Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe

Overview

General Information

Sample Name:BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe
Analysis ID:770746
MD5:8f9d4f7768960c59b8011c8c1a52dd63
SHA1:a8648349a9aa90efd315e278786951cedfe711a9
SHA256:b63350aad8b78b989c052c8bdae2ea691108e8e15f4b9b6c864ad86b1c300e36
Tags:94-130-56-29exeFakeBlueTwelveRedLineStealerscr
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Malicious sample detected (through community Yara rule)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Writes to foreign memory regions
Tries to steal Crypto Currency Wallets
Machine Learning detection for sample
Allocates memory in foreign processes
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to launch a process as a different user
Yara detected Credential Stealer
Creates processes with suspicious names
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": "94.130.56.29:14233", "Bot Id": "CryptoTraffic", "Authorization Header": "849e4d47f7252cdc8951ca8bcd961a86"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.258205839.0000000004431000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000001.00000000.253376814.0000000004A02000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Process Memory Space: vbc.exe PID: 5336JoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 1 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                1.0.vbc.exe.4a00000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  1.0.vbc.exe.4a00000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x1a454:$pat14: , CommandLine:
                  • 0x134a3:$v2_1: ListOfProcesses
                  • 0x13282:$v4_3: base64str
                  • 0x13dfb:$v4_4: stringKey
                  • 0x11b63:$v4_5: BytesToStringConverted
                  • 0x10d76:$v4_6: FromBase64
                  • 0x12098:$v4_8: procName
                  • 0x1280f:$v5_5: FileScanning
                  • 0x11d6c:$v5_7: RecordHeaderField
                  • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.44e73d8.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.44e73d8.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0x18854:$pat14: , CommandLine:
                    • 0x118a3:$v2_1: ListOfProcesses
                    • 0x11682:$v4_3: base64str
                    • 0x121fb:$v4_4: stringKey
                    • 0xff63:$v4_5: BytesToStringConverted
                    • 0xf176:$v4_6: FromBase64
                    • 0x10498:$v4_8: procName
                    • 0x10c0f:$v5_5: FileScanning
                    • 0x1016c:$v5_7: RecordHeaderField
                    • 0xfe34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                    0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4513008.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      Click to see the 7 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Snort Signatures

                      Timestamp:94.130.56.29192.168.2.614233497132850353 12/20/22-16:09:28.411763
                      SID:2850353
                      Source Port:14233
                      Destination Port:49713
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.694.130.56.2949713142332850286 12/20/22-16:09:46.337104
                      SID:2850286
                      Source Port:49713
                      Destination Port:14233
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:192.168.2.694.130.56.2949713142332850027 12/20/22-16:09:26.593382
                      SID:2850027
                      Source Port:49713
                      Destination Port:14233
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for URL or domain
                      Source: 94.130.56.29:14233Avira URL Cloud: Label: malware
                      Machine Learning detection for sample
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeJoe Sandbox ML: detected
                      Source: 00000000.00000002.258205839.0000000004431000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "94.130.56.29:14233", "Bot Id": "CryptoTraffic", "Authorization Header": "849e4d47f7252cdc8951ca8bcd961a86"}
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Networking

                      barindex
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2850027 ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.6:49713 -> 94.130.56.29:14233
                      Source: TrafficSnort IDS: 2850286 ETPRO TROJAN Redline Stealer TCP CnC Activity 192.168.2.6:49713 -> 94.130.56.29:14233
                      Source: TrafficSnort IDS: 2850353 ETPRO MALWARE Redline Stealer TCP CnC - Id1Response 94.130.56.29:14233 -> 192.168.2.6:49713
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: 94.130.56.29:14233
                      Source: Joe Sandbox ViewASN Name: HETZNER-ASDE HETZNER-ASDE
                      Source: global trafficTCP traffic: 192.168.2.6:49713 -> 94.130.56.29:14233
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: unknownTCP traffic detected without corresponding DNS query: 94.130.56.29
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                      Source: vbc.exe, 00000001.00000002.341807154.00000000050A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iptc.tc4xmp
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultP
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                      Source: vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                      Source: vbc.exe, 00000001.00000002.345096258.0000000006D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                      Source: vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Responsex
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.345096258.0000000006D89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Responseiox
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                      Source: vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4idx
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                      Source: vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                      Source: vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe, 00000000.00000002.258205839.0000000004431000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000000.253376814.0000000004A02000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                      Source: vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: vbc.exe, 00000001.00000002.347886491.0000000007CDA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348309619.0000000007D57000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347177798.0000000007BDE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347607150.0000000007C79000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346585809.0000000007AFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.344598612.0000000006CF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.343811839.0000000006C28000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346666909.0000000007B1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.345046023.0000000006D7C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347513723.0000000007C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348925368.0000000007DFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348511736.0000000007D9E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347277522.0000000007BFB000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.349023639.0000000007E1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342782103.0000000006AB6000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: vbc.exe, 00000001.00000002.347886491.0000000007CDA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348309619.0000000007D57000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347177798.0000000007BDE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347607150.0000000007C79000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346585809.0000000007AFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.344598612.0000000006CF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.343811839.0000000006C28000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346666909.0000000007B1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.345046023.0000000006D7C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347513723.0000000007C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348925368.0000000007DFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348511736.0000000007D9E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347277522.0000000007BFB000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.349023639.0000000007E1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342782103.0000000006AB6000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                      Source: vbc.exe, 00000001.00000002.347886491.0000000007CDA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348309619.0000000007D57000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347177798.0000000007BDE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347607150.0000000007C79000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346585809.0000000007AFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.344598612.0000000006CF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.343811839.0000000006C28000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346666909.0000000007B1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.345046023.0000000006D7C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347513723.0000000007C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348925368.0000000007DFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348511736.0000000007D9E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347277522.0000000007BFB000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.349023639.0000000007E1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342782103.0000000006AB6000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                      Source: vbc.exe, 00000001.00000002.347607150.0000000007C79000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346666909.0000000007B1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348511736.0000000007D9E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347277522.0000000007BFB000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.349023639.0000000007E1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                      Source: vbc.exe, 00000001.00000002.347886491.0000000007CDA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348309619.0000000007D57000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347177798.0000000007BDE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347607150.0000000007C79000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346585809.0000000007AFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.344598612.0000000006CF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.343811839.0000000006C28000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346666909.0000000007B1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.345046023.0000000006D7C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347513723.0000000007C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348925368.0000000007DFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348511736.0000000007D9E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347277522.0000000007BFB000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.349023639.0000000007E1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342782103.0000000006AB6000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                      Source: vbc.exe, 00000001.00000002.347886491.0000000007CDA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348309619.0000000007D57000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347177798.0000000007BDE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347607150.0000000007C79000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346585809.0000000007AFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.344598612.0000000006CF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.343811839.0000000006C28000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346666909.0000000007B1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.345046023.0000000006D7C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347513723.0000000007C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348925368.0000000007DFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348511736.0000000007D9E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347277522.0000000007BFB000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.349023639.0000000007E1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342782103.0000000006AB6000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 1.0.vbc.exe.4a00000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.44e73d8.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4513008.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4513008.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.44e73d8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4471420.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 1.0.vbc.exe.4a00000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.44e73d8.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4513008.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4513008.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.44e73d8.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4471420.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeCode function: 0_2_01A8170A0_2_01A8170A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 1_2_04FCF7C81_2_04FCF7C8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 1_2_04FCF3681_2_04FCF368
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeCode function: 0_2_01A859E8 CreateProcessAsUserA,0_2_01A859E8
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe, 00000000.00000002.258205839.0000000004431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInerm.exe< vs BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe, 00000000.00000002.254692721.0000000003431000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInerm.exe< vs BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.logJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/2@0/1
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: 1.0.vbc.exe.4a00000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe, u0097u0011/u009du0011.csCryptographic APIs: 'CreateDecryptor'
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe, u0097u0011/u009du0011.csCryptographic APIs: 'TransformFinalBlock'
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe, u0097u0011/u009du0011.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.0.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.f90000.0.unpack, u0097u0011/u009du0011.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.0.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.f90000.0.unpack, u0097u0011/u009du0011.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.0.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.f90000.0.unpack, u0097u0011/u009du0011.csCryptographic APIs: 'TransformFinalBlock'
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Data Obfuscation

                      barindex
                      .NET source code contains potential unpacker
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe, u0082u0093/u0088u0093.cs.Net Code: ?? System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 0.0.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.f90000.0.unpack, u0082u0093/u0088u0093.cs.Net Code: ?? System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeCode function: 0_2_01A852D8 pushad ; ret 0_2_01A852D9
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.643173971416759
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeFile created: \bluetwelve studio information for bloggers stray promotion on youtube 2022.scr.exe
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeFile created: \bluetwelve studio information for bloggers stray promotion on youtube 2022.scr.exeJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe TID: 3200Thread sleep time: -10000000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe TID: 5212Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5384Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 1324Thread sleep count: 1675 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 5456Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeThread delayed: delay time: 10000000Jump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 1675Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeThread delayed: delay time: 10000000Jump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeBinary or memory string: objectmethodInvokenhffskdsfkdfddafrffddhfscffdfhkgfsfdffdhfhddrfahddsshcfchfdgefffkdafsfhddhdshdghfBeginInvokeIAsyncResultAsyncCallbackcallbackEndInvokeresulthfsdkfdhgfshseffdfafffdchfhhfgsffrffdkdffcdshhfdasdfhfcfhfdgfadfdfrsfsshdkfffghhjfdffhfgadsffcrddfffskhjfsfhrgdddffdffffkhsjdfjsdfcffddshdffgfedfkfghjsddddffsfheghddjffffffgjskdgsfacsafpsfhjffkfhgfhjsrfhddfhffadsfsfhsscfgdbddfrjfsffhgdffafcfdssfkfhgjffchkffgahfhfsrddsfsfjjffadsfcfdggfsdehfsgkffjjcfssafdghfffrfddsdgkfffffchkfhrffdfdafgsssffjjffafffffdrdgfhcsdsgkffjjcfhdsfrfgfdsadfsdgkffffgdddfdsfdhfssfdghfhfssddssdfhfddfhhshsfddsdfsdfdshshsdsffdsdsdfsdfsfhsdhffsdssfsshddsfgfsafsdgfsdshsgsfsfdsdgssdaffadssgsfashdsfsgfssadfsdggasdsfdfshsggdsdfafaghssddfdafsadsfdsfsddsjdddfsdsfgdfgfsssdfhjfsdsafdfhgjffddddsgfdgsjsfsddfdfjdffafgdfddsfddjkfdssfdfsgfhfssjfsffdfgsjfadsffffdfhfsfsfsjsffsfdssdjdsdffffsskwssffssdvgsffffsdsgffssfddsxstartupInfoIicdajdfhfdfdffdffssdkfjhdfffdfhffsassdkfshhdffhdfsdhdffdfkdfaffdssdfffhhfhhsdfffdsshfffdhfhffdsffdfshfsdhshhhgfdffffdfsfhsfdfsffhfffdhsfddsffhssffdhdfffhhfdhsdffsfjhffsdffdfdh
                      Source: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeBinary or memory string: hfsdkfdhgfshseffdfafffdch
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 4A00000Jump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 4A02000Jump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 4A1E000Jump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 4A30000Jump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 48C0008Jump to behavior
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 4A00000 protect: page execute and read and writeJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 4A00000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeQueries volume information: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 1.0.vbc.exe.4a00000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.44e73d8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4513008.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4513008.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.44e73d8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4471420.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.258205839.0000000004431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.253376814.0000000004A02000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5336, type: MEMORYSTR
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: Yara matchFile source: 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5336, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 1.0.vbc.exe.4a00000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.44e73d8.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4513008.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4513008.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.44e73d8.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.4471420.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.258205839.0000000004431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000000.253376814.0000000004A02000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5336, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      1
                      Valid Accounts                      		221
                      Windows Management Instrumentation                      		1
                      Valid Accounts                      		1
                      Valid Accounts                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		221
                      Security Software Discovery                      		Remote Services11
                      Archive Collected Data                      		Exfiltration Over Other Network Medium1
                      Encrypted Channel                      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      Access Token Manipulation                      		1
                      Valid Accounts                      		LSASS Memory11
                      Process Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		Exfiltration Over Bluetooth1
                      Non-Standard Port                      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)311
                      Process Injection                      		1
                      Access Token Manipulation                      		Security Account Manager231
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                      Application Layer Protocol                      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                      Disable or Modify Tools                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script231
                      Virtualization/Sandbox Evasion                      		LSA Secrets123
                      System Information Discovery                      		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.common311
                      Process Injection                      		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                      Deobfuscate/Decode Files or Information                      		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job21
                      Obfuscated Files or Information                      		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)12
                      Software Packing                      		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      1.0.vbc.exe.4a00000.0.unpack100%AviraHEUR/AGEN.1252166Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                      http://tempuri.org/0%URL Reputationsafe
                      http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id90%URL Reputationsafe
                      http://tempuri.org/Entity/Id80%URL Reputationsafe
                      http://tempuri.org/Entity/Id50%URL Reputationsafe
                      http://tempuri.org/Entity/Id70%URL Reputationsafe
                      http://tempuri.org/Entity/Id60%URL Reputationsafe
                      http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                      http://iptc.tc4xmp0%URL Reputationsafe
                      http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                      https://api.ip.sb/ip0%URL Reputationsafe
                      https://api.ip.sb/ip0%URL Reputationsafe
                      http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id200%URL Reputationsafe
                      http://tempuri.org/Entity/Id210%URL Reputationsafe
                      http://tempuri.org/Entity/Id220%URL Reputationsafe
                      http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id100%URL Reputationsafe
                      http://tempuri.org/Entity/Id100%URL Reputationsafe
                      http://tempuri.org/Entity/Id110%URL Reputationsafe
                      http://tempuri.org/Entity/Id120%URL Reputationsafe
                      http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id130%URL Reputationsafe
                      http://tempuri.org/Entity/Id140%URL Reputationsafe
                      http://tempuri.org/Entity/Id150%URL Reputationsafe
                      http://tempuri.org/Entity/Id160%URL Reputationsafe
                      http://tempuri.org/Entity/Id170%URL Reputationsafe
                      http://tempuri.org/Entity/Id180%URL Reputationsafe
                      http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id190%URL Reputationsafe
                      http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id17Response0%URL Reputationsafe
                      http://tempuri.org/Entity/Id17Response0%URL Reputationsafe
                      94.130.56.29:14233100%Avira URL Cloudmalware
                      http://tempuri.org/Entity/Id19Responsex1%VirustotalBrowse
                      http://tempuri.org/Entity/Id19Responsex0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      94.130.56.29:14233true
                      • Avira URL Cloud: malware
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2005/02/sc/sctvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2004/08/addressing/faultPvbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/chrome_newtabvbc.exe, 00000001.00000002.347886491.0000000007CDA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348309619.0000000007D57000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347177798.0000000007BDE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347607150.0000000007C79000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346585809.0000000007AFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.344598612.0000000006CF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.343811839.0000000006C28000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346666909.0000000007B1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.345046023.0000000006D7C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347513723.0000000007C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348925368.0000000007DFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348511736.0000000007D9E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347277522.0000000007BFB000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.349023639.0000000007E1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342782103.0000000006AB6000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id12Responsevbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://tempuri.org/vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://tempuri.org/Entity/Id2Responsevbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Entity/Id21Responsevbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id9vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Entity/Id8vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Entity/Id5vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Preparevbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id7vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://tempuri.org/Entity/Id6vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/Entity/Id19Responsevbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensevbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuevbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencevbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/faultvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsatvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Entity/Id15Responsevbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registervbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://iptc.tc4xmpvbc.exe, 00000001.00000002.341807154.00000000050A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://tempuri.org/Entity/Id6Responsevbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://api.ip.sb/ipBlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe, 00000000.00000002.258205839.0000000004431000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000000.253376814.0000000004A02000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2004/04/scvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://tempuri.org/Entity/Id9Responsevbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Entity/Id20vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Entity/Id21vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://tempuri.org/Entity/Id22vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issuevbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Entity/Id1Responsevbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=vbc.exe, 00000001.00000002.347886491.0000000007CDA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348309619.0000000007D57000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347177798.0000000007BDE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347607150.0000000007C79000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346585809.0000000007AFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.344598612.0000000006CF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.343811839.0000000006C28000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346666909.0000000007B1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.345046023.0000000006D7C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347513723.0000000007C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348925368.0000000007DFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348511736.0000000007D9E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347277522.0000000007BFB000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.349023639.0000000007E1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342782103.0000000006AB6000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedvbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Replayvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegovbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressingvbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuevbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trustvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id10vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id11vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id12vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://tempuri.org/Entity/Id16Responsevbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsevbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Entity/Id13vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id14vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id15vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://tempuri.org/Entity/Id16vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/Noncevbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id17vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id18vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id5Responsevbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Entity/Id19vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsvbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Entity/Id10Responsevbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/Renewvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id8Responsevbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2006/02/addressingidentityvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/soap/envelope/vbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://search.yahoo.com?fr=crmas_sfpfvbc.exe, 00000001.00000002.347886491.0000000007CDA000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348309619.0000000007D57000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347177798.0000000007BDE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347607150.0000000007C79000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346585809.0000000007AFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.344598612.0000000006CF0000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.343811839.0000000006C28000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.346666909.0000000007B1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.345046023.0000000006D7C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347513723.0000000007C5C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348925368.0000000007DFE000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348511736.0000000007D9E000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.347277522.0000000007BFB000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.349023639.0000000007E1B000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342782103.0000000006AB6000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.348033092.0000000007CF7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1vbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trustvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbackvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/06/addressingexvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tempuri.org/Entity/Id19Responsexvbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • 1%, Virustotal, Browse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoorvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/Noncevbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsevbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renewvbc.exe, 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://tempuri.org/Entity/Id17Responsevbc.exe, 00000001.00000002.341873161.0000000006951000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000001.00000002.342371127.0000000006A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown

