec6 130->147 148 2c3fe9f-2c3feb3 130->148 149 2c3ff5e-2c3ff63 130->149 131->127 132->126 132->127 132->129 132->130 132->131 132->137 132->138 132->139 132->140 132->141 132->142 132->143 132->144 132->145 132->146 132->147 132->148 132->149 150 2c3ff8b 133->150 134->126 134->127 134->129 134->130 134->131 134->132 134->133 134->137 134->138 134->139 134->140 134->141 134->142 134->143 134->144 134->145 134->146 134->147 134->148 134->149 158 2c3fbb0-2c3fbfa 135->158 159 2c3fc35 136->159 160 2c3fc88-2c3fca8 136->160 137->143 138->139 139->150 140->138 140->139 140->141 140->144 140->145 140->149 141->138 141->139 142->137 142->138 142->139 142->141 142->144 142->145 142->149 144->137 144->138 144->139 144->140 144->141 144->142 144->143 144->145 144->146 144->149 146->137 146->138 146->139 146->140 146->141 146->142 146->143 146->144 146->145 146->149 147->144 148->137 148->138 148->139 148->140 148->141 148->142 148->143 148->144 148->145 148->146 148->147 148->149 149->145 150->134 161 2c3fd60-2c3fd9e 151->161 153 2c3fdd1-2c3fde2 152->153 154 2c3fdaa-2c3fdb2 152->154 163 2c3fde4-2c3fde6 153->163 164 2c3fe09 153->164 162 2c3fdc0-2c3fdcf 154->162 156->130 158->136 158->158 167 2c3fc40-2c3fc86 159->167 160->126 160->127 160->129 160->130 160->131 160->132 160->133 160->137 160->138 160->139 160->140 160->141 160->142 160->143 160->144 160->145 160->146 160->147 160->148 160->149 161->152 161->161 162->153 162->162 171 2c3fdf0-2c3fe01 163->171 172 2c3fe0b-2c3fe2e 164->172 167->160 167->167 171->171 174 2c3fe03-2c3fe07 171->174 172->131 174->172
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: /Q6W$47$9I>O$>M"S$B1A7$C{$KH$ME$N5:;$[)[/$[-I3$wI$35$?1$?1$Y$_
                                                                                                              • API String ID: 0-3722392735
                                                                                                              • Opcode ID: be8b9073e3a577a1b06aa62ff9d7d4d51c0202d45a589fab59d66bd2c3e49af8
                                                                                                              • Instruction ID: e140cf44e2712a96c5401d35c001be62fc44f43f2c93689c0bffb9b3da6ad401
                                                                                                              • Opcode Fuzzy Hash: be8b9073e3a577a1b06aa62ff9d7d4d51c0202d45a589fab59d66bd2c3e49af8
                                                                                                              • Instruction Fuzzy Hash: 1E52A6B5604B41CFD324CF25D894B6BBBF5FB89314F108E2CE59A8B690D774A818CB91
                                                                                                              Function 02C702B8 Relevance: 2.6, Strings: 2, Instructions: 149COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 207 2c702b8-2c702cc 208 2c70323-2c7032a 207->208 209 2c702ce-2c702cf 207->209 211 2c70396-2c703aa 208->211 212 2c7032c-2c70337 208->212 210 2c702d0-2c70321 209->210 210->208 210->210 213 2c70403-2c7040e 211->213 214 2c703ac-2c703af 211->214 215 2c70340-2c70347 212->215 217 2c70414-2c7041f 213->217 218 2c70380-2c70393 213->218 216 2c703b0-2c70401 214->216 219 2c70350-2c70356 215->219 220 2c70349-2c7034c 215->220 216->213 216->216 223 2c70420-2c70427 217->223 218->211 219->211 222 2c70358-2c7037e call 2c6f5f0 219->222 220->215 221 2c7034e 220->221 221->211 222->211 225 2c70440-2c70446 223->225 226 2c70429-2c7042c 223->226 225->218 227 2c7044c-2c7046a call 2c6f5f0 225->227 226->223 229 2c7042e 226->229 231 2c7046f-2c70472 227->231 229->218 231->218
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: %sgh$%sgh
                                                                                                              • API String ID: 0-986295974
                                                                                                              • Opcode ID: 0d818eb4186c13186a29d77df21d10cb6f6156a7c7f8c4286350cefb69b2bf51
                                                                                                              • Instruction ID: bb7ca85d2e34b40cbd472e7a1875519dfb40612ef6c90fcacecb1bafe646545f
                                                                                                              • Opcode Fuzzy Hash: 0d818eb4186c13186a29d77df21d10cb6f6156a7c7f8c4286350cefb69b2bf51
                                                                                                              • Instruction Fuzzy Hash: 7A41F375F052069BDB18CEA8CC91B7EBBB2FB89321F244528E516F72D0D730E9108B64
                                                                                                              Function 02C6F5F0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 252 2c6f5f0-2c6f622 LdrInitializeThunk
                                                                                                              APIs
                                                                                                              • LdrInitializeThunk.NTDLL(02C41D5D,00000000,00000001,00000000), ref: 02C6F61E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                              • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                              • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                              • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                              Function 02C72EC0 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 254 2c72ec0-2c72ed4 255 2c72ee0-2c72ee9 254->255 255->255 256 2c72eeb-2c72ef2 255->256 257 2c72ef4-2c72ef9 256->257 258 2c72efb 256->258 259 2c72efe-2c72f28 call 2c3c580 257->259 258->259 262 2c72f41-2c72fba 259->262 263 2c72f2a-2c72f2f 259->263 265 2c73002-2c7300e 262->265 266 2c72fbc-2c72fbf 262->266 264 2c72f30-2c72f3f 263->264 264->262 264->264 268 2c73066-2c73078 call 2c3c590 265->268 269 2c73010-2c73018 265->269 267 2c72fc0-2c73000 266->267 267->265 267->267 271 2c73020-2c73027 269->271 273 2c73030-2c73036 271->273 274 2c73029-2c7302c 271->274 273->268 276 2c73038-2c7305a call 2c6f5f0 273->276 274->271 275 2c7302e 274->275 275->268 278 2c7305f-2c73064 276->278 278->268
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: @
                                                                                                              • API String ID: 2994545307-2766056989
                                                                                                              • Opcode ID: 3659f8a6448830f2177cbffc1c98f3b8da135cb0e4f44988768530f04b2338cd
                                                                                                              • Instruction ID: 967cd3dd8fb17320c0d2b1a3e9831f2e41da5c0ccaffb0daacb0ce48549cf492
                                                                                                              • Opcode Fuzzy Hash: 3659f8a6448830f2177cbffc1c98f3b8da135cb0e4f44988768530f04b2338cd
                                                                                                              • Instruction Fuzzy Hash: 1741F3B5A083508BC724CF14C891B2BBBF1FFC5318F188A5CE98A5B391E3359904DB96
                                                                                                              Function 02C70477 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 279 2c70477-2c7047d 280 2c70491-2c704aa 279->280 281 2c7047f-2c7048e call 2c6f5f0 279->281 283 2c70503-2c7050b 280->283 284 2c704ac-2c704af 280->284 281->280 287 2c7050d-2c70518 283->287 288 2c7053c-2c7054f 283->288 286 2c704b0-2c70501 284->286 286->283 286->286 289 2c70520-2c70527 287->289 292 2c705f7-2c70601 call 2c6f5f0 288->292 290 2c70530-2c70536 289->290 291 2c70529-2c7052c 289->291 290->288 290->292 291->289 293 2c7052e 291->293 295 2c70606-2c7061c 292->295 293->288
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: 4`[b
                                                                                                              • API String ID: 2994545307-3962175265
                                                                                                              • Opcode ID: 15f16c12c1f2883b63bea30dbeddbc8434a7a44105d3d679da70d05aaf0cb26e
                                                                                                              • Instruction ID: f44d6aeff22f44a897844cd98d445c850c40cc51c7378e6d47a086359c50d7ce
                                                                                                              • Opcode Fuzzy Hash: 15f16c12c1f2883b63bea30dbeddbc8434a7a44105d3d679da70d05aaf0cb26e
                                                                                                              • Instruction Fuzzy Hash: F3318976E5020A9BDB1CCF54D8A0A7EB772FB88315F24461CD413A7284CB30A911CB98
                                                                                                              Function 02C6FF03 Relevance: .2, Instructions: 225COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 302 2c6ff03-2c6ff15 call 2c6e0c0 305 2c6ff17-2c6ff1f 302->305 306 2c6ff31-2c6ff84 302->306 307 2c6ff20-2c6ff2f 305->307 308 2c6ff86 306->308 309 2c6ffe3-2c6ffea 306->309 307->306 307->307 310 2c6ff90-2c6ffe1 308->310 311 2c7002f-2c70032 309->311 312 2c6ffec-2c6fff7 309->312 310->309 310->310 314 2c70059-2c7006b call 2c6e0c0 311->314 313 2c70000-2c70007 312->313 315 2c70010-2c70016 313->315 316 2c70009-2c7000c 313->316 322 2c70091-2c700e4 314->322 323 2c7006d-2c70072 314->323 315->311 319 2c70018-2c7002c call 2c6f5f0 315->319 316->313 318 2c7000e 316->318 318->311 319->311 324 2c700e6 322->324 325 2c70143-2c7014e 322->325 327 2c70080-2c7008f 323->327 328 2c700f0-2c70141 324->328 329 2c70154-2c7015f 325->329 330 2c70040-2c70054 325->330 327->322 327->327 328->325 328->328 331 2c70160-2c70167 329->331 330->314 332 2c70180-2c70186 331->332 333 2c70169-2c7016c 331->333 332->330 335 2c7018c-2c7019b call 2c6f5f0 332->335 333->331 334 2c7016e 333->334 334->330 337 2c701a0-2c701a3 335->337 337->330
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e9560db5fa74c8020146d3f999f8c64186924281869ab87a5bf3425ea167263c
                                                                                                              • Instruction ID: f8e9ecc35ebd34335a2b38d8554fa888040e4e89ff4aeaf45939136f4d7dfc57
                                                                                                              • Opcode Fuzzy Hash: e9560db5fa74c8020146d3f999f8c64186924281869ab87a5bf3425ea167263c
                                                                                                              • Instruction Fuzzy Hash: 4061B0B5A002158FDB18CF64C8A177FBBB2FF89324F18945CD446AB395D7369A01CB94
                                                                                                              Function 02C6F9B1 Relevance: .1, Instructions: 112COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 338 2c6f9b1-2c6f9ca 339 2c6fa05-2c6fa8b 338->339 340 2c6f9cc-2c6f9cf 338->340 343 2c6fae3-2c6faeb 339->343 344 2c6fa8d-2c6fa8f 339->344 341 2c6f9d0-2c6fa03 340->341 341->339 341->341 346 2c6faed-2c6faf8 343->346 347 2c6fb18-2c6fb2b 343->347 345 2c6fa90-2c6fae1 344->345 345->343 345->345 348 2c6fb00-2c6fb07 346->348 351 2c6fb30-2c6fb3c call 2c6f5f0 347->351 349 2c6fb10-2c6fb16 348->349 350 2c6fb09-2c6fb0c 348->350 349->347 349->351 350->348 352 2c6fb0e 350->352 354 2c6fb41-2c6fb57 351->354 352->347
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 32ea3c7db0503f9c7c5baf450f94bf13bbeb779227df80a5ac66cd3d4ff34f9b
                                                                                                              • Instruction ID: 770c691b0b69b48afa9c807f5507463a20116c1ba46f2d08ed4eed6e003247c6
                                                                                                              • Opcode Fuzzy Hash: 32ea3c7db0503f9c7c5baf450f94bf13bbeb779227df80a5ac66cd3d4ff34f9b
                                                                                                              • Instruction Fuzzy Hash: 634189B5E402168BCB18CF58D8A0A7EB7B2FF89314F24591CC413A3795C730A901CBA4
                                                                                                              Function 02C3CC70 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 173threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 176 2c3cc70-2c3cc7b call 2c6e390 179 2c3cec1-2c3cec3 ExitProcess 176->179 180 2c3cc81-2c3cc90 GetInputState call 2c65b60 176->180 183 2c3cc96-2c3ccc6 GetCurrentThreadId GetCurrentProcessId 180->183 184 2c3cebc call 2c6f4f0 180->184 185 2c3ccc8 183->185 186 2c3ccfe-2c3cd27 183->186 184->179 188 2c3ccd0-2c3ccfc 185->188 189 2c3cd7a-2c3cd7c 186->189 190 2c3cd29 186->190 188->186 188->188 192 2c3cd82-2c3cd9e 189->192 193 2c3ce49-2c3ce6d 189->193 191 2c3cd30-2c3cd78 190->191 191->189 191->191 194 2c3cda0-2c3cde4 192->194 195 2c3cde6-2c3ce08 192->195 196 2c3cea9 call 2c3df60 193->196 197 2c3ce6f 193->197 194->194 194->195 195->193 198 2c3ce0a 195->198 202 2c3ceae-2c3ceb0 196->202 199 2c3ce70-2c3cea7 197->199 201 2c3ce10-2c3ce47 198->201 199->196 199->199 201->193 201->201 202->184 203 2c3ceb2-2c3ceb7 call 2c40be0 call 2c3f7b0 202->203 203->184
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CurrentProcess$ExitInputStateThread
                                                                                                              • String ID: C@AN$GDEB
                                                                                                              • API String ID: 1029096631-2942872560
                                                                                                              • Opcode ID: 72fdc27eb0c50c1c326fc0927002f095827125439e1ab67385ef486699960d9c
                                                                                                              • Instruction ID: 1a595b8ab3150cc0c455b690a6fa4a83f5886304d48f511023cfb69b84fffc16
                                                                                                              • Opcode Fuzzy Hash: 72fdc27eb0c50c1c326fc0927002f095827125439e1ab67385ef486699960d9c
                                                                                                              • Instruction Fuzzy Hash: 8751777460C2808BC305EF28D590A1EFBE2AFA5304F188D2DE1C9D7352D73AD955CB56
                                                                                                              Function 02C6F532 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 232 2c6f532-2c6f539 233 2c6f540-2c6f547 232->233 234 2c6f5c1-2c6f5ca call 2c6c600 232->234 235 2c6f54e-2c6f56b 233->235 236 2c6f5cc-2c6f5cd call 2c6c6c0 233->236 244 2c6f5da-2c6f5dc 234->244 238 2c6f56d-2c6f56f 235->238 239 2c6f5ab-2c6f5bf RtlReAllocateHeap 235->239 245 2c6f5d2-2c6f5d5 236->245 242 2c6f570-2c6f5a9 238->242 243 2c6f5d7 239->243 242->239 242->242 243->244 245->243
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7272f4aba2fc8de84788222be658a23f197b0db8d0f66346b1ab198021cbbd98
                                                                                                              • Instruction ID: d3abd7422935f53ec49c422cab227ff603a0aa1b650ff578a7b9ac34709b5cb9
                                                                                                              • Opcode Fuzzy Hash: 7272f4aba2fc8de84788222be658a23f197b0db8d0f66346b1ab198021cbbd98
                                                                                                              • Instruction Fuzzy Hash: 2011E3B19092409BD314EF29E98462FB3E7EBC4210F55CA5CD4C253614D375DC26CB92
                                                                                                              Function 02C6C6C0 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 246 2c6c6c0-2c6c6cf 247 2c6c6d6-2c6c6f7 246->247 248 2c6c74e-2c6c752 246->248 249 2c6c73b-2c6c748 RtlFreeHeap 247->249 250 2c6c6f9 247->250 249->248 251 2c6c700-2c6c739 250->251 251->249 251->251
                                                                                                              APIs
                                                                                                              • RtlFreeHeap.NTDLL(?,00000000,?), ref: 02C6C748
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FreeHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 3298025750-0