                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                      Public IPs

                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                      94.130.56.29
                                                                                                                                                      		unknownGermany
                                                                                                                                                      		24940HETZNER-ASDEtrue

                                                                                                                                                      General Information

                                                                                                                                                      Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                      Analysis ID:770746
                                                                                                                                                      Start date and time:2022-12-20 16:08:07 +01:00
                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                      Overall analysis duration:0h 7m 53s
                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                      Report type:full
                                                                                                                                                      Sample file name:BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe
                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                      Number of analysed new started processes analysed:12
                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                      Technologies:
                                                                                                                                                      • HCA enabled
                                                                                                                                                      • EGA enabled
                                                                                                                                                      • HDC enabled
                                                                                                                                                      • AMSI enabled
                                                                                                                                                      Analysis Mode:default
                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                      Detection:MAL
                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@3/2@0/1
                                                                                                                                                      EGA Information:
                                                                                                                                                      • Successful, ratio: 50%
                                                                                                                                                      HDC Information:Failed
                                                                                                                                                      HCA Information:
                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                      • Number of executed functions: 114
                                                                                                                                                      • Number of non-executed functions: 4
                                                                                                                                                      Cookbook Comments:
                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                      • Override analysis time to 240s for sample files taking high CPU consumption

                                                                                                                                                      Warnings

                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                      • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com
                                                                                                                                                      • Execution Graph export aborted for target vbc.exe, PID 5336 because it is empty
                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                      Simulations

                                                                                                                                                      Behavior and APIs

                                                                                                                                                      TimeTypeDescription
                                                                                                                                                      16:09:05API Interceptor1x Sleep call for process: BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe modified
                                                                                                                                                      16:09:44API Interceptor10x Sleep call for process: vbc.exe modified

                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                      IPs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      94.130.56.29sXENjXwc4p.exeGet hashmaliciousBrowse

                                                                                                                                                        Domains

                                                                                                                                                        No context

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                        HETZNER-ASDEfile.exeGet hashmaliciousBrowse
                                                                                                                                                        • 136.243.147.81
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                        • 135.181.73.98
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                        • 135.181.73.98
                                                                                                                                                        prog.apkGet hashmaliciousBrowse
                                                                                                                                                        • 144.76.58.8
                                                                                                                                                        https://nto-pilot.com/?lang=enGet hashmaliciousBrowse
                                                                                                                                                        • 138.201.175.76
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                        • 135.181.73.98
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                        • 148.251.234.83
                                                                                                                                                        SU2xrRCA3S.exeGet hashmaliciousBrowse
                                                                                                                                                        • 135.181.73.98
                                                                                                                                                        icKRjsDL47.exeGet hashmaliciousBrowse
                                                                                                                                                        • 135.181.73.98
                                                                                                                                                        h9Gwq0fYVO.exeGet hashmaliciousBrowse
                                                                                                                                                        • 135.181.73.98
                                                                                                                                                        foNMlXr86C.exeGet hashmaliciousBrowse
                                                                                                                                                        • 135.181.73.98
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                        • 95.216.207.27
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                        • 148.251.234.83
                                                                                                                                                        prog.apkGet hashmaliciousBrowse
                                                                                                                                                        • 144.76.58.8
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                        • 176.9.247.226
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                        • 195.201.24.164
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                        • 95.216.207.27
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                        • 195.201.24.164
                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                        • 176.9.247.226
                                                                                                                                                        [Atomic Heart] Personal Contract YouTube partners.scrGet hashmaliciousBrowse
                                                                                                                                                        • 95.217.102.105

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        No context

                                                                                                                                                        Dropped Files

                                                                                                                                                        No context

                                                                                                                                                        Created / dropped Files

                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe.log

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe
                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):517
                                                                                                                                                        Entropy (8bit):5.335306720429945
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhaxzAbDLI4M6:ML9E4Ks2wKDE4KhK3VZ9pKhmsXE4j
                                                                                                                                                        MD5:BB6624785B5CCCA1B27C160A2F19C179
                                                                                                                                                        SHA1:51C3A976DB55F4E09009C1E7663643A2205FBEA5
                                                                                                                                                        SHA-256:CF05D58CFF71D857664AAB4D49D3ABABFD0D59A65303B0FA5B1996C1CD3E66DA
                                                                                                                                                        SHA-512:83C5B206F17844ECE6D3F8330C661A66C76803DF80BDD29780C541963D4693F89947407336D4CDE03F1F902C8F50B64E4F49C1577B99AAB09EDA16F1677CA843
                                                                                                                                                        Malicious:true
                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.log

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):2843
                                                                                                                                                        Entropy (8bit):5.3371553026862095
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHK1HjHK0:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxY
                                                                                                                                                        MD5:9A010D404524B7E80B293AEC6FB4AF7F
                                                                                                                                                        SHA1:B238A081C1D05DA6F76DA2F30C529C4275CCF5CF
                                                                                                                                                        SHA-256:3FF08BA477214E6F51EC1F879A44FC02CBE69A69B072E7B317F337A786B21D63
                                                                                                                                                        SHA-512:C7D0D118BFF6E2EDEF02290FC042556502D99967A37A5EDF98AF905BA66C4C2D2C159594DB3D22B5117EC5AA7DB910313A6370F650B9534D5B17E57378E02E2A
                                                                                                                                                        Malicious:false
                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi

                                                                                                                                                        Static File Info

                                                                                                                                                        General

                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                        Entropy (8bit):7.5400057064748305
                                                                                                                                                        TrID:
                                                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                        File name:BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe
                                                                                                                                                        File size:196608
                                                                                                                                                        MD5:8f9d4f7768960c59b8011c8c1a52dd63
                                                                                                                                                        SHA1:a8648349a9aa90efd315e278786951cedfe711a9
                                                                                                                                                        SHA256:b63350aad8b78b989c052c8bdae2ea691108e8e15f4b9b6c864ad86b1c300e36
                                                                                                                                                        SHA512:0e2f0edae9b7e410e7258de77ab08cc6dff9532c896561a6db50535cb4fb18eaaf26cd26257292355fa69678bb5c3866394e0b1d82c218db1dc6385fec281ca7
                                                                                                                                                        SSDEEP:3072:gY1x8WCRhhuDNmTQhAC38Em9OAQzqkjO1UFag+7DNNvFs0T6O9fjTy3z7mS5Jnfz:Zj8TRm38Em6qkjtYNC0TxfjuHnfWE
                                                                                                                                                        TLSH:2E14C00A77D4EBE3CA6DC5B7F89522B54772DA6E4173D31628C80AE9DFE3780841170A
                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c.....................H........... ........@.. .......................`............@................................

                                                                                                                                                        File Icon

                                                                                                                                                        Icon Hash:e4f4a484a4b098a4

                                                                                                                                                        Static PE Info

                                                                                                                                                        General

                                                                                                                                                        Entrypoint:0x42d502
                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                        Digitally signed:false
                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                        Time Stamp:0x639EEC8B [Sun Dec 18 10:33:47 2022 UTC]
                                                                                                                                                        TLS Callbacks:
                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                        OS Version Major:4
                                                                                                                                                        OS Version Minor:0
                                                                                                                                                        File Version Major:4
                                                                                                                                                        File Version Minor:0
                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                        Entrypoint Preview

                                                                                                                                                        Instruction
                                                                                                                                                        jmp dword ptr [00402000h]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                        Data Directories

                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x2d4b80x4a.text
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2e0000x4567.rsrc
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x340000xc.reloc
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                        Sections

                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                        .text0x20000x2b5080x2b600False0.8513148414985591data7.643173971416759IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                        .rsrc0x2e0000x45670x4600False0.20329241071428572data4.975290046895956IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                        .reloc0x340000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                        Resources

                                                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                                                        RT_ICON0x2e1a40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3543 x 3543 px/m
                                                                                                                                                        RT_ICON0x2e60c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3543 x 3543 px/m
                                                                                                                                                        RT_ICON0x2f6b40x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3543 x 3543 px/m
                                                                                                                                                        RT_GROUP_ICON0x31c5c0x30data
                                                                                                                                                        RT_VERSION0x31c8c0x4f4data
                                                                                                                                                        RT_MANIFEST0x321800x3e7XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (939), with CRLF line terminators

                                                                                                                                                        Imports

                                                                                                                                                        DLLImport
                                                                                                                                                        mscoree.dll_CorExeMain

                                                                                                                                                        Network Behavior

                                                                                                                                                        Snort IDS Alerts

                                                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                        94.130.56.29192.168.2.614233497132850353 12/20/22-16:09:28.411763TCP2850353ETPRO MALWARE Redline Stealer TCP CnC - Id1Response142334971394.130.56.29192.168.2.6
                                                                                                                                                        192.168.2.694.130.56.2949713142332850286 12/20/22-16:09:46.337104TCP2850286ETPRO TROJAN Redline Stealer TCP CnC Activity4971314233192.168.2.694.130.56.29
                                                                                                                                                        192.168.2.694.130.56.2949713142332850027 12/20/22-16:09:26.593382TCP2850027ETPRO TROJAN RedLine Stealer TCP CnC net.tcp Init4971314233192.168.2.694.130.56.29

                                                                                                                                                        Network Port Distribution

                                                                                                                                                        TCP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Dec 20, 2022 16:09:26.168210030 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:26.191246986 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:26.191353083 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:26.593381882 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:26.616084099 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:26.703876019 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:28.387984991 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:28.411762953 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:28.500984907 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:35.779660940 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:35.804711103 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:35.804778099 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:35.804822922 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:35.804864883 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:35.845330954 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:40.703062057 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:40.727485895 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:40.923954010 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.231669903 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.255109072 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.314505100 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.359431982 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.382098913 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.382209063 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.383140087 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.526073933 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.548304081 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.548777103 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.554673910 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.577363968 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.627023935 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.636322021 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.659096003 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.695327997 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.718040943 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.814526081 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.826141119 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.848854065 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.855295897 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.877742052 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.879445076 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.902019024 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:41.928046942 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:41.950807095 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.127120972 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.144467115 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.166603088 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.166656971 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.166793108 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.167325020 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.186016083 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.208868027 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.314588070 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.643757105 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.666199923 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.666223049 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.666239977 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.666302919 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.666367054 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.666377068 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.666378021 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.666445017 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.666455030 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.666460037 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.666474104 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.666491032 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.666521072 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.666613102 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.666654110 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.666759968 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.666877985 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.666949034 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.667093992 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.688668013 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.688695908 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.688714981 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.688806057 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.688806057 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.688884020 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.688941956 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.689035892 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:42.689069986 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.689116955 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.689441919 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.689486980 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.689508915 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.689528942 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.689774990 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.689882994 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.711018085 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.711077929 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.711118937 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.711158037 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.711318970 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.711498976 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:42.711514950 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.012737989 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.012881041 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.013319969 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.013411045 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.035252094 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.035537004 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.035768032 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.035790920 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.035964966 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.036585093 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.036600113 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.036771059 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.037108898 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.037125111 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.040240049 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.040450096 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.040450096 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.040600061 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.040713072 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.062562943 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065092087 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065140009 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065176964 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065216064 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065253019 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065293074 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065329075 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065361023 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065392971 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065426111 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065458059 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065488100 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065519094 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065551043 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065586090 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065618038 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065650940 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065680981 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065697908 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065716028 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065733910 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065764904 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065804005 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065845013 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065887928 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065921068 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065949917 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.065993071 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.066071033 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.066174030 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.066390038 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.066458941 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.088246107 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.088274956 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.088366985 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.090553999 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.090604067 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.090637922 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.090671062 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.090733051 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.090770960 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.090806961 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.090840101 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.090873003 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092117071 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092156887 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092197895 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092303991 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092339039 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092370987 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092391968 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092413902 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092433929 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092456102 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092475891 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.092967033 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.093133926 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.094419956 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094449043 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094465017 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094480991 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094494104 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094508886 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094522953 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094537973 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094552040 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094568014 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094583035 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094597101 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094610929 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094625950 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094816923 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.094893932 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.095069885 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.095169067 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.095184088 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.095390081 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.095406055 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.095993996 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.096199989 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.118216991 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118254900 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118280888 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118304014 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118329048 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118351936 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118376017 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118401051 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118438959 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118463993 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118486881 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118513107 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118536949 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118558884 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118590117 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118618011 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118643999 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118669033 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118707895 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118732929 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118755102 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.118777990 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.119110107 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.119277954 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.119316101 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.119344950 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.119364023 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.119896889 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.120009899 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.141387939 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.141416073 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.141438007 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.141479015 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.141755104 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.141875029 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.141916037 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.141930103 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.142025948 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.142071962 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.142231941 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.142307997 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.142426014 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.142472029 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.142565966 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.142628908 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.142720938 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.142833948 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.143029928 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.143148899 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.143151999 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.143163919 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.143178940 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.143520117 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.143641949 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.143656969 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.143714905 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.143750906 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.143914938 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.144073009 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.144153118 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.144169092 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.144433975 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.144449949 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.165715933 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.165832043 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.166802883 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.168117046 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.177373886 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.200723886 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.303468943 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.326347113 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.424321890 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.541888952 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:44.565175056 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:44.627301931 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:46.311280966 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:46.334907055 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:46.337104082 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:46.360987902 CET142334971394.130.56.29192.168.2.6
                                                                                                                                                        Dec 20, 2022 16:09:46.424325943 CET4971314233192.168.2.694.130.56.29
                                                                                                                                                        Dec 20, 2022 16:09:46.436306000 CET4971314233192.168.2.694.130.56.29

                                                                                                                                                        Statistics

                                                                                                                                                        CPU Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Memory Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                        Behavior

                                                                                                                                                        Click to jump to process

                                                                                                                                                        System Behavior

                                                                                                                                                        General

                                                                                                                                                        Target ID:0
                                                                                                                                                        Start time:16:09:01
                                                                                                                                                        Start date:20/12/2022
                                                                                                                                                        Path:C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Users\user\Desktop\BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube 2022.scr.exe
                                                                                                                                                        Imagebase:0xf90000
                                                                                                                                                        File size:196608 bytes
                                                                                                                                                        MD5 hash:8F9D4F7768960C59B8011C8C1A52DD63
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.258205839.0000000004431000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        Reputation:low

                                                                                                                                                        General

                                                                                                                                                        Target ID:1
                                                                                                                                                        Start time:16:09:05
                                                                                                                                                        Start date:20/12/2022
                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                                                                                                                        Imagebase:0x1a0000
                                                                                                                                                        File size:2688096 bytes
                                                                                                                                                        MD5 hash:B3A917344F5610BEEC562556F11300FA
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.342173195.00000000069DF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.253376814.0000000004A02000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        Reputation:high

                                                                                                                                                        Disassembly

                                                                                                                                                        Reset < >

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:35.5%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                          Signature Coverage:3.5%
                                                                                                                                                          Total number of Nodes:115
                                                                                                                                                          Total number of Limit Nodes:3
                                                                                                                                                          execution_graph 3758 1a805a8 3759 1a805ae 3758->3759 3763 1a81120 3759->3763 3768 1a81130 3759->3768 3760 1a805b8 3764 1a8113f 3763->3764 3773 1a84488 3764->3773 3778 1a84498 3764->3778 3765 1a8115f 3765->3760 3769 1a8113f 3768->3769 3771 1a84488 12 API calls 3769->3771 3772 1a84498 12 API calls 3769->3772 3770 1a8115f 3770->3760 3771->3770 3772->3770 3774 1a844a4 3773->3774 3774->3765 3775 1a844b7 3774->3775 3783 1a8530c 3774->3783 3816 1a85335 3774->3816 3775->3765 3779 1a844a4 3778->3779 3779->3765 3780 1a844b7 3779->3780 3781 1a8530c 12 API calls 3779->3781 3782 1a85335 12 API calls 3779->3782 3780->3765 3781->3779 3782->3779 3784 1a85318 3783->3784 3785 1a8535f 3783->3785 3785->3783 3848 1a859e8 3785->3848 3852 1a859df 3785->3852 3786 1a8546e 3794 1a8575d 3786->3794 3812 1a85ed8 ReadProcessMemory 3786->3812 3813 1a85ee0 ReadProcessMemory 3786->3813 3787 1a857b4 3788 1a857dc 3787->3788 3810 1a861a8 ResumeThread 3787->3810 3811 1a861b0 ResumeThread 3787->3811 3788->3774 3789 1a8554a 3814 1a85fcb VirtualAllocEx 3789->3814 3815 1a85fd0 VirtualAllocEx 3789->3815 3790 1a855c1 3791 1a85603 3790->3791 3804 1a85fcb VirtualAllocEx 3790->3804 3805 1a85fd0 VirtualAllocEx 3790->3805 3791->3794 3802 1a86078 WriteProcessMemory 3791->3802 3803 1a86073 WriteProcessMemory 3791->3803 3792 1a8562c 3793 1a8571c 3792->3793 3798 1a86078 WriteProcessMemory 3792->3798 3799 1a86073 WriteProcessMemory 3792->3799 3800 1a86078 WriteProcessMemory 3793->3800 3801 1a86073 WriteProcessMemory 3793->3801 3795 1a85797 3794->3795 3796 1a85e18 SetThreadContext 3794->3796 3797 1a85e20 SetThreadContext 3794->3797 3795->3787 3806 1a85e18 SetThreadContext 3795->3806 3807 1a85e20 SetThreadContext 3795->3807 3796->3795 3797->3795 3798->3792 3799->3792 3800->3794 3801->3794 3802->3792 3803->3792 3804->3791 3805->3791 3806->3787 3807->3787 3810->3788 3811->3788 3812->3789 3813->3789 3814->3790 3815->3790 3817 1a85344 3816->3817 3832 1a859e8 CreateProcessAsUserA 3817->3832 3833 1a859df CreateProcessAsUserA 3817->3833 3818 1a8546e 3826 1a8575d 3818->3826 3856 1a85ed8 3818->3856 3860 1a85ee0 3818->3860 3819 1a857b4 3820 1a857dc 3819->3820 3878 1a861a8 3819->3878 3881 1a861b0 3819->3881 3820->3774 3821 1a8554a 3863 1a85fcb 3821->3863 3867 1a85fd0 3821->3867 3822 1a855c1 3823 1a85603 3822->3823 3828 1a85fcb VirtualAllocEx 3822->3828 3829 1a85fd0 VirtualAllocEx 3822->3829 3823->3826 3870 1a86073 3823->3870 3874 1a86078 3823->3874 3824 1a8562c 3825 1a8571c 3824->3825 3842 1a86078 WriteProcessMemory 3824->3842 3843 1a86073 WriteProcessMemory 3824->3843 3844 1a86078 WriteProcessMemory 3825->3844 3845 1a86073 WriteProcessMemory 3825->3845 3827 1a85797 3826->3827 3884 1a85e20 3826->3884 3888 1a85e18 3826->3888 3827->3819 3830 1a85e18 SetThreadContext 3827->3830 3831 1a85e20 SetThreadContext 3827->3831 3828->3823 3829->3823 3830->3819 3831->3819 3832->3818 3833->3818 3842->3824 3843->3824 3844->3826 3845->3826 3850 1a85a75 3848->3850 3849 1a85c14 CreateProcessAsUserA 3851 1a85c90 3849->3851 3850->3849 3850->3850 3851->3851 3854 1a85a75 3852->3854 3853 1a85c14 CreateProcessAsUserA 3855 1a85c90 3853->3855 3854->3853 3854->3854 3855->3855 3857 1a85ee0 ReadProcessMemory 3856->3857 3859 1a85f65 3857->3859 3859->3821 3861 1a85f28 ReadProcessMemory 3860->3861 3862 1a85f65 3861->3862 3862->3821 3864 1a85fd0 VirtualAllocEx 3863->3864 3866 1a8604a 3864->3866 3866->3822 3868 1a86013 VirtualAllocEx 3867->3868 3869 1a8604a 3868->3869 3869->3822 3871 1a86078 WriteProcessMemory 3870->3871 3873 1a86114 3871->3873 3873->3824 3875 1a860c3 WriteProcessMemory 3874->3875 3877 1a86114 3875->3877 3877->3824 3879 1a861f1 ResumeThread 3878->3879 3880 1a8621e 3879->3880 3880->3820 3882 1a861f1 ResumeThread 3881->3882 3883 1a8621e 3882->3883 3883->3820 3885 1a85e68 SetThreadContext 3884->3885 3887 1a85ea6 3885->3887 3887->3827 3889 1a85e20 SetThreadContext 3888->3889 3891 1a85ea6 3889->3891 3891->3827 3892 1a80597 3893 1a805ae 3892->3893 3895 1a81120 12 API calls 3893->3895 3896 1a81130 12 API calls 3893->3896 3894 1a805b8 3895->3894 3896->3894