                                                                                                              • Opcode ID: fc8df475d7a06fdaa32bc948d227770a118f4711be084353cd7f5da29d07918b
                                                                                                              • Instruction ID: 4c577b3373e6196d91d960e2027d25b1302813423d5020f663eb6459f131b60f
                                                                                                              • Opcode Fuzzy Hash: fc8df475d7a06fdaa32bc948d227770a118f4711be084353cd7f5da29d07918b
                                                                                                              • Instruction Fuzzy Hash: 29018C7420C2408BD309EF18D4A4A2EFBE6EF95314F158A5DE5CA076A1C7319C61CB86
                                                                                                              Function 02C6C6A2 Relevance: 1.5, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 253 2c6c6a2-2c6c6b2 RtlAllocateHeap
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000), ref: 02C6C6A8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: 2aaf3cfa0d6f6e90580f4974301879921fe5992a8a30b3605e27b00a597392a7
                                                                                                              • Instruction ID: 83cb560f140d74a8042f8fbcb9fad8ec121fea719df0ae04ec3e43aa067db7dd
                                                                                                              • Opcode Fuzzy Hash: 2aaf3cfa0d6f6e90580f4974301879921fe5992a8a30b3605e27b00a597392a7
                                                                                                              • Instruction Fuzzy Hash: 89B012704400005BEA012B18BC05B603614EB00204F300480F414480D2D1124CB3D588

                                                                                                              Non-executed Functions

                                                                                                              Function 02C55198 Relevance: 28.1, Strings: 22, Instructions: 564COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $;$,{6y$4`[b$:o'm$<\$L;r9$SF$]Z$_D$e'o%$ep$hg$j'J%$l3e1$r+|)$ss$tEzG$wr$ww$}c$#!$/-
                                                                                                              • API String ID: 0-598095080
                                                                                                              • Opcode ID: 5adc9497d99873c76068ffe22cb820e5c46c190fd305cfe12151098bad0e2ae9
                                                                                                              • Instruction ID: 2cce24ef0bc5b4ebf66931d9f2e985fe5debe3dfa2a13d405a2bcef5550fe88d
                                                                                                              • Opcode Fuzzy Hash: 5adc9497d99873c76068ffe22cb820e5c46c190fd305cfe12151098bad0e2ae9
                                                                                                              • Instruction Fuzzy Hash: E462C7B51093818BE338CF11D490BDFBAE2BBD6344F908A2DC9DE5B644DB7054498FA6
                                                                                                              Function 02C40BE0 Relevance: 24.2, APIs: 4, Strings: 9, Instructions: 1452COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CoInitialize.OLE32(00000000), ref: 02C40CF4
                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 02C40D16
                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 02C410CE
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Initialize$DirectorySecuritySystem
                                                                                                              • String ID: SRQ$4`[b$NP]V$XWRI$yq$z_~]$}vw1$~ivw$IK
                                                                                                              • API String ID: 1379780170-3077396563
                                                                                                              • Opcode ID: 85f6a67a99ef92621e1f29984d7ee8c7769b3a1c7a3c679743229fa34459086a
                                                                                                              • Instruction ID: 803db8ac63bb55036901eaa075c06b494d2686bc40315df42a95df03e71985e1
                                                                                                              • Opcode Fuzzy Hash: 85f6a67a99ef92621e1f29984d7ee8c7769b3a1c7a3c679743229fa34459086a
                                                                                                              • Instruction Fuzzy Hash: 57B2A7B4500B408BD324CF29C590727BBF2FF86704F188A5CD8AA8BB96D735E955CB91
                                                                                                              Function 02C4B054 Relevance: 23.8, Strings: 18, Instructions: 1288COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ?>$!./,$$#"!$($()$,+*)$4$<;:$@_^]$HGFE$LKJI$dcba$lkji$tu$ONM$su$5$
                                                                                                              • API String ID: 0-3379369873
                                                                                                              • Opcode ID: 0fa6ef5f0d778f2c503277e649ee39bf24845c8da92429ca0612167a55c95955
                                                                                                              • Instruction ID: c993bb792bd6689260f18d6e7b2941d1d92b284163f8a4207f57513fd9364e1a
                                                                                                              • Opcode Fuzzy Hash: 0fa6ef5f0d778f2c503277e649ee39bf24845c8da92429ca0612167a55c95955
                                                                                                              • Instruction Fuzzy Hash: 40B244B45093828BD370DF18C484BAFBBF2EFC5348F54892DE5998B251DB369985CB42
                                                                                                              Function 02C5BD10 Relevance: 16.1, Strings: 12, Instructions: 1130COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $"\$Bk=9$J$R$J(Z$JNGL$NOHI$OHI>$`xhr$ggxz$wx,${l`~$>!%
                                                                                                              • API String ID: 0-2323244691
                                                                                                              • Opcode ID: df2e177ad938d2406b5b89fc47b2a1be76e3ca4fbb9e74b471a7ccaf139d3f78
                                                                                                              • Instruction ID: baa807725f056a5836cdaf450709d4bb0948fb6fd3e0afd16d7503ac5bcaaa75
                                                                                                              • Opcode Fuzzy Hash: df2e177ad938d2406b5b89fc47b2a1be76e3ca4fbb9e74b471a7ccaf139d3f78
                                                                                                              • Instruction Fuzzy Hash: 0C928870104B928BD325CF3AC4A07A7BBE1AF96305F18495DD8EB8B382D735A645CF94
                                                                                                              Function 02C42A2C Relevance: 15.7, Strings: 12, Instructions: 653COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: #,%}$,<;,$//j9$7'r!$:$<57&$=o;&$>'b $QXLC$RTM5$Tw$eo
                                                                                                              • API String ID: 0-2033785059
                                                                                                              • Opcode ID: 57a82e570ed2cf63e6c8c4041ed4d3fedb1f021822ecb3d4569a395082a7a4d6
                                                                                                              • Instruction ID: 7464512ab2e8f7b5b95f2c7fe7bfd1e34f75201aa8fa9867dd1e11d6a09a1952
                                                                                                              • Opcode Fuzzy Hash: 57a82e570ed2cf63e6c8c4041ed4d3fedb1f021822ecb3d4569a395082a7a4d6
                                                                                                              • Instruction Fuzzy Hash: DB2290B19083819BD725CF28D890B6FBBF2AFC6304F144D6DE48A97251DB35D905CB92
                                                                                                              Function 02C4CC90 Relevance: 12.4, Strings: 9, Instructions: 1145COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: '9++$B$DE$OMNV$T$`c$kXD]$s}${ze
                                                                                                              • API String ID: 0-2673826114
                                                                                                              • Opcode ID: 41d7280871b5386fd4e8c10cb7091f36c08137f18ef9fc2f134dcb5520ba8e00
                                                                                                              • Instruction ID: 7d9fe42674997265f01f2440789ff1b70bb47319630fbf1e733ef590afb5f751
                                                                                                              • Opcode Fuzzy Hash: 41d7280871b5386fd4e8c10cb7091f36c08137f18ef9fc2f134dcb5520ba8e00
                                                                                                              • Instruction Fuzzy Hash: 87828AB060C3408BD314EF25C49066FBBF2EF96718F14891CE5CA8B392DB759909CB96
                                                                                                              Function 02C31000 Relevance: 12.0, Strings: 9, Instructions: 763COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$A$gfff$gfff$gfff$gfff$W
                                                                                                              • API String ID: 0-2303242756
                                                                                                              • Opcode ID: d4f1b744fe91e8fc2f6c03d3ce4f666a0ea0e50b81871ee620c7e2115f8eb3c5
                                                                                                              • Instruction ID: 030288bfc16b6fdfc01d8dda2fc9cd31908ab1246b164226c98b3fa5da8bf798
                                                                                                              • Opcode Fuzzy Hash: d4f1b744fe91e8fc2f6c03d3ce4f666a0ea0e50b81871ee620c7e2115f8eb3c5
                                                                                                              • Instruction Fuzzy Hash: A342F971A083818FD719CE29C49036ABBE2AFC5314F1C8A6DE8D9D7391D775D906CB82
                                                                                                              Function 02C3D140 Relevance: 11.5, Strings: 9, Instructions: 230COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ,(^^$-XnS$fgK6$oRSV$p8&B$r}C}$txZf$wyEH$}I{@
                                                                                                              • API String ID: 0-34003872
                                                                                                              • Opcode ID: 5edc215fc6f1cbd33954a3d6f6557b6057eb2ec007fd91bc2fdd3e3d5a444ffc
                                                                                                              • Instruction ID: 34784ddd7e7699184d213b5e1bf89473aba23c80ae2b84f0b78073884113dae5
                                                                                                              • Opcode Fuzzy Hash: 5edc215fc6f1cbd33954a3d6f6557b6057eb2ec007fd91bc2fdd3e3d5a444ffc
                                                                                                              • Instruction Fuzzy Hash: E571CB7190D3928BD312CF25C15071BFFF2AFD6640F188A8CE8C51B259C3759A4ACB96
                                                                                                              Function 02C40000 Relevance: 9.5, Strings: 7, Instructions: 702COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Kf$MK$SI$S[$TT$`ac$QW
                                                                                                              • API String ID: 0-1897345799
                                                                                                              • Opcode ID: 40e04b412f8d3bedbb7d8d9f3776216bbf987e953c15d320aca8c4352d90ffa1
                                                                                                              • Instruction ID: 9939fb71b7083e981b638b0a53a7c071b296d08f8edcb27ce37fca4c75e0af4b
                                                                                                              • Opcode Fuzzy Hash: 40e04b412f8d3bedbb7d8d9f3776216bbf987e953c15d320aca8c4352d90ffa1
                                                                                                              • Instruction Fuzzy Hash: BC4253B454C3419BD328DF25D890B6BBBE2EFD9304F148E1CE6CA4B291DB749844CB92
                                                                                                              Function 02C68965 Relevance: 9.4, APIs: 6, Instructions: 381COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • VariantInit.OLEAUT32(?), ref: 02C689A4
                                                                                                              • SysStringLen.OLEAUT32(1B8E19F9), ref: 02C68A63
                                                                                                              • VariantClear.OLEAUT32(?), ref: 02C68BEB
                                                                                                              • SysFreeString.OLEAUT32(?), ref: 02C68D4A
                                                                                                              • SysFreeString.OLEAUT32(?), ref: 02C68D4F
                                                                                                              • SysFreeString.OLEAUT32(?), ref: 02C68D62
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: String$Free$Variant$ClearInit
                                                                                                              • String ID:
                                                                                                              • API String ID: 4205145696-0
                                                                                                              • Opcode ID: f5ad0e7cf36fac8c15297e907deb86143afe9218bd5cf33ff8552c9fb71d355d
                                                                                                              • Instruction ID: c86a7afa8dc2c10135c1eb63294228981f4c0436f115402b1a213a65bd5db6fe
                                                                                                              • Opcode Fuzzy Hash: f5ad0e7cf36fac8c15297e907deb86143afe9218bd5cf33ff8552c9fb71d355d
                                                                                                              • Instruction Fuzzy Hash: 9CD1DB75604702CFD324CF25C894B26BBB2FF99310F148A2DD1828BB91D736B969CB80
                                                                                                              Function 02C62D80 Relevance: 9.1, APIs: 6, Instructions: 111clipboardCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Clipboard$Global$CloseDataLockLongOpenUnlockWindow
                                                                                                              • String ID:
                                                                                                              • API String ID: 2832541153-0
                                                                                                              • Opcode ID: d2c5925179dfc0d8956fd5521c0bc67b47430e456326f099c5c8dd90b1c7cce0
                                                                                                              • Instruction ID: 14ddeeb847d90bd8279cc3d8376bc45db88b103c080d9ab41c6a9b40ec0f7e75
                                                                                                              • Opcode Fuzzy Hash: d2c5925179dfc0d8956fd5521c0bc67b47430e456326f099c5c8dd90b1c7cce0