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 01A859E8 Relevance: 1.8, APIs: 1, Instructions: 262processCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 57 1a859e8-1a85a81 59 1a85a83-1a85aa8 57->59 60 1a85ad5-1a85af7 57->60 59->60 63 1a85aaa-1a85aac 59->63 64 1a85af9-1a85b21 60->64 65 1a85b4e-1a85b7e 60->65 66 1a85aae-1a85ab8 63->66 67 1a85acf-1a85ad2 63->67 64->65 72 1a85b23-1a85b25 64->72 74 1a85b80-1a85ba5 65->74 75 1a85bd2-1a85c8e CreateProcessAsUserA 65->75 69 1a85aba 66->69 70 1a85abc-1a85acb 66->70 67->60 69->70 70->70 73 1a85acd 70->73 76 1a85b48-1a85b4b 72->76 77 1a85b27-1a85b31 72->77 73->67 74->75 83 1a85ba7-1a85ba9 74->83 87 1a85c90-1a85c96 75->87 88 1a85c97-1a85d0b 75->88 76->65 78 1a85b33 77->78 79 1a85b35-1a85b44 77->79 78->79 79->79 82 1a85b46 79->82 82->76 85 1a85bab-1a85bb5 83->85 86 1a85bcc-1a85bcf 83->86 89 1a85bb9-1a85bc8 85->89 90 1a85bb7 85->90 86->75 87->88 99 1a85d1b-1a85d1f 88->99 100 1a85d0d-1a85d11 88->100 89->89 91 1a85bca 89->91 90->89 91->86 102 1a85d2f-1a85d33 99->102 103 1a85d21-1a85d25 99->103 100->99 101 1a85d13 100->101 101->99 105 1a85d43-1a85d47 102->105 106 1a85d35-1a85d39 102->106 103->102 104 1a85d27 103->104 104->102 108 1a85d59-1a85d60 105->108 109 1a85d49-1a85d4f 105->109 106->105 107 1a85d3b 106->107 107->105 110 1a85d62-1a85d71 108->110 111 1a85d77 108->111 109->108 110->111 113 1a85d78 111->113 113->113
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessAsUserA.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 01A85C7B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateProcessUser
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2217836671-0
                                                                                                                                                          • Opcode ID: c21d5fcbae12599ef41b43f473d1a8006bf97a2b4f51b4fb2b52c36561c5767c
                                                                                                                                                          • Instruction ID: 25654d96653d6438e713d8d347def2e17717df36a05282d8f13c3ea779ce6314
                                                                                                                                                          • Opcode Fuzzy Hash: c21d5fcbae12599ef41b43f473d1a8006bf97a2b4f51b4fb2b52c36561c5767c
                                                                                                                                                          • Instruction Fuzzy Hash: 12A16871E002198FEB24DFA9C8857DDBBF2FF48314F048169E918A7290DB749989CF91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A8170A Relevance: .4, Instructions: 378COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c7706640319c5f92cb7775cfca1518b72ce7cb01a48845d27651c5eb79471acd
                                                                                                                                                          • Instruction ID: a61c0d06efa6d78c050796726bae05aeb8bb8d51fee391d08165bc22bc0d986d
                                                                                                                                                          • Opcode Fuzzy Hash: c7706640319c5f92cb7775cfca1518b72ce7cb01a48845d27651c5eb79471acd
                                                                                                                                                          • Instruction Fuzzy Hash: E1E17930B002059FDB14EBA8C984BAEBBF2BF85314F158169E506AB795DB70DC46CB85
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A859DF Relevance: 1.8, APIs: 1, Instructions: 263processCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 0 1a859df-1a85a81 2 1a85a83-1a85aa8 0->2 3 1a85ad5-1a85af7 0->3 2->3 6 1a85aaa-1a85aac 2->6 7 1a85af9-1a85b21 3->7 8 1a85b4e-1a85b7e 3->8 9 1a85aae-1a85ab8 6->9 10 1a85acf-1a85ad2 6->10 7->8 15 1a85b23-1a85b25 7->15 17 1a85b80-1a85ba5 8->17 18 1a85bd2-1a85c8e CreateProcessAsUserA 8->18 12 1a85aba 9->12 13 1a85abc-1a85acb 9->13 10->3 12->13 13->13 16 1a85acd 13->16 19 1a85b48-1a85b4b 15->19 20 1a85b27-1a85b31 15->20 16->10 17->18 26 1a85ba7-1a85ba9 17->26 30 1a85c90-1a85c96 18->30 31 1a85c97-1a85d0b 18->31 19->8 21 1a85b33 20->21 22 1a85b35-1a85b44 20->22 21->22 22->22 25 1a85b46 22->25 25->19 28 1a85bab-1a85bb5 26->28 29 1a85bcc-1a85bcf 26->29 32 1a85bb9-1a85bc8 28->32 33 1a85bb7 28->33 29->18 30->31 42 1a85d1b-1a85d1f 31->42 43 1a85d0d-1a85d11 31->43 32->32 34 1a85bca 32->34 33->32 34->29 45 1a85d2f-1a85d33 42->45 46 1a85d21-1a85d25 42->46 43->42 44 1a85d13 43->44 44->42 48 1a85d43-1a85d47 45->48 49 1a85d35-1a85d39 45->49 46->45 47 1a85d27 46->47 47->45 51 1a85d59-1a85d60 48->51 52 1a85d49-1a85d4f 48->52 49->48 50 1a85d3b 49->50 50->48 53 1a85d62-1a85d71 51->53 54 1a85d77 51->54 52->51 53->54 56 1a85d78 54->56 56->56
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessAsUserA.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 01A85C7B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateProcessUser
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2217836671-0
                                                                                                                                                          • Opcode ID: 8d138e32376961e0eba890d7587cbef4b2eec71cd0caada9ad6a7de1bb85e63e
                                                                                                                                                          • Instruction ID: a91e25d44a7b0b91c23587920c94d4b4845102eafed2a875d5fed68500df3b47
                                                                                                                                                          • Opcode Fuzzy Hash: 8d138e32376961e0eba890d7587cbef4b2eec71cd0caada9ad6a7de1bb85e63e
                                                                                                                                                          • Instruction Fuzzy Hash: E4A16971E002198FEB14DFA9C8857DDBBF2FF48314F048569E918A7290DB74998ACF91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A86073 Relevance: 1.6, APIs: 1, Instructions: 66injectionCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 303 1a86073-1a860c9 306 1a860d9-1a86112 WriteProcessMemory 303->306 307 1a860cb-1a860d7 303->307 308 1a8611b-1a8613c 306->308 309 1a86114-1a8611a 306->309 307->306 309->308
                                                                                                                                                          APIs
                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 01A86105
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                                          • Opcode ID: f8d9aae4e183b44506e9091a9c290b98e852b7aae5ace81842c268f903d1d3d9
                                                                                                                                                          • Instruction ID: c13c74dc6810f79d5ff83b04869a8cc2d23a1794599d85377aee401905962a78
                                                                                                                                                          • Opcode Fuzzy Hash: f8d9aae4e183b44506e9091a9c290b98e852b7aae5ace81842c268f903d1d3d9
                                                                                                                                                          • Instruction Fuzzy Hash: 152112B1900359DFDB10CF9AD885BDEBBF4FB48324F00852AE918A3241D778A944CBA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A86078 Relevance: 1.6, APIs: 1, Instructions: 65injectionCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 311 1a86078-1a860c9 313 1a860d9-1a86112 WriteProcessMemory 311->313 314 1a860cb-1a860d7 311->314 315 1a8611b-1a8613c 313->315 316 1a86114-1a8611a 313->316 314->313 316->315
                                                                                                                                                          APIs
                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 01A86105
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                                          • Opcode ID: f2fa89dea0973d8fc52c95d058fc3c2349774e71a19c8689d4b21de7d2820adc
                                                                                                                                                          • Instruction ID: 1cf2fb1979fbcfbd082fbe05c882f1b9e28f8772c93b3a229afc121d1870f647
                                                                                                                                                          • Opcode Fuzzy Hash: f2fa89dea0973d8fc52c95d058fc3c2349774e71a19c8689d4b21de7d2820adc
                                                                                                                                                          • Instruction Fuzzy Hash: 3321E2B5900359DFDB10CF9AD885BDEBBF4FB48324F10852AE918A3241D778A944CBA5
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A85E18 Relevance: 1.6, APIs: 1, Instructions: 61threadinjectionCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 318 1a85e18-1a85e6c 321 1a85e78-1a85ea4 SetThreadContext 318->321 322 1a85e6e-1a85e76 318->322 323 1a85ead-1a85ece 321->323 324 1a85ea6-1a85eac 321->324 322->321 324->323
                                                                                                                                                          APIs
                                                                                                                                                          • SetThreadContext.KERNELBASE(?,00000000), ref: 01A85E97
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContextThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1591575202-0
                                                                                                                                                          • Opcode ID: 4a83c7fc0201108c8209c909dd1e0df2fbe38342984bb2bd36d4be96d363da99
                                                                                                                                                          • Instruction ID: 0081bd00c650ccbad3893c7c26bd5ecd144726dee58df70943d07aa9a9d989e7
                                                                                                                                                          • Opcode Fuzzy Hash: 4a83c7fc0201108c8209c909dd1e0df2fbe38342984bb2bd36d4be96d363da99
                                                                                                                                                          • Instruction Fuzzy Hash: 7F2138B1D002199FDB10DF9AC9857DEFBF4FB48224F04852AE918B3340D778A9448FA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A85ED8 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 326 1a85ed8-1a85f63 ReadProcessMemory 329 1a85f6c-1a85f8d 326->329 330 1a85f65-1a85f6b 326->330 330->329
                                                                                                                                                          APIs
                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 01A85F56
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1726664587-0
                                                                                                                                                          • Opcode ID: c1385de2add5c4a6bf10847af331003c46c0cff1ab6368a44bd18922d7c3e53f
                                                                                                                                                          • Instruction ID: bbd1168bef6ba2f7c78063d76d0994aa5aa63fe99ce61403547a769293c79ac2
                                                                                                                                                          • Opcode Fuzzy Hash: c1385de2add5c4a6bf10847af331003c46c0cff1ab6368a44bd18922d7c3e53f
                                                                                                                                                          • Instruction Fuzzy Hash: 632129B19002499FDB10DF9AC944BDEBBF4EB48320F14842AE918A3240C334A545CFA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A85E20 Relevance: 1.6, APIs: 1, Instructions: 58threadinjectionCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 332 1a85e20-1a85e6c 334 1a85e78-1a85ea4 SetThreadContext 332->334 335 1a85e6e-1a85e76 332->335 336 1a85ead-1a85ece 334->336 337 1a85ea6-1a85eac 334->337 335->334 337->336
                                                                                                                                                          APIs
                                                                                                                                                          • SetThreadContext.KERNELBASE(?,00000000), ref: 01A85E97
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContextThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1591575202-0
                                                                                                                                                          • Opcode ID: 4e7dc388a693388f2c577636d529eb8bd3ccd3f8c1ad2e39b0eb58869d9d1b0b
                                                                                                                                                          • Instruction ID: 09e84c1eb9a4f1c42b4e8d7cf989c487f537bd35733e7d99262cc8a9f0d5ca93
                                                                                                                                                          • Opcode Fuzzy Hash: 4e7dc388a693388f2c577636d529eb8bd3ccd3f8c1ad2e39b0eb58869d9d1b0b
                                                                                                                                                          • Instruction Fuzzy Hash: 6F211AB1D002199FDB10DF9AD9457DEFBF4BB49224F14852AD418B3240D778A9448FA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A85EE0 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 339 1a85ee0-1a85f63 ReadProcessMemory 341 1a85f6c-1a85f8d 339->341 342 1a85f65-1a85f6b 339->342 342->341
                                                                                                                                                          APIs
                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 01A85F56
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1726664587-0
                                                                                                                                                          • Opcode ID: 458f298ca91d04b1e27c16a9d7df1d989da1540d51b0c448cdd1c7d837517f41
                                                                                                                                                          • Instruction ID: 8600e446a3f149a71ea2fe20677f0e43911e9ab137353c9df4d8c017d32c4681
                                                                                                                                                          • Opcode Fuzzy Hash: 458f298ca91d04b1e27c16a9d7df1d989da1540d51b0c448cdd1c7d837517f41
                                                                                                                                                          • Instruction Fuzzy Hash: 432108B1D002499FDB10DF9AC944BDEFBF4FB48324F14842AE968A3250D374A544CFA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A85FCB Relevance: 1.5, APIs: 1, Instructions: 49memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 344 1a85fcb-1a86048 VirtualAllocEx 347 1a8604a-1a86050 344->347 348 1a86051-1a86065 344->348 347->348
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 01A8603B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: cd7566318a67684b958620978ff20032c9850a2b3fa9675b906afbfe0bf52b8c
                                                                                                                                                          • Instruction ID: 2ea4c6f75d19799b9467f56a21f0a62b48204d0f051ad3cc5ca31c65d09696cc
                                                                                                                                                          • Opcode Fuzzy Hash: cd7566318a67684b958620978ff20032c9850a2b3fa9675b906afbfe0bf52b8c
                                                                                                                                                          • Instruction Fuzzy Hash: 671116B6900248DFDB10DF9AD888BDEBFF4EB48324F10841AE528A7250C735A544CFA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A85FD0 Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 350 1a85fd0-1a86048 VirtualAllocEx 352 1a8604a-1a86050 350->352 353 1a86051-1a86065 350->353 352->353
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 01A8603B
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: c550845162641757272a0bff9d81e83ddc05390049548ac1c4f0ff8e9c4f45b0
                                                                                                                                                          • Instruction ID: 9bb2aa2f38809d1f65d150cc8beb9e07c90ef7ca2853e9a61f4bd1a000838f88
                                                                                                                                                          • Opcode Fuzzy Hash: c550845162641757272a0bff9d81e83ddc05390049548ac1c4f0ff8e9c4f45b0
                                                                                                                                                          • Instruction Fuzzy Hash: 1E11F5B5900249DFDB20DF9AD988BDEBFF4FB48324F10841AE528A7250C775A544CFA5
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A861A8 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 355 1a861a8-1a8621c ResumeThread 357 1a8621e-1a86224 355->357 358 1a86225-1a86239 355->358 357->358
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                          • Opcode ID: 68ae611fa300cdffdceb429236f768bafb932d4d7d9df3530b2b56286dab8b26
                                                                                                                                                          • Instruction ID: 95610ad1d2ec8010a25de9eaafda8879443aaa7303721c222741b8085f6ebc8d
                                                                                                                                                          • Opcode Fuzzy Hash: 68ae611fa300cdffdceb429236f768bafb932d4d7d9df3530b2b56286dab8b26
                                                                                                                                                          • Instruction Fuzzy Hash: 801142B5C002488FDB10DF99D588BDEFBF4AB48324F10845AD568A3240D778A944CFA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 01A861B0 Relevance: 1.5, APIs: 1, Instructions: 43threadCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 360 1a861b0-1a8621c ResumeThread 362 1a8621e-1a86224 360->362 363 1a86225-1a86239 360->363 362->363
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.254571563.0000000001A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 01A80000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1a80000_BlueTwelve Studio Information For Bloggers Stray Promotion on YouTube .jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                          • Opcode ID: 8078b331b316a1b3479e349c182136c4806b04a14bf0764083990957c2d626a5
                                                                                                                                                          • Instruction ID: 48e1cb9280e4f55f272b80a1303dce37e322d4de84575af20b942caed4cbc308
                                                                                                                                                          • Opcode Fuzzy Hash: 8078b331b316a1b3479e349c182136c4806b04a14bf0764083990957c2d626a5