                                                                                                              • Instruction Fuzzy Hash: 914195709087858ED721ABBC988976FBFF1AB42220F048F6CD4E6876C1D7309559C7A3
                                                                                                              Function 02C312F0 Relevance: 8.5, Strings: 6, Instructions: 955COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $0$0$0$u$W
                                                                                                              • API String ID: 0-3205528186
                                                                                                              • Opcode ID: 7d74512d420b54fdd145d1463f25ef5d504b7f44432dac892a7b77c8f69d66b3
                                                                                                              • Instruction ID: fb3509a848eaed8f6ae56379a83d2cf9fc8b53c991c4685ff873038562e933d5
                                                                                                              • Opcode Fuzzy Hash: 7d74512d420b54fdd145d1463f25ef5d504b7f44432dac892a7b77c8f69d66b3
                                                                                                              • Instruction Fuzzy Hash: 33721871A083818FC71ACE28C59075ABBE1AFC9344F188E6DE8D997391D775DE05CB82
                                                                                                              Function 02C57640 Relevance: 8.3, Strings: 6, Instructions: 791COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: yfc$4`[b$DD$ybl`$ylU{$}zso
                                                                                                              • API String ID: 0-3693036141
                                                                                                              • Opcode ID: b1c9662835dff23d6a8ba4ad827819b74ea5ef766f85bc4b1876d87bb79d4c16
                                                                                                              • Instruction ID: 42bf04a9bb7f122a31d0b2e9de7728ce1dd11965f47b7a745f207c79092bc56f
                                                                                                              • Opcode Fuzzy Hash: b1c9662835dff23d6a8ba4ad827819b74ea5ef766f85bc4b1876d87bb79d4c16
                                                                                                              • Instruction Fuzzy Hash: B842BBB1A083918FD318DF28D49062BFBE2AFC9344F148A6DE8D687251D734D999CB52
                                                                                                              Function 02C57370 Relevance: 8.1, Strings: 6, Instructions: 556COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: yfc$4`[b$DD$ybl`$ylU{$}zso
                                                                                                              • API String ID: 0-3693036141
                                                                                                              • Opcode ID: 82907403bdbcbbcd7a87660c64d61a853b66f4bc13716109b13e53291255fb45
                                                                                                              • Instruction ID: 3fb13e8247e8d0f81633e116d2b0e13c6221b1ac9ef814bfb51078b8ac819254
                                                                                                              • Opcode Fuzzy Hash: 82907403bdbcbbcd7a87660c64d61a853b66f4bc13716109b13e53291255fb45
                                                                                                              • Instruction Fuzzy Hash: 750297B16083808BD318DF29D4A0A2FBBE2EFC5344F548A2DE9D28B351D774D995CB46
                                                                                                              Function 02C53940 Relevance: 7.6, APIs: 1, Strings: 3, Instructions: 554COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: hi$hk$pz
                                                                                                              • API String ID: 0-3399549940
                                                                                                              • Opcode ID: 99d0fe78253d4d3d873e7697c22f906609739ef0af71d49a465f2d41f2dedf5d
                                                                                                              • Instruction ID: c39a89889ef267e6f72b5b05e2ae7e96c89b82a4a60904045cb29945ed349e9f
                                                                                                              • Opcode Fuzzy Hash: 99d0fe78253d4d3d873e7697c22f906609739ef0af71d49a465f2d41f2dedf5d
                                                                                                              • Instruction Fuzzy Hash: 381273B420C3809BD314DF19C890A2EBBF1EF95748F048A6CE4D68B250E779D945CF9A
                                                                                                              Function 02C3138D Relevance: 6.6, Strings: 5, Instructions: 343COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: -$0123456789abcdefxp$E$gfff$gfff
                                                                                                              • API String ID: 0-289536268
                                                                                                              • Opcode ID: 75eba9c2598e30735c2cd6664ea26915bf59d5babafe8e871b8ee27db4f7fc92
                                                                                                              • Instruction ID: 09c06e8d30058bc5570f0644b62d103d7ddf72584bbc41abe5801d4cef0b372d
                                                                                                              • Opcode Fuzzy Hash: 75eba9c2598e30735c2cd6664ea26915bf59d5babafe8e871b8ee27db4f7fc92
                                                                                                              • Instruction Fuzzy Hash: AFD1A43160C3928FC716CE29C48426AFBE1AFD9304F088A6DE8D997356D374DA05CB92
                                                                                                              Function 02C5998F Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @A$G5M3$Q1:O$\9b7$lM%K
                                                                                                              • API String ID: 0-4206551269
                                                                                                              • Opcode ID: 0f126e07ca9e4ce3007ac912366309720f54404b01fa678ee32dcd74d47b8d09
                                                                                                              • Instruction ID: c3f1d1af7f8184c57693e9300873735f939501e352cb18fec28bea0346edd770
                                                                                                              • Opcode Fuzzy Hash: 0f126e07ca9e4ce3007ac912366309720f54404b01fa678ee32dcd74d47b8d09
                                                                                                              • Instruction Fuzzy Hash: 22519DB4A48301CBD324DF14D85176BB7B1FFC5319F048A5CE8C98B291E7389A55CB6A
                                                                                                              Function 02C5CD06 Relevance: 6.0, Strings: 4, Instructions: 1034COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: %3"4$&@>T$DB$`d2a
                                                                                                              • API String ID: 0-1229532068
                                                                                                              • Opcode ID: dce18e26fccd7528f756c9f544d4623246f4afed3a8e79592d6c3b1560c809cc
                                                                                                              • Instruction ID: f58928dff075ba4cf87708e694a3a5d1d3fa02269913ff9a938155ffd2f23012
                                                                                                              • Opcode Fuzzy Hash: dce18e26fccd7528f756c9f544d4623246f4afed3a8e79592d6c3b1560c809cc
                                                                                                              • Instruction Fuzzy Hash: 4E72C370105B528BE329CF25C1A0BA3BBE2AF96304F14896EC4EB87792D735F585CB54
                                                                                                              Function 02C3FFDE Relevance: 5.6, Strings: 4, Instructions: 612COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Kf$MK$SI$`ac
                                                                                                              • API String ID: 0-4288373128
                                                                                                              • Opcode ID: 173648067d33571f4ccf463645359c4341e8427e061327f3a094234b0621c971
                                                                                                              • Instruction ID: 7ef165759756e9d1e7367d5f02f07cf5c928c1f0d4a6fcb4762d9272d0837512
                                                                                                              • Opcode Fuzzy Hash: 173648067d33571f4ccf463645359c4341e8427e061327f3a094234b0621c971
                                                                                                              • Instruction Fuzzy Hash: C81272B464C3019BD318DF24D894B2BBBF2EFD9704F048A2CE6CA87291DB759814DB52
                                                                                                              Function 02C62EF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MetricsSystem
                                                                                                              • String ID:
                                                                                                              • API String ID: 4116985748-3916222277
                                                                                                              • Opcode ID: 6e8a9fe85b3bdd5b25cf00f3e7f466089622c4ccd7d02986901d84c14fe6ca01
                                                                                                              • Instruction ID: 9a57c7cea62d12bf556af6fd1620ebe46b491c879e31a2edf2e65b6fd7aa516c
                                                                                                              • Opcode Fuzzy Hash: 6e8a9fe85b3bdd5b25cf00f3e7f466089622c4ccd7d02986901d84c14fe6ca01
                                                                                                              • Instruction Fuzzy Hash: 48D137F06093858BD3B0DF54C69878FBBF0BB85708F508A5DD4E89A250DBB45589CB87
                                                                                                              Function 02C3D7D0 Relevance: 5.4, Strings: 4, Instructions: 438COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: @$DC$G#$Kf
                                                                                                              • API String ID: 0-1342140213
                                                                                                              • Opcode ID: 873123e911ec9ba20fc3daa199a3c57ac46ac9522e25fb620b50fbdc684703d7
                                                                                                              • Instruction ID: 911707ca949315ffaa17d743bf1914a48c2200864461173b52e3539f0234ecbe
                                                                                                              • Opcode Fuzzy Hash: 873123e911ec9ba20fc3daa199a3c57ac46ac9522e25fb620b50fbdc684703d7
                                                                                                              • Instruction Fuzzy Hash: 6AF154B420C3409BE319DF28D490A2FBBE6EB99708F148D2CE1C68B351D7359915CB97
                                                                                                              Function 02C54A4F Relevance: 5.4, Strings: 4, Instructions: 386COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: <KJM$C7HI$U3C5$`a
                                                                                                              • API String ID: 0-3065358329
                                                                                                              • Opcode ID: 754be6c001131820ad81e2c98c0c846e25569660726924eeb8db835b5ec30602
                                                                                                              • Instruction ID: aa63a4a4781dad0435a9a45256efe41476056e0889c57e9962085bf55a5491ab
                                                                                                              • Opcode Fuzzy Hash: 754be6c001131820ad81e2c98c0c846e25569660726924eeb8db835b5ec30602
                                                                                                              • Instruction Fuzzy Hash: 51D1BE76508762CBC328DF28C49066BB3F2FF99740F19891CE8C19B260E770E995CB95
                                                                                                              Function 02C599B5 Relevance: 5.3, Strings: 4, Instructions: 336COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: "|lp$bdjg$jlbo${vux
                                                                                                              • API String ID: 0-1197034700
                                                                                                              • Opcode ID: 8501867df1eb8c34bd429c9268e26be5f0bfb4cfffc859769ec9ed3ec01d8f43
                                                                                                              • Instruction ID: d9f082679a6e4731a188c8635b1c221061065033845a159c7c3d65f37a0bd81e
                                                                                                              • Opcode Fuzzy Hash: 8501867df1eb8c34bd429c9268e26be5f0bfb4cfffc859769ec9ed3ec01d8f43
                                                                                                              • Instruction Fuzzy Hash: B7C1BCB1508381CBD324DF18C89176BBBE2EFC5308F048A6DE4D98B292E735E555CB96
                                                                                                              Function 02C547E2 Relevance: 5.1, Strings: 4, Instructions: 112COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: XY$`Qn_$dUbS$xIfW
                                                                                                              • API String ID: 0-4017241727
                                                                                                              • Opcode ID: 5a419d02a1d9c2fce1dce638c7dc7c88bc4a215c312605dfb5a8be42bd752236
                                                                                                              • Instruction ID: aab83cee50d6545ca9cc76fe437f2a760dd61062570ac2315061d76119b28fa4
                                                                                                              • Opcode Fuzzy Hash: 5a419d02a1d9c2fce1dce638c7dc7c88bc4a215c312605dfb5a8be42bd752236
                                                                                                              • Instruction Fuzzy Hash: D23169B5609391CBD328CF15C4A17ABB7B2FFC6304F08985CD88A8B751DB349586CB96
                                                                                                              Function 02C5E223 Relevance: 4.3, Strings: 3, Instructions: 538COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Bk=9$J$R$`xhr
                                                                                                              • API String ID: 0-1656375010
                                                                                                              • Opcode ID: 6cc340210d5641de6ee9fc7568cd623cf083526cc2d0bc616701579c32b273b9
                                                                                                              • Instruction ID: 62801e6799187cb5e06a4f1ed6191e28a2487bcdb153c69f44f2f93692be1040
                                                                                                              • Opcode Fuzzy Hash: 6cc340210d5641de6ee9fc7568cd623cf083526cc2d0bc616701579c32b273b9
                                                                                                              • Instruction Fuzzy Hash: BE126870144B928BD329CF39C4A0BA7BBE1AF56305F44485DD8EB8B682C739B645CF94
                                                                                                              Function 02C3EB20 Relevance: 4.2, Strings: 3, Instructions: 445COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ur$xy$~
                                                                                                              • API String ID: 0-3798557645
                                                                                                              • Opcode ID: 56bd465af7c7b316054a5c85d349cd56496ec8c84a0835200afc603b45afdbf0
                                                                                                              • Instruction ID: 15b0d669dae02bdbfd38fbf1eccdaa92d85b0a24c880d964b8ee20c404caaf49
                                                                                                              • Opcode Fuzzy Hash: 56bd465af7c7b316054a5c85d349cd56496ec8c84a0835200afc603b45afdbf0
                                                                                                              • Instruction Fuzzy Hash: 24F19AB150C3808BD316DF19C09072AFBE2AFDA618F188E1DE4D99B351D336D945CB96
                                                                                                              Function 02C4E070 Relevance: 4.2, Strings: 3, Instructions: 427COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 6 5X$X$blav
                                                                                                              • API String ID: 0-4234986367
                                                                                                              • Opcode ID: 1ee50f5d156b7190e5a63b343e18eff7b3b63ca204635532979168294ce09d54
                                                                                                              • Instruction ID: 40eef5133203edb88db474ef2e45cb294d5c0c80381a8d62726483b918429e3d
                                                                                                              • Opcode Fuzzy Hash: 1ee50f5d156b7190e5a63b343e18eff7b3b63ca204635532979168294ce09d54
                                                                                                              • Instruction Fuzzy Hash: BAE1987560C3809BD305DF29C890A2FBBE6BFD9314F088D2CE5C987252DB35A915CB92
                                                                                                              Function 02C42C3C Relevance: 3.0, Strings: 2, Instructions: 507COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: "$my
                                                                                                              • API String ID: 0-3987835623
                                                                                                              • Opcode ID: 7be97a07927eebec08c3a66ee86d7b80e0bcc17c9aa085c69cc05938801438c4
                                                                                                              • Instruction ID: c6c2f41f0e467d1a2555ac5dc2f90b4e675fb9b8769ac66f35d6d70aad9a9315
                                                                                                              • Opcode Fuzzy Hash: 7be97a07927eebec08c3a66ee86d7b80e0bcc17c9aa085c69cc05938801438c4
                                                                                                              • Instruction Fuzzy Hash: 2CF1ACB19083818FD714DF28C880B6FBBE6EFC6348F14496DE58987291EB35DA45CB52
                                                                                                              Function 02C52480 Relevance: 3.0, Strings: 2, Instructions: 497COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: 4`[b$@CBM
                                                                                                              • API String ID: 2994545307-914015261
                                                                                                              • Opcode ID: bf9049ae2d284e3015637580840c9f00fd0a136e92d0dc8e42c9b5b0f9a5e11e
                                                                                                              • Instruction ID: e92264cc432eab718df91471dec63700472e9b4deed4f9c0ce8a6b68e9cf7a63
                                                                                                              • Opcode Fuzzy Hash: bf9049ae2d284e3015637580840c9f00fd0a136e92d0dc8e42c9b5b0f9a5e11e
                                                                                                              • Instruction Fuzzy Hash: 5CD1D0726082109BD715DF28C8A1A2BB7F1EF95314F09481CECC597351E339EA85CBA7
                                                                                                              Function 02C4A1C0 Relevance: 3.0, Strings: 2, Instructions: 484COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 4`[b$xO
                                                                                                              • API String ID: 0-2409915359
                                                                                                              • Opcode ID: 80d48caad59ed5a65338df088eb842b51935de4bd6427d57880e5d0e5568aa1d
                                                                                                              • Instruction ID: b884ca801ecf0064157ff1621d85b6159572a619cd7aaae9f65a51fd76076c90
                                                                                                              • Opcode Fuzzy Hash: 80d48caad59ed5a65338df088eb842b51935de4bd6427d57880e5d0e5568aa1d
                                                                                                              • Instruction Fuzzy Hash: 04F1D1B55883418BD330DF18C8A0BAFB7F1EFCA354F04096CE5998B291EB359955CB52
                                                                                                              Function 02C33790 Relevance: 2.9, Strings: 2, Instructions: 429COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: Inf$NaN
                                                                                                              • API String ID: 0-3500518849
                                                                                                              • Opcode ID: 4f4fb7ba4210511b16d348a1e146f6b0748806e54bc3a5b03a29847b647f5bf7
                                                                                                              • Instruction ID: 43a2ebcd3e6e915378146fb03956ed5ac9e7c21f96f6af87805638667f7f03d5
                                                                                                              • Opcode Fuzzy Hash: 4f4fb7ba4210511b16d348a1e146f6b0748806e54bc3a5b03a29847b647f5bf7
                                                                                                              • Instruction Fuzzy Hash: AFE110B2A083419BC705CF29C88065EBBE1EBC8754F148E6EF89997390E775DD458BC2
                                                                                                              Function 02C5C752 Relevance: 2.9, Strings: 2, Instructions: 422COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: drE$YJJW
                                                                                                              • API String ID: 0-53790862
                                                                                                              • Opcode ID: f56662e003d03a21006cd843c7705f7bd2603a34dc6301022bbb071cd3a4ffe3
                                                                                                              • Instruction ID: 56fc4de3e735b448a4b2def146481240e62d94c33060032a057e0d77eb51238f
                                                                                                              • Opcode Fuzzy Hash: f56662e003d03a21006cd843c7705f7bd2603a34dc6301022bbb071cd3a4ffe3
                                                                                                              • Instruction Fuzzy Hash: F2F19B70509B818BE325CB39C0A0BE7BBE1EF56304F54895EC8EB8B282C739B545CB54
                                                                                                              Function 02C565A2 Relevance: 2.9, Strings: 2, Instructions: 403COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 4`[b$o<m
                                                                                                              • API String ID: 0-3792609330
                                                                                                              • Opcode ID: acf6978b8e2ddac1c90b661314b861c5668f7dfc92eec3ec52fdd3ec803e2b74
                                                                                                              • Instruction ID: 4350b4337094d0f09ed0250c789d4a4fca72cc1d58f2ac3d207bb2aedc546deb
                                                                                                              • Opcode Fuzzy Hash: acf6978b8e2ddac1c90b661314b861c5668f7dfc92eec3ec52fdd3ec803e2b74
                                                                                                              • Instruction Fuzzy Hash: E3E1BBB5D00215CFDB14CFA8D881BAEBBB1FF58304F6485A8E902AB346D7359955CFA0
                                                                                                              Function 02C4FCFF Relevance: 2.9, Strings: 2, Instructions: 386COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: qu${}
                                                                                                              • API String ID: 0-3870973077
                                                                                                              • Opcode ID: 8dd12eef349a279ce9aafdfa030070cb88d5f3d9b3ba69b3ba902d2d12a707c8
                                                                                                              • Instruction ID: 62fa2862b3fe201ec5fce27dddde6f4c95974105db2ee0d1560ae82bc34c9769
                                                                                                              • Opcode Fuzzy Hash: 8dd12eef349a279ce9aafdfa030070cb88d5f3d9b3ba69b3ba902d2d12a707c8
                                                                                                              • Instruction Fuzzy Hash: D0D1CCB49003268FCB24CF68C891A6BBBB1FF49304B048A4CD8559F795E731E951CBE1
                                                                                                              Function 02C591C0 Relevance: 2.8, Strings: 2, Instructions: 277COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: E|$y
                                                                                                              • API String ID: 0-4277912986
                                                                                                              • Opcode ID: bd37e0dae42185fd40d24df12a44fdb1a5f9eaa70d22f6c1e78af516ea71e1fb
                                                                                                              • Instruction ID: cc129d91b16ddb2e5489ff7f97996d3cd9118314e2b390302f3f4b161750ee21
                                                                                                              • Opcode Fuzzy Hash: bd37e0dae42185fd40d24df12a44fdb1a5f9eaa70d22f6c1e78af516ea71e1fb
                                                                                                              • Instruction Fuzzy Hash: 94B1127150C3918BD328CF18D59076FBBE2BBC5B08F11491CE8A967391DB34EA49CB96
                                                                                                              Function 02C70554 Relevance: 2.6, Strings: 2, Instructions: 125COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 4`[b$4`[b
                                                                                                              • API String ID: 0-3640500014
                                                                                                              • Opcode ID: 60f35ddd4fcb996abdc100b50a5848368632ce6a2618e1961eac4f2a27bc8584
                                                                                                              • Instruction ID: 3a6e20c842ec983c2a3d26bb973785603ccae3ff1df904242f46a11714c047b4
                                                                                                              • Opcode Fuzzy Hash: 60f35ddd4fcb996abdc100b50a5848368632ce6a2618e1961eac4f2a27bc8584
                                                                                                              • Instruction Fuzzy Hash: 91417EB6E1061A8BDB1CCF54C8A0ABEB772FFC9321F29552CC55267754C730AA01CB98
                                                                                                              Function 02C72380 Relevance: 2.0, Strings: 1, Instructions: 729COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 48fa
                                                                                                              • API String ID: 0-2103941421
                                                                                                              • Opcode ID: bde2053d109b3c72a71e8fb8a13e13c96a2c32a839ea2abb8215c9fdb9af428f
                                                                                                              • Instruction ID: 986bfa689b3c1e9492f6613c9e6960c8c9fef080a0bff5d1d3a80debb28b2112
                                                                                                              • Opcode Fuzzy Hash: bde2053d109b3c72a71e8fb8a13e13c96a2c32a839ea2abb8215c9fdb9af428f
                                                                                                              • Instruction Fuzzy Hash: 8F32D232A08251CFC708CF28D8A066EB7F2FFC9314F198A6DD996A7355D731A915CB81
                                                                                                              Function 02C72262 Relevance: 2.0, Strings: 1, Instructions: 718COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 48fa
                                                                                                              • API String ID: 0-2103941421
                                                                                                              • Opcode ID: 20e5815c15014806ed7587590dacf1fc4a35694c7c3744910a17d059f14d68cb
                                                                                                              • Instruction ID: aa7955d730e8a0203830c4157951027ddc8fd97872362d96e6e7d32e9d7d00d5
                                                                                                              • Opcode Fuzzy Hash: 20e5815c15014806ed7587590dacf1fc4a35694c7c3744910a17d059f14d68cb
                                                                                                              • Instruction Fuzzy Hash: 8A32D036A08211CFC704CF28D49066EB7F2FFC9314F198AADD999A7355D731A925CB82
                                                                                                              Function 02C6D630 Relevance: 1.9, Strings: 1, Instructions: 633COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: f
                                                                                                              • API String ID: 0-1993550816
                                                                                                              • Opcode ID: 60005b4fa2376ceaae6ecf28c54b62ddc4871fcaa22356efd124a688b08bc52f
                                                                                                              • Instruction ID: b95b82b174207e8da7b18d756bb6a2a6985d8927a5afcbb50f33852aba4476ce
                                                                                                              • Opcode Fuzzy Hash: 60005b4fa2376ceaae6ecf28c54b62ddc4871fcaa22356efd124a688b08bc52f
                                                                                                              • Instruction Fuzzy Hash: 12329B716083419FC715CF29C8D4B2ABBE2EFC8318F188A2DE49687395D735E945CB92
                                                                                                              Function 02C34EC0 Relevance: 1.8, Strings: 1, Instructions: 551COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: %1.17g