                                                                                                                                                          • Instruction Fuzzy Hash: 1E1112B1C002488FDB20DF9AD888BDEFBF8EB48324F10845AD518A3240D774A944CFA1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 04FCF7C8 Relevance: .6, Instructions: 620COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d18fd995398ece869585733cb6db2a4168f6d4185edb0464e017902746ade915
                                                                                                                                                          • Instruction ID: be05c50cb78a6c9205aa578ef54f246f81674d4f2ff79de775a54cf4f22d6134
                                                                                                                                                          • Opcode Fuzzy Hash: d18fd995398ece869585733cb6db2a4168f6d4185edb0464e017902746ade915
                                                                                                                                                          • Instruction Fuzzy Hash: 6B22BE34B042158FDB14DF78D958A6EBBE6EF89214F1544ADE906CB3A2CB34EC06CB51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB0048 Relevance: 34.4, Strings: 27, Instructions: 674COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl$xPvl
                                                                                                                                                          • API String ID: 0-2145305819
                                                                                                                                                          • Opcode ID: 5fa7306b11ff974f4456b9bdddbb9006e790f4fbdca54c87231a5fe7af753a97
                                                                                                                                                          • Instruction ID: 6b30f0c4c530a580e6377aa410149fb1a6e47f74ca84796f975c242b3720d564
                                                                                                                                                          • Opcode Fuzzy Hash: 5fa7306b11ff974f4456b9bdddbb9006e790f4fbdca54c87231a5fe7af753a97
                                                                                                                                                          • Instruction Fuzzy Hash: 5D4298703006148FCB64AF78D550A6EB3A2FF86B19F01495CDA43AF791CB79EC458B86
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB3EE5 Relevance: 3.9, Strings: 3, Instructions: 198COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: <C$<C$<C
                                                                                                                                                          • API String ID: 0-3161134618
                                                                                                                                                          • Opcode ID: 7d19ba971831f6788ccb8a283f8bba502f2d1b88be0110b40790da88233424b2
                                                                                                                                                          • Instruction ID: 28fe4082e1cfb2f29b5f290e96c733228083d4b3213537266f39ff714cb32065
                                                                                                                                                          • Opcode Fuzzy Hash: 7d19ba971831f6788ccb8a283f8bba502f2d1b88be0110b40790da88233424b2
                                                                                                                                                          • Instruction Fuzzy Hash: E5711975B442088FCB04DFA8C8949ADBBFAEF89704B15409AE601DF3B2DB75ED458B50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCEAD8 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,~g$ (l
                                                                                                                                                          • API String ID: 0-3280312248
                                                                                                                                                          • Opcode ID: 25be241536c6e37e13eaa18f84a7ebd31f8a5d34c3abaaab30a1d7187648baf6
                                                                                                                                                          • Instruction ID: d8b1c6f3e60d126359dd2bac13292a4e7be0e2fb9e081d9e481f08c08edf89df
                                                                                                                                                          • Opcode Fuzzy Hash: 25be241536c6e37e13eaa18f84a7ebd31f8a5d34c3abaaab30a1d7187648baf6
                                                                                                                                                          • Instruction Fuzzy Hash: 1EE14B34A0020ADFCB14DF65D698A9DBBB2FF89314F158569E9069B3A1DB30FC46CB50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB14DA Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: xPvl$xPvl
                                                                                                                                                          • API String ID: 0-3285020817
                                                                                                                                                          • Opcode ID: 9857850d461dbb15c4e14576656ed74aa49126e687f48042b53e26175d15bf06
                                                                                                                                                          • Instruction ID: 339383c7de9de6fc1db1740845c6a5fbdf668b19803c98312bb2a34d77b8880b
                                                                                                                                                          • Opcode Fuzzy Hash: 9857850d461dbb15c4e14576656ed74aa49126e687f48042b53e26175d15bf06
                                                                                                                                                          • Instruction Fuzzy Hash: 53C1C3347083458FD7148B64C965A7EBBFAAF85B08F15446DE5078F3A2CB74EC418B92
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB482E Relevance: 2.2, Strings: 1, Instructions: 966COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: tA
                                                                                                                                                          • API String ID: 0-743120799
                                                                                                                                                          • Opcode ID: a63d4faa572ea4b1b605ad9c05941d56092a40653e3b5b5aeedc719f275dea6e
                                                                                                                                                          • Instruction ID: de302f0648b06b96fae6fe63ea469a8752c825ffe8b621a3a8941de1cf633040
                                                                                                                                                          • Opcode Fuzzy Hash: a63d4faa572ea4b1b605ad9c05941d56092a40653e3b5b5aeedc719f275dea6e
                                                                                                                                                          • Instruction Fuzzy Hash: 882180397441449FCB01DBA8D885D9EBBB9FF9A610B11408AF5429B3B2C731DC05CB50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC8C08 Relevance: 2.0, Instructions: 1976COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7ab720aa70774b12bd56c3f5892bb980c30dfcd41d55dce9b678be47b93a5efb
                                                                                                                                                          • Instruction ID: 6b6e48c841da7473865ac2b6736f14a96db55dc5f1d6431d315b38bb141a1547
                                                                                                                                                          • Opcode Fuzzy Hash: 7ab720aa70774b12bd56c3f5892bb980c30dfcd41d55dce9b678be47b93a5efb
                                                                                                                                                          • Instruction Fuzzy Hash: 6713EB38D55208DFCF1A9B70E412999B732FF9930AB1085BED81126B69CB3FC952DB41
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC8C18 Relevance: 2.0, Instructions: 1973COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 45e52a83a017ca530046d60f244e74e0ee1b18b312abdb583a0903fe0737fb5e
                                                                                                                                                          • Instruction ID: 40b8e2000427254198d50178d036d4dc4b80b938b197bb9d2ee143010e943a75
                                                                                                                                                          • Opcode Fuzzy Hash: 45e52a83a017ca530046d60f244e74e0ee1b18b312abdb583a0903fe0737fb5e
                                                                                                                                                          • Instruction Fuzzy Hash: 0913EB38D51208DFCF1A9B70E452999B332FF9930AB1085BED81126B69CB3FD952DB41
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC0908 Relevance: 1.5, Strings: 1, Instructions: 298COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: kth^
                                                                                                                                                          • API String ID: 0-2658015146
                                                                                                                                                          • Opcode ID: 6921a0a183445dc310f693792421b8da52297743598e54c58359936369c0fdd5
                                                                                                                                                          • Instruction ID: 00f74f53bee67544f5ec436a59e4d0a6eab56eb3b91d19fc6c18bf4315bd0655
                                                                                                                                                          • Opcode Fuzzy Hash: 6921a0a183445dc310f693792421b8da52297743598e54c58359936369c0fdd5
                                                                                                                                                          • Instruction Fuzzy Hash: 4ED1E274D05229CFEB24DF64C944BDDBBB2EB89304F1095EAC509A7290DB34AA86CF50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC08F8 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: kth^
                                                                                                                                                          • API String ID: 0-2658015146
                                                                                                                                                          • Opcode ID: 7104a4f52a8b70e8e5ea197035904010fd0d3048366a38180d9095fd4a629e2f
                                                                                                                                                          • Instruction ID: 344b12a4993fdfdba709b129c62df67ec4a04271de1d775f2c32f3ce9440fdb5
                                                                                                                                                          • Opcode Fuzzy Hash: 7104a4f52a8b70e8e5ea197035904010fd0d3048366a38180d9095fd4a629e2f
                                                                                                                                                          • Instruction Fuzzy Hash: 1291D074D05228CFEB64DF65C944BDDBBB2EB89304F1085EAD509B7250EB346A86CF60
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCDB80 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (l
                                                                                                                                                          • API String ID: 0-172737615
                                                                                                                                                          • Opcode ID: bccd9ca2c6dd223866af7f6de329ef3d66abbc4b9a0082a7c6ad2b217276b298
                                                                                                                                                          • Instruction ID: f82959d6f155f86c0ba10814af74d0ed9fe87a87a6e628593d6a044a8617b244
                                                                                                                                                          • Opcode Fuzzy Hash: bccd9ca2c6dd223866af7f6de329ef3d66abbc4b9a0082a7c6ad2b217276b298
                                                                                                                                                          • Instruction Fuzzy Hash: 2C718E71E002098FDB14DFA9C5546AEBBF2AFC9304F24856ED805EB391DB70AC46CB51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB1AF8 Relevance: 1.4, Instructions: 1440COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 60dc6b3dace8bf945a181384e4db320bee9ae428fee9e8ca57f81e8d3c1b9ff6
                                                                                                                                                          • Instruction ID: 72dd20c56cb4184fbb755f370f8c06b660d2c13a612913c231b644d607c3857c
                                                                                                                                                          • Opcode Fuzzy Hash: 60dc6b3dace8bf945a181384e4db320bee9ae428fee9e8ca57f81e8d3c1b9ff6
                                                                                                                                                          • Instruction Fuzzy Hash: F4C26E34B042189FDB14DF64C850BEDB7B6EF89704F1080AAE616AB7A1CB71AD85CF51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCEACA Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (l
                                                                                                                                                          • API String ID: 0-172737615
                                                                                                                                                          • Opcode ID: 3f946b03001d3f3ef48128a75ffa6dbc5426ff1374b4bd41191f4de125f2a2b9
                                                                                                                                                          • Instruction ID: a5b973caccf7f994b6992da723ef18370e3c93aaee6456dd71dda85e6343afe5
                                                                                                                                                          • Opcode Fuzzy Hash: 3f946b03001d3f3ef48128a75ffa6dbc5426ff1374b4bd41191f4de125f2a2b9
                                                                                                                                                          • Instruction Fuzzy Hash: F581F774A0020ADFCB14DF65D69899DBBF2FF88314B158569E806AB361DB34EC42CF90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC2B60 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 8cQh
                                                                                                                                                          • API String ID: 0-3196321620
                                                                                                                                                          • Opcode ID: 7db83fd65c52bbcc4417932fe13e0b47f1f1ea8955b2fb22a1e79dfe3e0e9d5c
                                                                                                                                                          • Instruction ID: 44e78164f98affc4becd2b316bf3f676b190606a0296439a3158c138ef4c5cf3
                                                                                                                                                          • Opcode Fuzzy Hash: 7db83fd65c52bbcc4417932fe13e0b47f1f1ea8955b2fb22a1e79dfe3e0e9d5c
                                                                                                                                                          • Instruction Fuzzy Hash: 5A610A30D11208DFCB04EFB8E8548ADBBB2FF8A316B60956DE41677290DF319849CB55
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB4530 Relevance: 1.4, Strings: 1, Instructions: 116COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: <C
                                                                                                                                                          • API String ID: 0-3045115134
                                                                                                                                                          • Opcode ID: a4c96ff971d73e5e6f87a7acb2d814ce2afb8b1475a0d6b882fb220acd75bb8b
                                                                                                                                                          • Instruction ID: 86469d8753fe3a4b864cd5926bbcd61819bb02b268f8f651411edd75e41910a7
                                                                                                                                                          • Opcode Fuzzy Hash: a4c96ff971d73e5e6f87a7acb2d814ce2afb8b1475a0d6b882fb220acd75bb8b
                                                                                                                                                          • Instruction Fuzzy Hash: 8041E775B001149FCB44DF69D998EAABBF5FF8CB14B154069E506DB3A2DB31EC048B60
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC44B8 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 8cQh
                                                                                                                                                          • API String ID: 0-3196321620
                                                                                                                                                          • Opcode ID: 3548320759a560c1f6dd24f8d246528163e3768203aa0eea10205ff3204e4d9b
                                                                                                                                                          • Instruction ID: 64cae4507b5e1e207b957da3826849167f234608d7aff80628bc0678422cdd95
                                                                                                                                                          • Opcode Fuzzy Hash: 3548320759a560c1f6dd24f8d246528163e3768203aa0eea10205ff3204e4d9b
                                                                                                                                                          • Instruction Fuzzy Hash: BF11C6305087448FD315EF79E41856A7FE2DFC6315B15897CD0868B282CF75680A8BA2
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCEF37 Relevance: 1.3, Strings: 1, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,~g
                                                                                                                                                          • API String ID: 0-1173222925
                                                                                                                                                          • Opcode ID: 37fe8447006a1eeb5f1a60dd69d2dbeb293d32f9380222a58432c320d73b13a9
                                                                                                                                                          • Instruction ID: 0901acd0069cd2c948a1ba96cdf25dac0ac35302cedb6fc94dba7900ec149681