                                                                                                              • API String ID: 0-1551345525
                                                                                                              • Opcode ID: 539639fa26a5195ab459d83ac66ada9bf45b8b8b47e6d014b642c28865758c51
                                                                                                              • Instruction ID: 5b193ed84004b2dc24ad5baa04e540fcbe30242c89e3eb1a7895e1323e072e7f
                                                                                                              • Opcode Fuzzy Hash: 539639fa26a5195ab459d83ac66ada9bf45b8b8b47e6d014b642c28865758c51
                                                                                                              • Instruction Fuzzy Hash: 3E127DB2A083418BD7278E55C440327B7E2BFD8398F9D8D6DD8994B341E7B5D905C781
                                                                                                              Function 02C52200 Relevance: 1.8, APIs: 1, Instructions: 257comCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • CoCreateInstance.OLE32(02C76BA0,00000000,00000001,02C76B90), ref: 02C52229
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateInstance
                                                                                                              • String ID:
                                                                                                              • API String ID: 542301482-0
                                                                                                              • Opcode ID: eadb2f9e7b8008b8a4dc49203d9c874bbcef087973bd61e1beee696d9333c783
                                                                                                              • Instruction ID: 9351b3d1ab9801396cefa920a332203c53c1e3447780435c05298f508e7a8435
                                                                                                              • Opcode Fuzzy Hash: eadb2f9e7b8008b8a4dc49203d9c874bbcef087973bd61e1beee696d9333c783
                                                                                                              • Instruction Fuzzy Hash: 8461EFB16003149BDB209F64CC95BAB33E8EF85368F044958ED8A8B290E775E985C766
                                                                                                              Function 02C4AAC0 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 9bbd045d54eb0a0591d33d9f740fbfa77f5d245b6bf8695b32ff57ed30be0780
                                                                                                              • Instruction ID: bcbc67d08de9888b1fec2f052f6341d53d8fc2651e6fbc35236d1d29c496a55f
                                                                                                              • Opcode Fuzzy Hash: 9bbd045d54eb0a0591d33d9f740fbfa77f5d245b6bf8695b32ff57ed30be0780
                                                                                                              • Instruction Fuzzy Hash: 2F619E72548351CFC720CF28C890A9BB7F1FF8A314F054A58E8AA9B391D731E945DB92
                                                                                                              Function 02C49D22 Relevance: 1.7, Strings: 1, Instructions: 429COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 4`[b
                                                                                                              • API String ID: 0-3962175265
                                                                                                              • Opcode ID: 5ca2820fd9dadf6990ecbc79e78a40701b0bf94e5c8c9a9af17ecd90926a34a4
                                                                                                              • Instruction ID: 2c4b3fbbfe83b439783b7e50471dce3304f90ef1c7d781e56512a6c605f85a8b
                                                                                                              • Opcode Fuzzy Hash: 5ca2820fd9dadf6990ecbc79e78a40701b0bf94e5c8c9a9af17ecd90926a34a4
                                                                                                              • Instruction Fuzzy Hash: F1B1E971508211CBDB19DF24C8A173BB3F2EFD5314F088A6CE5828B395E735A915DB92
                                                                                                              Function 02C5B510 Relevance: 1.7, Strings: 1, Instructions: 414COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: "
                                                                                                              • API String ID: 0-123907689
                                                                                                              • Opcode ID: 9ca36c17f560dc583c782172b9ae7f5a300f49fd9a9337744eaf9c4914b19756
                                                                                                              • Instruction ID: 9b6ed3af241baf7b4be7e026158f344a8295bd6da671d220ad1e057ed4b5ddcc
                                                                                                              • Opcode Fuzzy Hash: 9ca36c17f560dc583c782172b9ae7f5a300f49fd9a9337744eaf9c4914b19756
                                                                                                              • Instruction Fuzzy Hash: D8D12972A083255BD715CE24C49076BBFE6AFC4358F088A2DEC9587385E734DE84CB95
                                                                                                              Function 02C71840 Relevance: 1.7, Strings: 1, Instructions: 411COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: P
                                                                                                              • API String ID: 0-3110715001
                                                                                                              • Opcode ID: e10512a6829860a7fd07763b0844628c44e9ec270e46c04213fcac6410d9495d
                                                                                                              • Instruction ID: afb9fa98d276ad96e9b3137250072b5143a3e95d8a4bf725991e271fafb1daf2
                                                                                                              • Opcode Fuzzy Hash: e10512a6829860a7fd07763b0844628c44e9ec270e46c04213fcac6410d9495d
                                                                                                              • Instruction Fuzzy Hash: D8D1D7725082648FD726CE18949071FB7E1EBC5728F1A8A2CE8B96B394C7B19D46C7C1
                                                                                                              Function 02C71330 Relevance: 1.6, Strings: 1, Instructions: 343COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: {zy
                                                                                                              • API String ID: 0-2415058467
                                                                                                              • Opcode ID: 016762e4dea88ac4c1a9fde93ffad309b72d2d9a180de50fbbd37758c07e4b74
                                                                                                              • Instruction ID: 9677fb9931b7b918003a1365df80d5ce0ee5634d70f5850cce5ab33f656cb9a2
                                                                                                              • Opcode Fuzzy Hash: 016762e4dea88ac4c1a9fde93ffad309b72d2d9a180de50fbbd37758c07e4b74
                                                                                                              • Instruction Fuzzy Hash: 66B1D072A083504BD328DF29DC81B6BB7E6EFC5318F08492DE999C7341E775E9058B92
                                                                                                              Function 02C423B0 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: A
                                                                                                              • API String ID: 0-837457580
                                                                                                              • Opcode ID: 34d2eed3cbd1066b0bdc967201848a3df874e15fd9732b88f2f319ead93d1e20
                                                                                                              • Instruction ID: 688da9daa51b2a4098cb4dadabc58ca2e19cf510dc96b39b28446387c475be54
                                                                                                              • Opcode Fuzzy Hash: 34d2eed3cbd1066b0bdc967201848a3df874e15fd9732b88f2f319ead93d1e20
                                                                                                              • Instruction Fuzzy Hash: 26C138765083809BD328CF28D891B9FBBE2EF85708F14892DE9C987241EB35D945CB57
                                                                                                              Function 02C70FE0 Relevance: 1.5, Strings: 1, Instructions: 274COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 4`[b
                                                                                                              • API String ID: 0-3962175265
                                                                                                              • Opcode ID: 097e5c402fdca5ba0e5876b05e888f2772380f5b1a939ca4e93eb754cca9354d
                                                                                                              • Instruction ID: b78cbbc69171cb9902cc838f0f5c0f958f37e0de1078132cd5d01277927ea776
                                                                                                              • Opcode Fuzzy Hash: 097e5c402fdca5ba0e5876b05e888f2772380f5b1a939ca4e93eb754cca9354d
                                                                                                              • Instruction Fuzzy Hash: 8C81D1716083419BE724CF14DC90B6BB7E6EFC8358F188D2CE99997391E770A950CB92
                                                                                                              Function 02C3A4A0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ,
                                                                                                              • API String ID: 0-3772416878
                                                                                                              • Opcode ID: 1534b9535c00f8d2ea48f6b19659165e18c4af433301a72ffca75c3dbec6447c
                                                                                                              • Instruction ID: 772744049c528e416a38cb3b74e76a8bbf8929bdbdcb0b3af17e82d6b7668e68
                                                                                                              • Opcode Fuzzy Hash: 1534b9535c00f8d2ea48f6b19659165e18c4af433301a72ffca75c3dbec6447c
                                                                                                              • Instruction Fuzzy Hash: EFB14A711087819FC325CF18C88465BFBE0AFA9604F444E2DE5D997782D631EA18CBA7
                                                                                                              Function 02C736A0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID: @
                                                                                                              • API String ID: 2994545307-2766056989
                                                                                                              • Opcode ID: b3ddea0d1a3ca53d9ccbb5af063ad8d3adb02a98e71e82d21843c059c1d55180
                                                                                                              • Instruction ID: 902a72984d14e6ef228788f4c0b3e942475a803b796f637839d0c2a6f734f3d7
                                                                                                              • Opcode Fuzzy Hash: b3ddea0d1a3ca53d9ccbb5af063ad8d3adb02a98e71e82d21843c059c1d55180
                                                                                                              • Instruction Fuzzy Hash: 7631A9B55083448BC314DF18D4C1A2BBBF6FFC9364F15892DE68887291E335E918CB96
                                                                                                              Function 02C3BA90 Relevance: .8, Instructions: 809COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f63a77b745610fe45f65243b0b179b1350dccda77ed11f5986965fa3b61d970b
                                                                                                              • Instruction ID: 1a58efef8cef9e9ab06aac138ce3ff87ab6473b47735b80930b225de2a685a33
                                                                                                              • Opcode Fuzzy Hash: f63a77b745610fe45f65243b0b179b1350dccda77ed11f5986965fa3b61d970b
                                                                                                              • Instruction Fuzzy Hash: 7D42F6326087118BC726DF19D88027EB3E2FFC4718F158E2ED9D697285D735AA51CB82
                                                                                                              Function 02C3AF80 Relevance: .7, Instructions: 670COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 37e54f90b1e743f491b1821a663b8f80dee88dcc7613926e75e6bc9215da5e5b
                                                                                                              • Instruction ID: da6ebb88773e0a2d900f95d6d936b1a8e6ce63bdc2f29eb16607dbe8b3d1951f
                                                                                                              • Opcode Fuzzy Hash: 37e54f90b1e743f491b1821a663b8f80dee88dcc7613926e75e6bc9215da5e5b
                                                                                                              • Instruction Fuzzy Hash: 4852A670908B848FE736CB24C4847A7BBE1EFC1318F144C2DC5DB46A82D379AA85CB56
                                                                                                              Function 02C36F70 Relevance: .7, Instructions: 668COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dd6a18067365e01a6f77ed5db0a260f161c32405b9802bd05d7a07b983164fb8
                                                                                                              • Instruction ID: afc7780ac441481b9056f68505ab3d344771121bd15820e1b3da4dff3440c893
                                                                                                              • Opcode Fuzzy Hash: dd6a18067365e01a6f77ed5db0a260f161c32405b9802bd05d7a07b983164fb8
                                                                                                              • Instruction Fuzzy Hash: E852D2B15083458FCB16CF29C0906AAFBE1FFC9318F198A6DE89957341D735D949CB81
                                                                                                              Function 02C530CB Relevance: .6, Instructions: 624COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e28bf91df0a6a5892dadf683415b2846bc6faa4f7ac46d46b2f5c06bd6e1c86b
                                                                                                              • Instruction ID: df63e01e546ad47b786b6902f9b2ee5bfd77ba4efdb31738b6d4b1eafdc8313a
                                                                                                              • Opcode Fuzzy Hash: e28bf91df0a6a5892dadf683415b2846bc6faa4f7ac46d46b2f5c06bd6e1c86b
                                                                                                              • Instruction Fuzzy Hash: 1B12C071E44256CFDB14CF68D890BAEB7B2FF48351F1589A8D846E7280D734A9A4CF60
                                                                                                              Function 02C37980 Relevance: .6, Instructions: 592COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ee4648cb6c432836a9828ca6e9ee8ed61addb13803aab8ed944b22370f72a396
                                                                                                              • Instruction ID: 4070f6f1ac11305ee8990a9f17eafce24f4db48ab75e66769e306f97530e1b92
                                                                                                              • Opcode Fuzzy Hash: ee4648cb6c432836a9828ca6e9ee8ed61addb13803aab8ed944b22370f72a396