                                                                                                                                                          • Opcode Fuzzy Hash: 37fe8447006a1eeb5f1a60dd69d2dbeb293d32f9380222a58432c320d73b13a9
                                                                                                                                                          • Instruction Fuzzy Hash: 270147326093815FC3129B35DA905AB7FE2EFD7164708887ED54ACB292DB30AC0AC761
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC44C8 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 8cQh
                                                                                                                                                          • API String ID: 0-3196321620
                                                                                                                                                          • Opcode ID: 2cb6f6519e86e70b53163990b0237836445817dc1aea33a39a943299e03a8f8c
                                                                                                                                                          • Instruction ID: fe177338e4286aa8aa878681eb29fca1fbfd8ecd41aefe80daa8b7c013fbad9a
                                                                                                                                                          • Opcode Fuzzy Hash: 2cb6f6519e86e70b53163990b0237836445817dc1aea33a39a943299e03a8f8c
                                                                                                                                                          • Instruction Fuzzy Hash: CB0175706047048BD314EF65E51866A77E2EFC5319B11893CD15687781CF75A80A9BE2
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCEF50 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,~g
                                                                                                                                                          • API String ID: 0-1173222925
                                                                                                                                                          • Opcode ID: 16f8ebce58b8f848a31f8fa8a2b3e9942c2a710dc9433083a2dff27d43b1a600
                                                                                                                                                          • Instruction ID: 84f3f793c31e747eec54189d83978732030b23b3f4fc22721637aaf5b8953183
                                                                                                                                                          • Opcode Fuzzy Hash: 16f8ebce58b8f848a31f8fa8a2b3e9942c2a710dc9433083a2dff27d43b1a600
                                                                                                                                                          • Instruction Fuzzy Hash: D6F0F6726003055BD3109F26D68496B73DAEBC5264714883CD60A87241DF31BC09C7A1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB0CE8 Relevance: .6, Instructions: 616COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4e26d14ba4a51e09dcbb73c228c97f0d27b695e5a4cc66b4f37bd24102df4bb6
                                                                                                                                                          • Instruction ID: 4f76c56c6d1c0102e468c9d751366228d411ccea890ed98a0b565dd2570c2c5e
                                                                                                                                                          • Opcode Fuzzy Hash: 4e26d14ba4a51e09dcbb73c228c97f0d27b695e5a4cc66b4f37bd24102df4bb6
                                                                                                                                                          • Instruction Fuzzy Hash: 8022D4347082059FDB158B64C964ABEBBFABF85B14F15846EE5068F7A6CF30DC018B91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB1FC8 Relevance: .6, Instructions: 571COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 83c66107a0f52474b14353b4964677800c32cbe1ce0c9cc72edfba83ca5ce181
                                                                                                                                                          • Instruction ID: 6108bb2cfd1f6543782988ae4df61d3f7c61273b59d8f6c51e29491acc9b3fcf
                                                                                                                                                          • Opcode Fuzzy Hash: 83c66107a0f52474b14353b4964677800c32cbe1ce0c9cc72edfba83ca5ce181
                                                                                                                                                          • Instruction Fuzzy Hash: FC22B2787402189FDB249B14C955BFDB7B6EF88B04F00809AEA165F3A6CB71EC81CB55
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB0043 Relevance: .3, Instructions: 328COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2e406ed2552fe4b903ce2419287739d5c4e4e1e00adf291a3b495a13f8b84376
                                                                                                                                                          • Instruction ID: 1fe3ea017af6a6ba6be111be8fab7984c9d670034aa4303489f70c4bbe82b72b
                                                                                                                                                          • Opcode Fuzzy Hash: 2e406ed2552fe4b903ce2419287739d5c4e4e1e00adf291a3b495a13f8b84376
                                                                                                                                                          • Instruction Fuzzy Hash: 33C19B347002189FEB109F64D995FBE76BAEF89B05F104069EA029F3A6CB75DC41CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB063C Relevance: .3, Instructions: 306COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 26e575f535b4c8236c1a0c0086b84b9c335e81e78d4b9c6420ce3144c1a62a44
                                                                                                                                                          • Instruction ID: 2b2fb308ef22a426bfadf3b3a5bb7a0c2c299b8b510451772c5326bbbbe756a4
                                                                                                                                                          • Opcode Fuzzy Hash: 26e575f535b4c8236c1a0c0086b84b9c335e81e78d4b9c6420ce3144c1a62a44
                                                                                                                                                          • Instruction Fuzzy Hash: 88B1AD34700218DFEB109F64D995FBA76BAEF99B05F004069EA029F3A6CB74DC41CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB06BA Relevance: .3, Instructions: 305COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8614a5f4230c4c9da9a3964203bee0c8f94276bbfca52c6b99125d4b0f6672e7
                                                                                                                                                          • Instruction ID: ddf834dfb970fae96a37330cc15040d1570df443f5c7146c36c6b98697e45344
                                                                                                                                                          • Opcode Fuzzy Hash: 8614a5f4230c4c9da9a3964203bee0c8f94276bbfca52c6b99125d4b0f6672e7
                                                                                                                                                          • Instruction Fuzzy Hash: B9B1AC34700218DFEB109B64D995FBE76BAEF88B05F004069EA029F3A6CB74DC41CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB05CC Relevance: .3, Instructions: 305COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 79eaa96a629027bbecb9c2a187fc46c25911f6c279fba116e2ad29bbc2f10834
                                                                                                                                                          • Instruction ID: acdf1ef9f0d1852be2c88476aebd2d738c4a6225975a54c3684c2e23c2356781
                                                                                                                                                          • Opcode Fuzzy Hash: 79eaa96a629027bbecb9c2a187fc46c25911f6c279fba116e2ad29bbc2f10834
                                                                                                                                                          • Instruction Fuzzy Hash: B2B1AC34700218DFEB109F64D995FBA76BAEF99B05F004069EA029F3A6CB75DC41CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB0555 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 687f5208959b69222f87f8e85cc67debd629f0fa3e02396d0b9b11edae91ec3a
                                                                                                                                                          • Instruction ID: 05aff2ed00becf5f156731f2bcf2773131996f256914b1fdf5013ecd194c247f
                                                                                                                                                          • Opcode Fuzzy Hash: 687f5208959b69222f87f8e85cc67debd629f0fa3e02396d0b9b11edae91ec3a
                                                                                                                                                          • Instruction Fuzzy Hash: 8CB19C347002189FEB109F64D995FBE76BAEF99B05F004069EA029F3A6CB75DC41CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCD968 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c8487651227fd8453ab32a5bcae0a653a0c18e1c178c355828e4c9a650f45feb
                                                                                                                                                          • Instruction ID: 187ab7871a613e2b34f98b69a5b3e0f767d98b818ead39938c6c8d71e99eb768
                                                                                                                                                          • Opcode Fuzzy Hash: c8487651227fd8453ab32a5bcae0a653a0c18e1c178c355828e4c9a650f45feb
                                                                                                                                                          • Instruction Fuzzy Hash: B8511B35A01219EFDF14DFA5EA949ADBBB2FF89314F108029E802A7361DB35AD41CF51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC2541 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b26a62d3591cb063c51706471701bf691c90bd7d7d736fc62b175c51eaa67d67
                                                                                                                                                          • Instruction ID: bfcad7821ae728be1578752e592f97da7b58bf4d654ec7b9ca817161c49aec7d
                                                                                                                                                          • Opcode Fuzzy Hash: b26a62d3591cb063c51706471701bf691c90bd7d7d736fc62b175c51eaa67d67
                                                                                                                                                          • Instruction Fuzzy Hash: 0751DF74E00218CFDB08DFA5E5885ADBBB2FF89305F20816ED819AB355DB35A846CF50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB3430 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 40ae25048ae2b9943eaa7980f111334e43a091a363738d5de90cfd590f829125
                                                                                                                                                          • Instruction ID: 97523927a1cdfce25c43fc798487b9821942a92fd7fd2df13fa35d14ab646e88
                                                                                                                                                          • Opcode Fuzzy Hash: 40ae25048ae2b9943eaa7980f111334e43a091a363738d5de90cfd590f829125
                                                                                                                                                          • Instruction Fuzzy Hash: 87513935B001189FCB14CF69C984DAEBBB6FF89710B158169F905AB362DB31ED05CB60
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCEE99 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9db377a7949e9a76758c53ec3743f6795d2dbe3d1b70144ce98a744db93df199
                                                                                                                                                          • Instruction ID: cce47a1afb5c0a4aae28c7c10a1bb20e88314799c8722e9f124ae4c2339c4131
                                                                                                                                                          • Opcode Fuzzy Hash: 9db377a7949e9a76758c53ec3743f6795d2dbe3d1b70144ce98a744db93df199
                                                                                                                                                          • Instruction Fuzzy Hash: C651D634A0020ADFDB14DFA5DA94A9DBBB2FF88315F158469E905AB361CB35EC42CF50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC2550 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 985252701b1cce34e4c2a8e24256c875c0b186409f0c18b4f80cfc7f7ac467a1
                                                                                                                                                          • Instruction ID: 8d7aa004dd2e10e03c6d21e334c801ef09f542bfbd7cdbe86646c9e911ea0f48
                                                                                                                                                          • Opcode Fuzzy Hash: 985252701b1cce34e4c2a8e24256c875c0b186409f0c18b4f80cfc7f7ac467a1
                                                                                                                                                          • Instruction Fuzzy Hash: C851CF74E00218CFCB18DFA5E5885ADBBB2FF89305F20852ED819AB354DB356846CF50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC6EB6 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 775d875eaf3c8f83d1c0fd9d9d04e55bf4de36082ce65da70d6458ac8881599f
                                                                                                                                                          • Instruction ID: 92f8dfa646b9c0e3f85e701608fb041ca62d8dc68d6c5f3a2ef122f0e109732c
                                                                                                                                                          • Opcode Fuzzy Hash: 775d875eaf3c8f83d1c0fd9d9d04e55bf4de36082ce65da70d6458ac8881599f
                                                                                                                                                          • Instruction Fuzzy Hash: 5A519175B042445FEB059F78D41466D7FB2EF86204F2484AEE946DB381EB34DD06CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB11E8 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: df3270cec1c3ab509cc7bbb1ea91039a407c70be5407c0ba1ca802e94e7f7c39
                                                                                                                                                          • Instruction ID: cf6d062029b00c15f63a09aa2f2eae4a0d8c0ac2622813faa914cbc70092a3e6
                                                                                                                                                          • Opcode Fuzzy Hash: df3270cec1c3ab509cc7bbb1ea91039a407c70be5407c0ba1ca802e94e7f7c39
                                                                                                                                                          • Instruction Fuzzy Hash: 784107347082055FEB505B6898B4B7E76AEAFC9B18F10447EE6028F3A2CFB1DC418751
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCDE60 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5cd24755a3d4fe5e4d171f1830d9b4906e8eecf1d9aae664410836bd9aa8be06
                                                                                                                                                          • Instruction ID: ca9404da30fb8de87260bb9a0c35d3275b3aede4bba7b890f0b84c1d8fdfee39
                                                                                                                                                          • Opcode Fuzzy Hash: 5cd24755a3d4fe5e4d171f1830d9b4906e8eecf1d9aae664410836bd9aa8be06
                                                                                                                                                          • Instruction Fuzzy Hash: 1741BE31B082059FD704DB68D9646BEBBB2EF8A214F1481BED50ADB391DB31AC46C791
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCDB6F Relevance: .1, Instructions: 115COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9daac15cf14b2be92db014ae11b658f07b741e5dba15539d6505f9effb91c212
                                                                                                                                                          • Instruction ID: 5204ef51eee05d1978c95b666ecf8025d199f43f4c78dcb8c4d7f76e05127f93
                                                                                                                                                          • Opcode Fuzzy Hash: 9daac15cf14b2be92db014ae11b658f07b741e5dba15539d6505f9effb91c212
                                                                                                                                                          • Instruction Fuzzy Hash: E4416D71E0074A8BCB15CFA9C9405DEFBF2BF86314F14856AE805BB651E7B0A946CB50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCB090 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fece264351d6e90415797ae8f1a8940a8361416b90a14a55732301eeefacc366
                                                                                                                                                          • Instruction ID: 4d2d3054b31c01311c6622ba6684eec74241cf0ec3b9df1ee0d64be562c9f471
                                                                                                                                                          • Opcode Fuzzy Hash: fece264351d6e90415797ae8f1a8940a8361416b90a14a55732301eeefacc366
                                                                                                                                                          • Instruction Fuzzy Hash: 9241F534B042499FEB04EB79E8167AE7BF2DF85304F0484BDD501DB285DB38A906CB92
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC8360 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d6ad96a65bc5f563104cf3b8b2a98b57de1b9d280bd6f01e3007ca136609a1a0
                                                                                                                                                          • Instruction ID: e59902c6dbfecc45c07948fc3fe0449a4a424f9dbead4ab7926ad63ff0f3612a
                                                                                                                                                          • Opcode Fuzzy Hash: d6ad96a65bc5f563104cf3b8b2a98b57de1b9d280bd6f01e3007ca136609a1a0
                                                                                                                                                          • Instruction Fuzzy Hash: 14315A34B042088FD718EF69C5A8A6E7BF2EF89745F14447CE9029B3A1DB35AC02CB50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCB7F7 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 39c15eb91704e9acde78525f147d7fd0bb777f00a276c989cb051bd6123a77ab
                                                                                                                                                          • Instruction ID: 7b8d1264867c0ed874c77a80d75ad4cbbbb6faf1e2bc0420009f80747f3e87a2
                                                                                                                                                          • Opcode Fuzzy Hash: 39c15eb91704e9acde78525f147d7fd0bb777f00a276c989cb051bd6123a77ab
                                                                                                                                                          • Instruction Fuzzy Hash: 0A31DA31E00B468ADB10EFB9D8416D8B371EFDA320F24872AE44977601EB70B5D9CB84
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC85C8 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5da684931d6b97a47281dd2180e062779bab3df0493d6bdddacbc57472c25370
                                                                                                                                                          • Instruction ID: 1c533e63cfb8aa65e38282ad1770da053151efb1fca9ec4a03eda796941686c5
                                                                                                                                                          • Opcode Fuzzy Hash: 5da684931d6b97a47281dd2180e062779bab3df0493d6bdddacbc57472c25370
                                                                                                                                                          • Instruction Fuzzy Hash: D5212334B083504FC705EB3AA11847E3BE39FC625431948BED606CBB92DF749C068792
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC5638 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 43a12140459afc3e8acd1a9d04ac9daebdd7c9424904f8ab40f9fa309c9c9cf1
                                                                                                                                                          • Instruction ID: 44db6dccff3f3db3343dfc3dab0aab8e39f9c3b621cb5b1c9571c9a2a33ac058
                                                                                                                                                          • Opcode Fuzzy Hash: 43a12140459afc3e8acd1a9d04ac9daebdd7c9424904f8ab40f9fa309c9c9cf1
                                                                                                                                                          • Instruction Fuzzy Hash: 054156B5D08218EFCF01DFA1F90A8ACBFB2FB89311F044068E511A7262D73A5956DF10
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC8350 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: da26d113ec71e1de23763294e45ede9fe5e2c746630065f7fc98cd63122d8880
                                                                                                                                                          • Instruction ID: f938aeed63b38d3ae16dc9ef93b9c4f015adc6ae2ed7a037fd0bdefb419b126f
                                                                                                                                                          • Opcode Fuzzy Hash: da26d113ec71e1de23763294e45ede9fe5e2c746630065f7fc98cd63122d8880
                                                                                                                                                          • Instruction Fuzzy Hash: D6316D34B042498FD714EF29C5A8AAE7BF2EF89351F1454ACE5029B361CB35AC46CF50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCB808 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: da900cab0c2263a1e15aac9528aece721a35adf7ec76a216b90d6f3036a9c77f
                                                                                                                                                          • Instruction ID: a00c3616918cd9e7b11c28273b08ad5c29cb38f2d6f10655d49d10724b8ba068
                                                                                                                                                          • Opcode Fuzzy Hash: da900cab0c2263a1e15aac9528aece721a35adf7ec76a216b90d6f3036a9c77f
                                                                                                                                                          • Instruction Fuzzy Hash: EF316731E00B0A8ACB10EFB9D8416D9B371FF9A324F21872AE55977641EB70B5D4CB94
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC5648 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: efb37b96195efa32ae8f0e29011f0c4eca817ade8633ad86ad2f9e660752a38a
                                                                                                                                                          • Instruction ID: 0a63ab64c40b6aca531b221b8854bed7c8c03bbece44e6f1de872653e9c06390
                                                                                                                                                          • Opcode Fuzzy Hash: efb37b96195efa32ae8f0e29011f0c4eca817ade8633ad86ad2f9e660752a38a
                                                                                                                                                          • Instruction Fuzzy Hash: BB3139B5D08319EFCF01DFA1F94A9ACBBB2FB89311F044428E611A7261DB366956DF10
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC8AD8 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f512b8561af47f14f4f53cdcb15fface4d4e2d3f071310a091028f58c3ead643
                                                                                                                                                          • Instruction ID: 2983f13a47628724bdd57739a5cf577474b1e114ec90b18a016857de387fdce2
                                                                                                                                                          • Opcode Fuzzy Hash: f512b8561af47f14f4f53cdcb15fface4d4e2d3f071310a091028f58c3ead643
                                                                                                                                                          • Instruction Fuzzy Hash: 5C31F431E00606CBCB11AFB9D5242AAB7B1EFC5301B10963EC856A3341EF74B982CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 09AB0FB4 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.351323722.0000000009AB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_9ab0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f1b0ea25261c514a7e88d2d4ee5dd9a2c47cc6ed98a5eb80f3b2ad58fc7356fa
                                                                                                                                                          • Instruction ID: 470889a9f8de36a103356c25240358df730fecb192ebd0e4744983329e5d203e
                                                                                                                                                          • Opcode Fuzzy Hash: f1b0ea25261c514a7e88d2d4ee5dd9a2c47cc6ed98a5eb80f3b2ad58fc7356fa
                                                                                                                                                          • Instruction Fuzzy Hash: BC21F4307082449FDB058B6999209BABBFAEFC5750B1481BBE406CB2A2CB308C01C761
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC8AE8 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 92dd8eca93ee1afd0e35579cfd5ac647320b3cc259e75fc6571ac88ee95e6902
                                                                                                                                                          • Instruction ID: f23a81899f940a75237370882a4835d0f636fe5e12158f1291bb65b7cbf5f07e
                                                                                                                                                          • Opcode Fuzzy Hash: 92dd8eca93ee1afd0e35579cfd5ac647320b3cc259e75fc6571ac88ee95e6902
                                                                                                                                                          • Instruction Fuzzy Hash: 1231B431F00606CBCB14AFB9D5252AAB7B1EFC5315B10962DC816A7341EF75B982CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCF851 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5256633f81417f3b3627cb06b287387a9d152b6bedd2ecc3a31566accf289485
                                                                                                                                                          • Instruction ID: b409c5aa31a24b41cd8bb3d83fb0f0072aa62a4f1cc4d40fd02e158c156bad0a
                                                                                                                                                          • Opcode Fuzzy Hash: 5256633f81417f3b3627cb06b287387a9d152b6bedd2ecc3a31566accf289485
                                                                                                                                                          • Instruction Fuzzy Hash: DD217135B002069FDB11DF65C944AAEBBB2EF86314F14806DE9018B3A2CB31E902CB61
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCBBA0 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3a4b313d010f1d6c0ccdf75beaab1bc5a3ccb1f570d755c8b1a3cf3820530acb
                                                                                                                                                          • Instruction ID: 381bcd3992cbf4092089aaed0333d212979e20bd11b773674116f16fb411afd6
                                                                                                                                                          • Opcode Fuzzy Hash: 3a4b313d010f1d6c0ccdf75beaab1bc5a3ccb1f570d755c8b1a3cf3820530acb
                                                                                                                                                          • Instruction Fuzzy Hash: 5E21A375B08296CBC716EB3BB22B27D3FA5EB53545B05407DE053C6543DE28A807C721
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC403F Relevance: .1, Instructions: 74COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 360d729e80ff797e15522d6cc408c86313694f8f8df2689dfc8398bd09e4ee7a
                                                                                                                                                          • Instruction ID: b2073130a3b72c052c86e8c9a8cffb3238fcf3f4a51c81f437c0a5313e79f370
                                                                                                                                                          • Opcode Fuzzy Hash: 360d729e80ff797e15522d6cc408c86313694f8f8df2689dfc8398bd09e4ee7a
                                                                                                                                                          • Instruction Fuzzy Hash: 4221F5311092940FD705A734939849E3FF3DFD212930929BEC586CF692DE24680B9757
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC5830 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: dab5e0f22552b3d4d29c69a166a7f59e9f6986ad36e236e566dfb8e3b264bd67
                                                                                                                                                          • Instruction ID: e21e52019151004786202447df8930d766bd43e3f04e193d5ce76bbd58a6f8cc
                                                                                                                                                          • Opcode Fuzzy Hash: dab5e0f22552b3d4d29c69a166a7f59e9f6986ad36e236e566dfb8e3b264bd67
                                                                                                                                                          • Instruction Fuzzy Hash: 9D21957020838A8FC721EF24D54489A77E3AF912587058E69D5458F1A5EB70BC4AC792
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCBBB0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d1ae4caf6f7106ec93450cfb00a74a9094910e63c3f2c2b67a60125000d7cc42
                                                                                                                                                          • Instruction ID: 5b1448b48069fc7cbc824e5ad5310bbb564231cb46d9e78fb1795245902cbbf4
                                                                                                                                                          • Opcode Fuzzy Hash: d1ae4caf6f7106ec93450cfb00a74a9094910e63c3f2c2b67a60125000d7cc42
                                                                                                                                                          • Instruction Fuzzy Hash: 57217175B08196CBD719DB3AB22B2793BA5DB93605F04407DE057C7683DF29E8038761
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC4C10 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: be117480893d2fda359a888a24feffd63d3556c158b6e0f8243878338fc264c5
                                                                                                                                                          • Instruction ID: 90b3e55420ac80b411706d9d6432b48cd0bfd68153cd29ac3c84edc52aadc87f
                                                                                                                                                          • Opcode Fuzzy Hash: be117480893d2fda359a888a24feffd63d3556c158b6e0f8243878338fc264c5
                                                                                                                                                          • Instruction Fuzzy Hash: D6313AB6904315EFCB01EFA0FD4A9AD7FB2FB88701F004468E6016B261D73A5966EF51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCD430 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 68bf0a7274ce038e59e65afa7b8f1353030efa8483b0f6f360ad2e1728dbd4e7
                                                                                                                                                          • Instruction ID: f5029d8eec047d7cd1f8427c53ce06c5e141c8837be6d6f6defb1ea47749c6f9
                                                                                                                                                          • Opcode Fuzzy Hash: 68bf0a7274ce038e59e65afa7b8f1353030efa8483b0f6f360ad2e1728dbd4e7
                                                                                                                                                          • Instruction Fuzzy Hash: 1111D3317053809FC7129B39D85866A7BB3EFC2219F1448BED646CB383CAB1AC0AC711
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCC078 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 300ce20f8a1fce728be679c580431ac79fe4937910ae3c3bd5ed30dc744ad3bf
                                                                                                                                                          • Instruction ID: e24ac031bb3ef6d8908d98b760a730cf643f8c1c707edb74fb866f261b210d5f
                                                                                                                                                          • Opcode Fuzzy Hash: 300ce20f8a1fce728be679c580431ac79fe4937910ae3c3bd5ed30dc744ad3bf
                                                                                                                                                          • Instruction Fuzzy Hash: 4C11517070470A9BC700DF35E941A6EB3F6FFC5228B144929D1059B691EB70BD4A87E5
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC11C0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b000b7200ca3724bbc9800c2137970a656bef030db8a12f30275aad3feb62028
                                                                                                                                                          • Instruction ID: fbab66294f33fff4bf690ef78b5bf86e7871f85d1d46148f7e807a9e102cd484
                                                                                                                                                          • Opcode Fuzzy Hash: b000b7200ca3724bbc9800c2137970a656bef030db8a12f30275aad3feb62028
                                                                                                                                                          • Instruction Fuzzy Hash: E121C075E052189BCB04CFA9EA846DDBBB5FF88310F10512AE405B3251EB341941CB24
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC5860 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: aaafe96c375f74c081232c1c61998e43ca7dc7f6d235f9d5d4f2ad0239d1bb5e
                                                                                                                                                          • Instruction ID: fc9ec42341ab15a4683cd3875dacebb74c03f6d38497ce5ea97f3cd5fb62b92f
                                                                                                                                                          • Opcode Fuzzy Hash: aaafe96c375f74c081232c1c61998e43ca7dc7f6d235f9d5d4f2ad0239d1bb5e
                                                                                                                                                          • Instruction Fuzzy Hash: F911287120470EDBC720DF29D58499F73E6EF842687018E28E5558B6A4EB70FD4A87D1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCD450 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6e5a734097aa163f416971ac93271c6e191c39b8e2d41bbe6d6a4a52c613a563
                                                                                                                                                          • Instruction ID: cb911e866013774b5c23222abc8dc22832fb32e8d990404d3bf1676bc262db3a
                                                                                                                                                          • Opcode Fuzzy Hash: 6e5a734097aa163f416971ac93271c6e191c39b8e2d41bbe6d6a4a52c613a563
                                                                                                                                                          • Instruction Fuzzy Hash: 04015B317003009BD715AB76E95872AB7A7EBC621AF14583DEA4687782CFB1FC068750
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC4090 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cee3f81be6d47341520573a75461cac672404e92abd05e31df2eaf10befe86d2
                                                                                                                                                          • Instruction ID: 7b997c87a9fb17ac7eb801cd6f3dd8c4de618ae266e3b9ca69b5bfac4059de17
                                                                                                                                                          • Opcode Fuzzy Hash: cee3f81be6d47341520573a75461cac672404e92abd05e31df2eaf10befe86d2
                                                                                                                                                          • Instruction Fuzzy Hash: B301BC326012154F9688A735E34856E76E7EFC122A349683DC516CB680DF347C0B9796
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCC068 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d101c6a3b3058ba705787733c275c43e4117d87fa7f3467f40cd673c9bda4ee4
                                                                                                                                                          • Instruction ID: bbfeb511578fdb8488440aeb1ee24716db1b9351cf30e1868f722c7e18124e95
                                                                                                                                                          • Opcode Fuzzy Hash: d101c6a3b3058ba705787733c275c43e4117d87fa7f3467f40cd673c9bda4ee4
                                                                                                                                                          • Instruction Fuzzy Hash: 1301F7316047469FC705EF75E84459E7BB6FFC2164B04496AC1058B293EB30A80A87E1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCCBC0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 37ce014be4352cdd6d310fdafad0342f8bff171dcf51a8dfab6defdb86f910e5
                                                                                                                                                          • Instruction ID: 67f66ce05f9507e4e47552df9504c0f4b442949850fb04e7c90d9b8c19eb336d
                                                                                                                                                          • Opcode Fuzzy Hash: 37ce014be4352cdd6d310fdafad0342f8bff171dcf51a8dfab6defdb86f910e5