                                                                                                              • Instruction Fuzzy Hash: 553212B0514B118FC36ACF29C59066AFBF2BF85610B505E2ED6978BF90D336B948CB50
                                                                                                              Function 02C70750 Relevance: .5, Instructions: 475COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b3fe5bf5a248296257e38fbdbe79487f3ece7c8d7f71838f03b80825a9d7836e
                                                                                                              • Instruction ID: 82c04978a2c0a06d832c2ab867f956d813ef4ac17c350b5bb5c52b44fe3eb30b
                                                                                                              • Opcode Fuzzy Hash: b3fe5bf5a248296257e38fbdbe79487f3ece7c8d7f71838f03b80825a9d7836e
                                                                                                              • Instruction Fuzzy Hash: 6E02ED35A08391CFC715CF28D0D062AB7E2FF9A314F198E6DD89687391D730A969CB91
                                                                                                              Function 02C726B0 Relevance: .5, Instructions: 467COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 85112579b24e9f9be2184944190f9a2f088abf21a5b0b3ddf3ebf2227af631f2
                                                                                                              • Instruction ID: ef15dd1fbd074af695ba57078edf822377800eb5f9caa0c13fd6aabad567ba9f
                                                                                                              • Opcode Fuzzy Hash: 85112579b24e9f9be2184944190f9a2f088abf21a5b0b3ddf3ebf2227af631f2
                                                                                                              • Instruction Fuzzy Hash: 48F1F576A08211CFDB08CF28C49066EB7B2FFC9314F198A6DD89A67395C731AD15CB91
                                                                                                              Function 02C39F80 Relevance: .4, Instructions: 424COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d5c3c08cd74c75003adddda90d935eb9156ff7235cfe28111bf5b203fa3afef9
                                                                                                              • Instruction ID: b6fb2f5eb0c77ef8438a2052681fd2723a335c3732595a56e6b321f410c45284
                                                                                                              • Opcode Fuzzy Hash: d5c3c08cd74c75003adddda90d935eb9156ff7235cfe28111bf5b203fa3afef9
                                                                                                              • Instruction Fuzzy Hash: 62F1A9712083418FC329CF29C885A2BBBE2EF99304F049D1DE4DA47791E371E958CB96
                                                                                                              Function 02C43D23 Relevance: .4, Instructions: 396COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cdcf2b964c28a2bb1d3a041d22427b5d85781d6f1e2c3738db7fa9a32df7bfe2
                                                                                                              • Instruction ID: 933772c2f591c2571fd7f7934eac98888f72417bb3f3fc94654f693ba91e58db
                                                                                                              • Opcode Fuzzy Hash: cdcf2b964c28a2bb1d3a041d22427b5d85781d6f1e2c3738db7fa9a32df7bfe2
                                                                                                              • Instruction Fuzzy Hash: 64E15AB55183809BD328CF28C880BAFBBE6EFC9704F14896DE489C7251EB35D945CB56
                                                                                                              Function 02C56F10 Relevance: .4, Instructions: 389COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 7b40ec9469ae5d80e9c142cbe9d05646eb9197d6f4560d26a598b3a2637208b7
                                                                                                              • Instruction ID: a4784bebd27974012f7dd8151962943a657649c267e96d9d68c215a898cbb101
                                                                                                              • Opcode Fuzzy Hash: 7b40ec9469ae5d80e9c142cbe9d05646eb9197d6f4560d26a598b3a2637208b7
                                                                                                              • Instruction Fuzzy Hash: 51B1BD71A083518BD710DF28C880B2BF7E2EF95314F14892DE9858B251E735D9C9CB9A
                                                                                                              Function 02C44374 Relevance: .4, Instructions: 379COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e5227e3d759d5e1a1f4152100a01a7192d121574a5d92d5fe6e418da271bccc1
                                                                                                              • Instruction ID: 1fecaecfc464d9c7d7056a26283ec8dc45d6a86c80b0f22ffe16d167cabc213f
                                                                                                              • Opcode Fuzzy Hash: e5227e3d759d5e1a1f4152100a01a7192d121574a5d92d5fe6e418da271bccc1
                                                                                                              • Instruction Fuzzy Hash: 79D10572908311CBC729DF24D880B6B77F6EFC9314F180A6DE49697291EB34D955CB82
                                                                                                              Function 02C71D50 Relevance: .3, Instructions: 347COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6214f46ac4153071c70fdbe6c2a5f1d6ca75d79a3c238d38867211fe6798319c
                                                                                                              • Instruction ID: 5d072a78d5734812416e6b15cf1273a379cd8b3b3454cf4d7c0a5d4bdb093786
                                                                                                              • Opcode Fuzzy Hash: 6214f46ac4153071c70fdbe6c2a5f1d6ca75d79a3c238d38867211fe6798319c
                                                                                                              • Instruction Fuzzy Hash: D2D1BA76A08216CFCB04CF68D891AAEB7F1FF89304F1989A9E855E7351D330E954CB91
                                                                                                              Function 02C392C5 Relevance: .3, Instructions: 326COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ccbcac24d8566dca226ec2f50fc968bef9bf8325e9bab42c68c42f266dcec70e
                                                                                                              • Instruction ID: 17cdfa3977ad9b7791f2cbd3e0d1bcd456e13f204f34b3fa0d5ca34cd70c2747
                                                                                                              • Opcode Fuzzy Hash: ccbcac24d8566dca226ec2f50fc968bef9bf8325e9bab42c68c42f266dcec70e
                                                                                                              • Instruction Fuzzy Hash: 93E16674500601DFD764CF29C458B46BBF2BF48314F088A6DE58A8BB52D375EAA8DF90
                                                                                                              Function 02C52D6A Relevance: .3, Instructions: 315COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f4e63ac2a596df99d346da5e4fc5575c45b14a3d92ff568c4b376ef54bb996a8
                                                                                                              • Instruction ID: c96efccac0f892dcf894c3eb15b1c4deabff06645db2c14b7323525e8727b9ab
                                                                                                              • Opcode Fuzzy Hash: f4e63ac2a596df99d346da5e4fc5575c45b14a3d92ff568c4b376ef54bb996a8
                                                                                                              • Instruction Fuzzy Hash: DFA1D3B1E00269CBDB24CFA8C890BAEBBB1FF85304F148599D855EB341D7319986CF94
                                                                                                              Function 02C73DE0 Relevance: .3, Instructions: 304COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0882afafdf8b2e2ff504458fe8d04984ce55459e2f942b0e26c7e81279bf468b
                                                                                                              • Instruction ID: d10a7bfa393efbd6b1e86ed3b038254113c0efda6beb8ae78d5901a26a9c989e
                                                                                                              • Opcode Fuzzy Hash: 0882afafdf8b2e2ff504458fe8d04984ce55459e2f942b0e26c7e81279bf468b
                                                                                                              • Instruction Fuzzy Hash: B691BE752083829FC724DF18D880A2AB3F2EFC8754F18896CE9858B355E731ED51DB92
                                                                                                              Function 02C74110 Relevance: .3, Instructions: 287COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 16ec13ba478654115dae39bd795ca29c32824813c968888b6ffed33d4e6607a8
                                                                                                              • Instruction ID: 43afee40090c126f654e703c3cc3d0dd107ccbbca2c3b66b2ea2ada24fcc3b4a
                                                                                                              • Opcode Fuzzy Hash: 16ec13ba478654115dae39bd795ca29c32824813c968888b6ffed33d4e6607a8
                                                                                                              • Instruction Fuzzy Hash: 6B81BD716083419BD728DF18E880A2BBBF2FFD5304F15892CE9998B351D731E955CB92
                                                                                                              Function 02C737E0 Relevance: .3, Instructions: 281COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 28cdf2e955e32a59922bacdd7a7b6408cf6ef00971eb75c151011e15a63c6529
                                                                                                              • Instruction ID: 39714458309234d8ba6f2250d8272b0fa71ca1f866cffd0bd2a1cc2ac2284fef
                                                                                                              • Opcode Fuzzy Hash: 28cdf2e955e32a59922bacdd7a7b6408cf6ef00971eb75c151011e15a63c6529
                                                                                                              • Instruction Fuzzy Hash: 3691B0746083819BD311DF28C880A2BB7E2EFC4764F18C9ADE8C59B365D731E851DB92
                                                                                                              Function 02C73AF0 Relevance: .3, Instructions: 278COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e3b074b9fb0a4457d7c8ca02acbad55976dbdc3f178dc083ff245854115cc4aa
                                                                                                              • Instruction ID: 9afcd9e15e6f79f7cc5dc909c3b41a6ea9df5c87a65efda06c96230397139d71
                                                                                                              • Opcode Fuzzy Hash: e3b074b9fb0a4457d7c8ca02acbad55976dbdc3f178dc083ff245854115cc4aa
                                                                                                              • Instruction Fuzzy Hash: C691FF746083918BD728DF18C480A2BB3A2FFD8714F1989ACE9864B355E731E951DB82
                                                                                                              Function 02C58E63 Relevance: .3, Instructions: 263COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bf2aa217ebe77588713f2a726c3e0a4d9a5eb1e2abce5d6bb41eb40740f029a5
                                                                                                              • Instruction ID: 303276227fcf7228b76cb72dfe250dd559a973a31fdc9a4e73186ee50a202702
                                                                                                              • Opcode Fuzzy Hash: bf2aa217ebe77588713f2a726c3e0a4d9a5eb1e2abce5d6bb41eb40740f029a5
                                                                                                              • Instruction Fuzzy Hash: 97911631948394DFD7148F38984035A7BE2EF8A324F098BADE9A55B2D1D731DE94CB81
                                                                                                              Function 02C53640 Relevance: .3, Instructions: 257COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 270d9e43cbf77a9d138b5ceaa942952f6488379acb11666d08c2fa0a33519029
                                                                                                              • Instruction ID: 2e51b6bb5e5c64a942f2717ef06cc226d822c90fe87202ffbfa6e5da4056bea3
                                                                                                              • Opcode Fuzzy Hash: 270d9e43cbf77a9d138b5ceaa942952f6488379acb11666d08c2fa0a33519029
                                                                                                              • Instruction Fuzzy Hash: 8781BC70E44156CFDB18CF68D890BAEB7B2FB88351F1589A9D846E7380C730A9A5CF50
                                                                                                              Function 02C53624 Relevance: .3, Instructions: 257COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a6af336cf7d3f8e0cfb4ec4e2a35498c42dbbd46ec69ea3398a0de4776237ea1
                                                                                                              • Instruction ID: 603a3e71de9c3c384a2c6dcea17f2943f0f3360f9d5b560739b51cdf63eab5c5
                                                                                                              • Opcode Fuzzy Hash: a6af336cf7d3f8e0cfb4ec4e2a35498c42dbbd46ec69ea3398a0de4776237ea1
                                                                                                              • Instruction Fuzzy Hash: 8181CB70E44156CFDB18CF68D890BAEB7B2FB88351F1589A9D846E7380C730A9A4CF50
                                                                                                              Function 02C56230 Relevance: .2, Instructions: 250COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8d43af2e3d8e0da42577eb0ed57251ddc4e1a5d7c7798d1be1c0247532a141da
                                                                                                              • Instruction ID: af1c37eb95f2589c43d137c5af47d2e3e09d19a1ac8ed6c30b0e5f911feeb9ec
                                                                                                              • Opcode Fuzzy Hash: 8d43af2e3d8e0da42577eb0ed57251ddc4e1a5d7c7798d1be1c0247532a141da
                                                                                                              • Instruction Fuzzy Hash: 6D819AB05083508BC314DF18C891A2BBBF5EFD5358F549A1DE8C68B361E735D988CB8A
                                                                                                              Function 02C42001 Relevance: .2, Instructions: 199COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b8b12071444cb1722fe9fbbd646eaa67904f132a836ecc959de4573a062cd964
                                                                                                              • Instruction ID: cedbbd33ad80349315c74378817d1fce429f497e7c23b39f15e717553a127d34
                                                                                                              • Opcode Fuzzy Hash: b8b12071444cb1722fe9fbbd646eaa67904f132a836ecc959de4573a062cd964
                                                                                                              • Instruction Fuzzy Hash: FF716BB56183828BD324DF28E991B6BB7F6EB86305F084C2DE485D7241D739D909CB63
                                                                                                              Function 02C6CC30 Relevance: .2, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c7dea81bc45bbf68106d20a3ddaf793a1ec77eaf1b375e41768a07dc6d4fa2b0
                                                                                                              • Instruction ID: 5eb3ff91a5456ebd4a8b0827cbc466a390eee9dab0cef7db8548318367d06d7c
                                                                                                              • Opcode Fuzzy Hash: c7dea81bc45bbf68106d20a3ddaf793a1ec77eaf1b375e41768a07dc6d4fa2b0
                                                                                                              • Instruction Fuzzy Hash: 9F61BC32A093909BC710DE28C8C866BBBE6EFD5754F19891EE8D497351D330EE15CB92
                                                                                                              Function 02C62B60 Relevance: .2, Instructions: 189COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: faa25ddc050b3063a8a4f0fc2cbb0044647d2b15f892d6b5c7de86e2a78acbfc
                                                                                                              • Instruction ID: fae7639e0dd11c3c3db60bb1135fb7a03dd00090f08531a478f7e5e17f30e708
                                                                                                              • Opcode Fuzzy Hash: faa25ddc050b3063a8a4f0fc2cbb0044647d2b15f892d6b5c7de86e2a78acbfc
                                                                                                              • Instruction Fuzzy Hash: F4511636A4DE818BE3288D3D5CA93B66A434BD2330F2D876EDDF28B3D1D9654805C342
                                                                                                              Function 02C67B00 Relevance: .2, Instructions: 189COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d2818a53b562a8d8d139867ab5be757a3c7bb28c2bf908974e3aa663b3f12f80
                                                                                                              • Instruction ID: fcfeeadb268310cbfdadabd679b4c6e8d10efae8f059a843ac7509c82aaab2cc
                                                                                                              • Opcode Fuzzy Hash: d2818a53b562a8d8d139867ab5be757a3c7bb28c2bf908974e3aa663b3f12f80
                                                                                                              • Instruction Fuzzy Hash: 8B5159B16087549FE314DF29D49476BBBE1BBC4318F044E2DE4E987390E779D6088B82
                                                                                                              Function 02C39909 Relevance: .2, Instructions: 175COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b659a33f71228a517c19803842b453b5be9bbb5b554a36091d75b1dc4b0e1c4e
                                                                                                              • Instruction ID: d2054eaa20432caf004422ba713b70f2e52c010084de544f3a187c12e751dc21
                                                                                                              • Opcode Fuzzy Hash: b659a33f71228a517c19803842b453b5be9bbb5b554a36091d75b1dc4b0e1c4e
                                                                                                              • Instruction Fuzzy Hash: 2A812335205B81CFD364CF29C584A52BBE2BF99310F488A5DD8868BB82C771F959CF90
                                                                                                              Function 02C58C5E Relevance: .2, Instructions: 174COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 003aa0cd8d9040f22a04125a2e22f4d8d12c093799e87939308d2c34ca993448
                                                                                                              • Instruction ID: 1328e8a8059838ca44a1e2c33e3410309380481cc14c9e7f2cfb06154ad11028
                                                                                                              • Opcode Fuzzy Hash: 003aa0cd8d9040f22a04125a2e22f4d8d12c093799e87939308d2c34ca993448
                                                                                                              • Instruction Fuzzy Hash: 5951E5716157118FC725CF28C89076ABBE1EFC9314F198A2DE89AC7391DB30E985CB85
                                                                                                              Function 02C35770 Relevance: .2, Instructions: 169COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8f4cb0c6a97202be561aa53f208f76790bd0bbd2fa907a74af6638c9ee3ec635
                                                                                                              • Instruction ID: 0d7c883f37a58a6f4dbbb236be75a69e87953173e5157044c5b87841690e7f85
                                                                                                              • Opcode Fuzzy Hash: 8f4cb0c6a97202be561aa53f208f76790bd0bbd2fa907a74af6638c9ee3ec635
                                                                                                              • Instruction Fuzzy Hash: 9551C1B5A043019FC715DF18C48092AB7E1FFC9368F554A6CE8999B351DB31ED42CB92
                                                                                                              Function 02C3913D Relevance: .2, Instructions: 157COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c529857608f0be036f1235d54aad17ff4e0fab91eb1718037b34acc379034fd3
                                                                                                              • Instruction ID: b13c8df030c5774a8b09a0051c756ad89f507efb11f91afc3e7d66b373de46b7
                                                                                                              • Opcode Fuzzy Hash: c529857608f0be036f1235d54aad17ff4e0fab91eb1718037b34acc379034fd3
                                                                                                              • Instruction Fuzzy Hash: F0519D36A04600CFD728CF29D86036A77A3FBC4318F2E8A7DC24647B81C775A856DB40
                                                                                                              Function 02C40A70 Relevance: .1, Instructions: 126COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 534d77208df51454a822cc607029ed2b05759650490a6164e5e13a060220da93
                                                                                                              • Instruction ID: 29d85c54f6ec9012dadc77b8b7bd1de2b3e66ffd7269684abef02c3be91cc643
                                                                                                              • Opcode Fuzzy Hash: 534d77208df51454a822cc607029ed2b05759650490a6164e5e13a060220da93
                                                                                                              • Instruction Fuzzy Hash: 4741166275C3900FC31CCE7D889022ABAD29BC5224F19873EF1A6C77D1EA74C645D750
                                                                                                              Function 02C60AC0 Relevance: .1, Instructions: 115COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 31ced871314c2253b8577523b1f2aeedcc0d1376e9691763f117d0084d983844
                                                                                                              • Instruction ID: aa6e98bd86d98a0b613d19ad012914853b0acd0e0db28846cb46f5a700c79d35
                                                                                                              • Opcode Fuzzy Hash: 31ced871314c2253b8577523b1f2aeedcc0d1376e9691763f117d0084d983844
                                                                                                              • Instruction Fuzzy Hash: C281F9F02593868BE3B18F51CA8C78FBBE4BBD5708F505E9D94E81A251CB750648CB82
                                                                                                              Function 02C587AA Relevance: .1, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ab2babff33bd3ac6118b67e39872226853aa8cbf970ba94ee2ef4f12ec6b538c
                                                                                                              • Instruction ID: 1d8d2d588859c356215c3972d7b5290f3eb5f6de9a752550dd833182203e078b
                                                                                                              • Opcode Fuzzy Hash: ab2babff33bd3ac6118b67e39872226853aa8cbf970ba94ee2ef4f12ec6b538c
                                                                                                              • Instruction Fuzzy Hash: 8B3169B6A08390CBC311AF58E89175ABBF4EF95709F000E6DE9C58B201E336C994DB57
                                                                                                              Function 02C58B4F Relevance: .1, Instructions: 78COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 42310aaf3ede9c86dc3430a605e0e0f0a52ca84d22bf0e8b78ec55de7bdf758b
                                                                                                              • Instruction ID: bf1fdc399ce6f2a2dfd565ef6faf6313492115191814d87bf56277272ffb484d
                                                                                                              • Opcode Fuzzy Hash: 42310aaf3ede9c86dc3430a605e0e0f0a52ca84d22bf0e8b78ec55de7bdf758b
                                                                                                              • Instruction Fuzzy Hash: F02187B1908390CBC311AF58D890A5BBBF4EF85708F001E2CE9C18B301D33AC995DB56
                                                                                                              Function 02C36BB0 Relevance: .1, Instructions: 76COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ef2e00ac9c5da6bcf805d5ff4a24faa489fceec623ff8f9fcd01979c9d5b00ed
                                                                                                              • Instruction ID: eaa69774202e479c1db0df9ece6efb1f178e1ce3d6e94e0495c86b4ad395384f
                                                                                                              • Opcode Fuzzy Hash: ef2e00ac9c5da6bcf805d5ff4a24faa489fceec623ff8f9fcd01979c9d5b00ed
                                                                                                              • Instruction Fuzzy Hash: 42113A37F24A220BF751CEB6E8C4716A756EBC921476A0E34EE41D7206C732F925D190
                                                                                                              Function 02C657B0 Relevance: .1, Instructions: 64COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                              • Instruction ID: 53814e8c24d5d90f30cf21585da5314451efabe06febe90f61e80686ecd4f5fe
                                                                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                              • Instruction Fuzzy Hash: C4110233A451D04EC3228D3C84845B5BFA30ED7174BE98399E4B89B2D2D6238A8AC350
                                                                                                              Function 02C5AFD0 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 11fdde6e3120968f9835ce1991c723ab0c04d1f205f56e764b90d1801335abc3
                                                                                                              • Instruction ID: fd684bd1b16cf52649d1eb972dc016b13a00aabd78999cc9e1635a2b8d25b31c
                                                                                                              • Opcode Fuzzy Hash: 11fdde6e3120968f9835ce1991c723ab0c04d1f205f56e764b90d1801335abc3
                                                                                                              • Instruction Fuzzy Hash: A401B1F360031147DB219E1198C0B2FBAA96FC8708F08092CDD199B205FB76EE45EAD9
                                                                                                              Function 02C493C0 Relevance: .0, Instructions: 38COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a7ebfe7c9b2f055f3c23c326fc3b2ad9be9a42fa70a070a38dfb9b7e5e8440bc
                                                                                                              • Instruction ID: 4ea45409df17c602377207b78648014845e6fe4786d1c795f6ffe301e737d880
                                                                                                              • Opcode Fuzzy Hash: a7ebfe7c9b2f055f3c23c326fc3b2ad9be9a42fa70a070a38dfb9b7e5e8440bc
                                                                                                              • Instruction Fuzzy Hash: 69F0ECB1A0412067DB328954DCC1F37FBACCBC7254F192415E94657541D5719445C3E5
                                                                                                              Function 02C686C0 Relevance: .0, Instructions: 36COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c2a5cd1840b749a412b3d61370cb4e41c4a01d24e6c1c2b5e6623894b536f429
                                                                                                              • Instruction ID: 4250bafb8fe5e74b94accb2c34979d695909cd694ad4390bf6405627ebf5610c
                                                                                                              • Opcode Fuzzy Hash: c2a5cd1840b749a412b3d61370cb4e41c4a01d24e6c1c2b5e6623894b536f429
                                                                                                              • Instruction Fuzzy Hash: E4F0FEB4D00B00BB8260BF3EC947913BFF8E646260B50562DE89597795E630E8598BD7
                                                                                                              Function 02C6AD90 Relevance: .0, Instructions: 21COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                              • Instruction ID: 7d55cf1ed13d24ab9773afd83f03aa92f598d531b37ff764c569f2cabc7ce46a
                                                                                                              • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                              • Instruction Fuzzy Hash: A3D0A761608321479B74CE19E444977F7F0EBC7B12F89955EF682F3248D730D841C2A9
                                                                                                              Function 02C3E6E5 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: df760e229ae107fde57cb5a9a1969b65ee98563086816aed79493087490a20b5
                                                                                                              • Instruction ID: 23a278391d9f21865de3bb7bc8555c87daedf8a97e8fa92a146dde8eface5754
                                                                                                              • Opcode Fuzzy Hash: df760e229ae107fde57cb5a9a1969b65ee98563086816aed79493087490a20b5
                                                                                                              • Instruction Fuzzy Hash: A4D05E31B5040A4BCB0CCE2CCC515B4B3AAABCB204B09E23AA201DB396EA20E4118644
                                                                                                              Function 02C6C696 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 17a2867feaabaf832bf5f8bf36e2e641c9241cc45a757e7bcea6a985ea0c9326
                                                                                                              • Instruction ID: b83eed6ce08554cb49a8afc48a18b938da9205b05c0cfb218e60285e8480b179
                                                                                                              • Opcode Fuzzy Hash: 17a2867feaabaf832bf5f8bf36e2e641c9241cc45a757e7bcea6a985ea0c9326
                                                                                                              • Instruction Fuzzy Hash: 3B900220E881428682048D009240975E239569B101F20BA008109330055360D817455D
                                                                                                              Function 02C5FDB6 Relevance: 63.2, APIs: 1, Strings: 35, Instructions: 157memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocString
                                                                                                              • String ID: 0$6$9$A$A$C$D$E$E$F$G$I$I$K$M$O$P$Q$S$U$W$Y$[$]$^$_$_$_$h$q$y$y${$}$~
                                                                                                              • API String ID: 2525500382-294067926
                                                                                                              • Opcode ID: 2892ccd40fce733412b2a3c45a611213bf5628d31d529ee12b531d3b90550c9b
                                                                                                              • Instruction ID: 7e84618aeaf7462fed2de44a45649d01f7ffcd10572cb7beb63e0c7e13c41e6e
                                                                                                              • Opcode Fuzzy Hash: 2892ccd40fce733412b2a3c45a611213bf5628d31d529ee12b531d3b90550c9b
                                                                                                              • Instruction Fuzzy Hash: 2DA1917000CBC68ED3368A2884487DBBED16BA6324F084A9DD5EC4A2E2D3B94545DB67
                                                                                                              Function 02C60F0D Relevance: 54.4, APIs: 1, Strings: 30, Instructions: 147memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocString
                                                                                                              • String ID: %$%$'$($0$9$A$A$B$D$E$E$E$E$F$J$P$V$Y$[$\$^$_$_$f$i$l$p$r$t
                                                                                                              • API String ID: 2525500382-3365854356
                                                                                                              • Opcode ID: f16abd313cff75e6c0556b2d75daa1a998fb2aaaa05323db7edd032d5c10053c
                                                                                                              • Instruction ID: c8d04fcc296c90dd3265357cff837c972fbcaa594f2b64a8a7497001e972f824
                                                                                                              • Opcode Fuzzy Hash: f16abd313cff75e6c0556b2d75daa1a998fb2aaaa05323db7edd032d5c10053c
                                                                                                              • Instruction Fuzzy Hash: B091926000C7C18AD362CA3C948875FBFE16BA7228F484B9DE1E94B3D2D7B58545C767
                                                                                                              Function 02C61B6A Relevance: 54.4, APIs: 1, Strings: 30, Instructions: 141memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocString
                                                                                                              • String ID: %$%$'$($0$9$A$A$B$D$E$E$E$E$F$J$P$V$Y$[$\$^$_$_$f$i$l$p$r$t
                                                                                                              • API String ID: 2525500382-3365854356
                                                                                                              • Opcode ID: c2fa59e2ac5ea0d3187d130a5a468ac92cf5706c028eeca5c06cdbef162008f4
                                                                                                              • Instruction ID: 29017f397f886d51d04c9eae713f4ca9391b0230436966a3766b141c733cd6ed
                                                                                                              • Opcode Fuzzy Hash: c2fa59e2ac5ea0d3187d130a5a468ac92cf5706c028eeca5c06cdbef162008f4
                                                                                                              • Instruction Fuzzy Hash: 3481806000CBC18AD322DA3C958875FBFE15BA7228F484B9DE1E94A3D2D3B58545CB67
                                                                                                              Function 02C6263C Relevance: 35.1, APIs: 1, Strings: 19, Instructions: 88COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitVariant
                                                                                                              • String ID: !$#$%$'$-$3$3$9$B$H$I$Q$S$U$W$Y$[$]$_
                                                                                                              • API String ID: 1927566239-378982635
                                                                                                              • Opcode ID: d3b63d9853076de3b5e571f73e221a2277704c665afdce4e5e8eb6595cc6c694
                                                                                                              • Instruction ID: b6d82c95a1544f4c0cc4e81d496c07ee859bd1a8fb1e4c238118f11cb1bfb7e3
                                                                                                              • Opcode Fuzzy Hash: d3b63d9853076de3b5e571f73e221a2277704c665afdce4e5e8eb6595cc6c694
                                                                                                              • Instruction Fuzzy Hash: 8251C17050C3C18AD336CB68D4587DFBAE0AB92314F088D5ED5E96B282C7B94549CB63
                                                                                                              Function 02C61674 Relevance: 35.1, APIs: 1, Strings: 19, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitVariant
                                                                                                              • String ID: !$#$%$'$-$3$3$9$B$H$I$Q$S$U$W$Y$[$]$_
                                                                                                              • API String ID: 1927566239-378982635
                                                                                                              • Opcode ID: bf0c23ed68c976a500fa40e1dae38cf77704f3b5b6c82dd6a40cb7a51aa2a6f5
                                                                                                              • Instruction ID: 9edaea32da2dbead8780e8e5ab11c1b06f9ab3340393a1e9366bccd562f76c0a
                                                                                                              • Opcode Fuzzy Hash: bf0c23ed68c976a500fa40e1dae38cf77704f3b5b6c82dd6a40cb7a51aa2a6f5
                                                                                                              • Instruction Fuzzy Hash: A0419F7010C7C18AD332CB68D55879FBEE06BA2318F488D9ED5D96B282C7B94549CB63
                                                                                                              Function 02C69066 Relevance: 31.7, APIs: 4, Strings: 14, Instructions: 212memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SysAllocString.OLEAUT32(?), ref: 02C68E38
                                                                                                              • SysAllocString.OLEAUT32(?), ref: 02C68EF4
                                                                                                              • SysAllocString.OLEAUT32(?), ref: 02C68F88
                                                                                                              • SysAllocString.OLEAUT32(?), ref: 02C69044
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocString
                                                                                                              • String ID: "_kQ$"_kQ$1[!]$1[!]$9k?m$9k?m$bS3U$bS3U$hKpM$hKpM$l3u5$l3u5$q7bI$q7bI
                                                                                                              • API String ID: 2525500382-2445104418
                                                                                                              • Opcode ID: c1254d5f2ebb463fc0897320c720e2f3d1750baa98d4b3261fda069278390071
                                                                                                              • Instruction ID: 0a3752a36d05e1ff3a0519ec84c71de68a125dd04033183e0f0be9de76cfaca2
                                                                                                              • Opcode Fuzzy Hash: c1254d5f2ebb463fc0897320c720e2f3d1750baa98d4b3261fda069278390071
                                                                                                              • Instruction Fuzzy Hash: 3C81E5B8600642CFD324CF29C494A16FBF2FF59700B259A9DE1868B756D739E885CF84
                                                                                                              Function 02C601B2 Relevance: 26.3, APIs: 2, Strings: 13, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Variant$ClearInit
                                                                                                              • String ID: $#$%$)$+$+$A$F$H$L$P$_$q
                                                                                                              • API String ID: 2610073882-4140598507
                                                                                                              • Opcode ID: 3af54b4cac3f4e5b82f84c284bdd4a7830704e54b24d2a3042f9649970e81b0d
                                                                                                              • Instruction ID: 7e8f1213596c1dd8f71132c09ca25dbf4c8c3b60b304475f75d38b893dd87723
                                                                                                              • Opcode Fuzzy Hash: 3af54b4cac3f4e5b82f84c284bdd4a7830704e54b24d2a3042f9649970e81b0d
                                                                                                              • Instruction Fuzzy Hash: 1641BF7000C7C19ED362DB79948865AFFE06BA6228F481E8DF5E45B3E2C3758549CB63
                                                                                                              Function 02C61E9D Relevance: 26.3, APIs: 2, Strings: 13, Instructions: 79COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Variant$ClearInit
                                                                                                              • String ID: $a$c$e$g$q$s$u$v$w$y${$}
                                                                                                              • API String ID: 2610073882-4032568888
                                                                                                              • Opcode ID: 1ee4fa18b3c7a892eaaec3d00ce8525a5ddd89589d1bea513f066255493f56a4
                                                                                                              • Instruction ID: b5a351479fba0da62804a7be63002b96e3dae89693e9ad92a6bdb9bf5bb3924c
                                                                                                              • Opcode Fuzzy Hash: 1ee4fa18b3c7a892eaaec3d00ce8525a5ddd89589d1bea513f066255493f56a4
                                                                                                              • Instruction Fuzzy Hash: AF41B27040C7C1CEE365DB28C05879BBFE0AB92308F18485CE5D94B392D7BA9548DB63
                                                                                                              Function 02C5F723 Relevance: 22.8, APIs: 2, Strings: 11, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Variant$ClearInit
                                                                                                              • String ID: !$#$%$'$)$+$-$/$9$;$n
                                                                                                              • API String ID: 2610073882-2266243175
                                                                                                              • Opcode ID: c004a19d2c1d1cc4e51f85c7f832b3c7cd6e4a8985053862c07ef26c32b259e2
                                                                                                              • Instruction ID: 13464cd3af1d64f431cbefe761638e5ebafc08243e384c009c745969fe73ee6c
                                                                                                              • Opcode Fuzzy Hash: c004a19d2c1d1cc4e51f85c7f832b3c7cd6e4a8985053862c07ef26c32b259e2
                                                                                                              • Instruction Fuzzy Hash: 9C41A37510C7C18ED3329B28844879BBFE1AF96314F084E9DE4E84B392C7B58549CB63
                                                                                                              Function 02C68DCC Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 108memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SysAllocString.OLEAUT32(?), ref: 02C68E38
                                                                                                              • SysAllocString.OLEAUT32(?), ref: 02C68EF4
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocString
                                                                                                              • String ID: "_kQ$1[!]$9k?m$bS3U$hKpM$l3u5$q7bI
                                                                                                              • API String ID: 2525500382-1023481837
                                                                                                              • Opcode ID: 78ceaab5158ddc987ad61fb18d3bcbdf52b59e4bdc28c3b02f3c7de0c3106dce
                                                                                                              • Instruction ID: 530900c50c8cfd4478a311d6f0c89b4aa39cc2108b74643c7ea6b88336eada1b
                                                                                                              • Opcode Fuzzy Hash: 78ceaab5158ddc987ad61fb18d3bcbdf52b59e4bdc28c3b02f3c7de0c3106dce
                                                                                                              • Instruction Fuzzy Hash: 244118B5600682CFD324CF29C494B56FBF2FF99700B158A9CE1858B752D739E986CB84
                                                                                                              Function 02C5FA4A Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitVariant
                                                                                                              • String ID: R$T$a$b$c$e
                                                                                                              • API String ID: 1927566239-2761824072
                                                                                                              • Opcode ID: 02e12088b435dad1a7e358904c630283bcb45ffeabf3b51945f13a367cfc53dc
                                                                                                              • Instruction ID: 68f8eff2bd63ddc7c4f6e5eb84814c654df2f8d4e5cd650c93f2e084e58d3b21
                                                                                                              • Opcode Fuzzy Hash: 02e12088b435dad1a7e358904c630283bcb45ffeabf3b51945f13a367cfc53dc
                                                                                                              • Instruction Fuzzy Hash: B241F07000C7C18AD332DB68D59879EBBE0AB92714F044E5EE4E99B382C7718648CB63
                                                                                                              Function 02C68915 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • SysAllocString.OLEAUT32(?), ref: 02C688B1
                                                                                                              • SysAllocString.OLEAUT32(?), ref: 02C688C1
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000001.00000002.1962436529.0000000002C31000.00000020.00000400.00020000.00000000.sdmp, Offset: 02C30000, based on PE: true
                                                                                                              • Associated: 00000001.00000002.1962420054.0000000002C30000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962467736.0000000002C75000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962483192.0000000002C78000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000001.00000002.1962500432.0000000002C88000.00000002.00000400.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_1_2_2c30000_BitLockerToGo.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocString
                                                                                                              • String ID: 7o=m$Ig:e
                                                                                                              • API String ID: 2525500382-1610144716
                                                                                                              • Opcode ID: 5fa7e337cf69486fb7ea151b0f19d452349ac33ad17a4fae9681584af98e93a4
                                                                                                              • Instruction ID: f96291b7efd2da6485b4d3a94541bd2569e8d9f356a1306b850271329a7b22f6
                                                                                                              • Opcode Fuzzy Hash: 5fa7e337cf69486fb7ea151b0f19d452349ac33ad17a4fae9681584af98e93a4
                                                                                                              • Instruction Fuzzy Hash: AE3146B8601A42DFE324CF29C594A26FBF1FF69B00B608A4DE1D5C7641C735B865CB80