                                                                                                                                                          • Instruction Fuzzy Hash: 3501BC382046468FC700CF2AE644C9ABBF1EF8421471684ADE546CBB72CBB0E806CB90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC7890 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4ed70b06abf41bc6ce7f46f5ba0c18dbc8efe1d1df72425ce6d9267fb13ba93c
                                                                                                                                                          • Instruction ID: 4f6151c5658b7f94931ef4c9551ba40af72ae1b468da4b6a7d5ab20ed51c3fe6
                                                                                                                                                          • Opcode Fuzzy Hash: 4ed70b06abf41bc6ce7f46f5ba0c18dbc8efe1d1df72425ce6d9267fb13ba93c
                                                                                                                                                          • Instruction Fuzzy Hash: 38F0DC70B0D2845FC701A778A8284693FA6EB8614532904FEDA45CB392DE299C02C762
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC14A8 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fd00eede494ef295c2cfe97f1fcc27a777ef08ce21dfaff0f31dd55288fd93fd
                                                                                                                                                          • Instruction ID: 58254e4de362b6d1c7f2868f44097a28f66403f8f6c7a7e8dc7b53bd3003e253
                                                                                                                                                          • Opcode Fuzzy Hash: fd00eede494ef295c2cfe97f1fcc27a777ef08ce21dfaff0f31dd55288fd93fd
                                                                                                                                                          • Instruction Fuzzy Hash: DB01E5B4D0824ADFCB01DFA4D6442AEBFB0FB09301F2045AAC405A3341E3345B55CFA0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC6CD0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a62262a5da3100b545c9201101d043ba32b97d3bc5ae69fe1cce6354c9da1ee0
                                                                                                                                                          • Instruction ID: cd247bea65e993abb3985a3065dda3bd6a450c79187b356e39a13258628f4f63
                                                                                                                                                          • Opcode Fuzzy Hash: a62262a5da3100b545c9201101d043ba32b97d3bc5ae69fe1cce6354c9da1ee0
                                                                                                                                                          • Instruction Fuzzy Hash: 3C0181757082889FC741DB78C8188693FB6EF5620471544FEE945CB362DA36DC12CB51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCEFD0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a746b021d38df97970f91aedb9857fea4965b576d2dc6b6e802e992f8871c6ae
                                                                                                                                                          • Instruction ID: 5ffbb3f01eccf61e9e66fdb4e3e50ad68ac8983b97a585cf82d48c8a4db3059e
                                                                                                                                                          • Opcode Fuzzy Hash: a746b021d38df97970f91aedb9857fea4965b576d2dc6b6e802e992f8871c6ae
                                                                                                                                                          • Instruction Fuzzy Hash: E1F0303274563647DA2016997A007FAB68DCB80FA6F05407FF60DC76C1DB5AE84293E2
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC3369 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8e4ec3e64d9b10337ed397d75f93f2f691d929063c92e5d9e88fe6c56181db98
                                                                                                                                                          • Instruction ID: 4b2f2038da5497668cb560ac280aca62efb39d08bd319b30ecf748cc9578f422
                                                                                                                                                          • Opcode Fuzzy Hash: 8e4ec3e64d9b10337ed397d75f93f2f691d929063c92e5d9e88fe6c56181db98
                                                                                                                                                          • Instruction Fuzzy Hash: A1017C30D09248EFCB01EFB8E89959C7FB1EF46204B1004FEC815EB392DA355A4ACB46
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCCBD0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 44a29620925bf05b27ee3765bfe563a35df1e2a280d0e997b3d408a5a4a6685b
                                                                                                                                                          • Instruction ID: 10f82ef3c9b5703fe60db75750e2de238d57e4247c29ca9cfc79609ff3414b28
                                                                                                                                                          • Opcode Fuzzy Hash: 44a29620925bf05b27ee3765bfe563a35df1e2a280d0e997b3d408a5a4a6685b
                                                                                                                                                          • Instruction Fuzzy Hash: 930169352006058FC754CF2AE648C9AB7E6FF84724752D469E50ACB761DBB0FD42CB90
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC14B8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8fc174e1dff1f371f60cea8eb373f19a4cde38b4e70abdfe6afa15a3790c5e84
                                                                                                                                                          • Instruction ID: e6cb2c59298de45e741da2715562684df86c8da65a3da4b9074d4403470e7f30
                                                                                                                                                          • Opcode Fuzzy Hash: 8fc174e1dff1f371f60cea8eb373f19a4cde38b4e70abdfe6afa15a3790c5e84
                                                                                                                                                          • Instruction Fuzzy Hash: A901C474D0420EEFCB04DFA9D6446AEBBF0FB48301F2085AAC815A3241E7345A51CFA0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC31F7 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f9a9bdd21f1bd5e144e526051b35124fc7f19e7a575696710f00ae255f843234
                                                                                                                                                          • Instruction ID: 7022632b9934612dec5edf829e19ae01ae99d02d58dc0627fbd6141eed3729c6
                                                                                                                                                          • Opcode Fuzzy Hash: f9a9bdd21f1bd5e144e526051b35124fc7f19e7a575696710f00ae255f843234
                                                                                                                                                          • Instruction Fuzzy Hash: DCF0E2312082805FD315A77FA8496DE3FE6DBC726074840BED95EC7383C965180ACBB1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC31B1 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 456fbf548251c84a917880571fdc324b788c791c1909e331fb9ee1d9fee7c897
                                                                                                                                                          • Instruction ID: 85987fc1540b106e9e7b807445bf5d4f1246bb2fc0f6140c8c8c94348c61b702
                                                                                                                                                          • Opcode Fuzzy Hash: 456fbf548251c84a917880571fdc324b788c791c1909e331fb9ee1d9fee7c897
                                                                                                                                                          • Instruction Fuzzy Hash: 8BF0B4316495900FC312A37DE8945EE7F669F9322130806BED143DB253C9060C06C766
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCC138 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2659388433d45fb39190d9ed7ac0f73a7cb25389f27bc7ec73e01a58e97ca9d3
                                                                                                                                                          • Instruction ID: 91e1b43ba2d93d3f0c84b456abd3045319d369f2eb2728616875ed20ec50a438
                                                                                                                                                          • Opcode Fuzzy Hash: 2659388433d45fb39190d9ed7ac0f73a7cb25389f27bc7ec73e01a58e97ca9d3
                                                                                                                                                          • Instruction Fuzzy Hash: 4AF096366096D25FC312DB39D444C99BFB5AE9263030A86EEE449CB263CB14ED45C7D1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCBF38 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bcb3e2a315ad912cea98efba7b26bbade6f46a6b565dbea01f76ed0fdd39e2cd
                                                                                                                                                          • Instruction ID: 9bb4b81120a3c11324edaeae163a0e17d63d82b21a76c8ec2228e2a4e8785baf
                                                                                                                                                          • Opcode Fuzzy Hash: bcb3e2a315ad912cea98efba7b26bbade6f46a6b565dbea01f76ed0fdd39e2cd
                                                                                                                                                          • Instruction Fuzzy Hash: C3016D30A04659CFCB54EF69D5088EEBFF1FF89320B00456DD44AE7202DB709A09CB91
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC4190 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 549bfadd292d69b5e3b78d782130327f1c7d36497bebc771484d93fc4e266f86
                                                                                                                                                          • Instruction ID: 04fbd756299f327c01abc1c1563635b65d258aa4edfc72366d8412bebe811bcc
                                                                                                                                                          • Opcode Fuzzy Hash: 549bfadd292d69b5e3b78d782130327f1c7d36497bebc771484d93fc4e266f86
                                                                                                                                                          • Instruction Fuzzy Hash: 670126708097458FC716DF26E408456BFF2FF8A300704857ED88683A52CB70654ACF51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC4130 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b34317786ca826350dc9d16b4382343edf7eb0ccb49a1b049c0d632b9ac4a058
                                                                                                                                                          • Instruction ID: e733625bb38c97016e046d9c310a0b563cf1b10e3f7a57489fc785271149cf00
                                                                                                                                                          • Opcode Fuzzy Hash: b34317786ca826350dc9d16b4382343edf7eb0ccb49a1b049c0d632b9ac4a058
                                                                                                                                                          • Instruction Fuzzy Hash: 21F0B4311097609FD711E72AE41979A7FF6DF83219F04046ED242CB643CA66680AC7A2
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC7908 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0a7f347cad78eeff32a7b66797bb1865f027e46e9d7c91bbc3b924a6b443342d
                                                                                                                                                          • Instruction ID: 9d16cf483156b2ec99e0d9182a6b6bb5d59e7c1e8c65637b0e0183e6f0522785
                                                                                                                                                          • Opcode Fuzzy Hash: 0a7f347cad78eeff32a7b66797bb1865f027e46e9d7c91bbc3b924a6b443342d
                                                                                                                                                          • Instruction Fuzzy Hash: 3DF08C92B0E3D14FC71653B96D295A46FA19AD709234E40FFD181CBAE3D988980BD362
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC3378 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 53fd1e73cea5e1222538edcac9d00c58e56100dffa310262433b82ca3c4e27f6
                                                                                                                                                          • Instruction ID: 857f7e0e99b8b19d63e56ffd0f36c870db0b1f6b18dd6fcdb92f7942d3f24b6f
                                                                                                                                                          • Opcode Fuzzy Hash: 53fd1e73cea5e1222538edcac9d00c58e56100dffa310262433b82ca3c4e27f6
                                                                                                                                                          • Instruction Fuzzy Hash: ACF06930E04208EFCB40FFB4F54949C7BF1EB86204B1004B9C815A7382EA306A49CB46
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCBED7 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: eca5cb7826e1d53fdd203a23ed8e46f3e81461e33cbd016ef7ffd33107f623da
                                                                                                                                                          • Instruction ID: 6bd84e287812248492385c9a7e821377c236a7ea8a28fc214fcfccbb5b86ff61
                                                                                                                                                          • Opcode Fuzzy Hash: eca5cb7826e1d53fdd203a23ed8e46f3e81461e33cbd016ef7ffd33107f623da
                                                                                                                                                          • Instruction Fuzzy Hash: 55F05C362082585BC305177AB51644A7F5DCFC712130055BFE508CB253DA644C09C7A1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCDE5E Relevance: .0, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 39f98b8bb156a5136b2c97a36d479792cff4c906e8ee654153bb5d96ae8b1122
                                                                                                                                                          • Instruction ID: 6385a350e1aa13e2c76faf1d855d255fd7cdc13f558e3aa2457cebfffeef1538
                                                                                                                                                          • Opcode Fuzzy Hash: 39f98b8bb156a5136b2c97a36d479792cff4c906e8ee654153bb5d96ae8b1122
                                                                                                                                                          • Instruction Fuzzy Hash: 78F0A031B051049FD7149A6ADC48BEBFBA1EFC9320F14827ED50AC7351DAB19849C790
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCBF48 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f9eec683ee66fe8e50043098545a36e74f7363a379beefc0ba41b5354d3e9f12
                                                                                                                                                          • Instruction ID: 953f310beace7c1718900d8b3221708376991ac2633a527386039ed457396e03
                                                                                                                                                          • Opcode Fuzzy Hash: f9eec683ee66fe8e50043098545a36e74f7363a379beefc0ba41b5354d3e9f12
                                                                                                                                                          • Instruction Fuzzy Hash: 63F04470A00618CFCB40EF6AD90859EBBF4FF88320B00452AE419E3202EB70AA05CBD1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCDB3D Relevance: .0, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ae3633dd5a9deee016d34501c34dac2c09da274c42daa5b97cfedbbec912ea22
                                                                                                                                                          • Instruction ID: abd37744a9a1947659fdb36cc3263e2fadea754770f8214d9bc23528e298bed4
                                                                                                                                                          • Opcode Fuzzy Hash: ae3633dd5a9deee016d34501c34dac2c09da274c42daa5b97cfedbbec912ea22
                                                                                                                                                          • Instruction Fuzzy Hash: 4001F635A0521AEBDF00DB90DE84FEEBBB2BF48300F104018E801B72A2D731A941DB50
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC86D4 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 13d997406ae037e46cece6e3e12284c2450d6356361b74a92d2313c3f85ca73e
                                                                                                                                                          • Instruction ID: a1b3bab8f8a5d7cf22ef6e50fae377ed00f8f44009ee7e17cd39d568d277c132
                                                                                                                                                          • Opcode Fuzzy Hash: 13d997406ae037e46cece6e3e12284c2450d6356361b74a92d2313c3f85ca73e
                                                                                                                                                          • Instruction Fuzzy Hash: 27F02E7150C7508FC310EB76EA550597FE1DE82251344CDAEC095C69E1EB70B40BD352
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCDF88 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8a3a4523a4a41b6c9b7c9c0f09144dd614da18b948a4079bc5dc7f22200902e2
                                                                                                                                                          • Instruction ID: bbfba4912c9cf5a545ea7c5666f313f777df6a36e42dc4e358135770913514f1
                                                                                                                                                          • Opcode Fuzzy Hash: 8a3a4523a4a41b6c9b7c9c0f09144dd614da18b948a4079bc5dc7f22200902e2
                                                                                                                                                          • Instruction Fuzzy Hash: B0F09670C0A3C99FCB41DFB899115ADBFB06F06210F0485AFD444D7652E2344646DBD2
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC85BA Relevance: .0, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 636bec8fe1040488cee3f6f512b4499e38a0a589b1ed9559dae292ce59476caa
                                                                                                                                                          • Instruction ID: 30860b43e1866ca097689beb7ad601b4da4e85f9b2e1e74420b24dbd531ad8d7
                                                                                                                                                          • Opcode Fuzzy Hash: 636bec8fe1040488cee3f6f512b4499e38a0a589b1ed9559dae292ce59476caa
                                                                                                                                                          • Instruction Fuzzy Hash: 5EE022303093850B872AA23A69004B96BA79FC32A130946BEC606CA642DF65980A83A1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCC148 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a0a01bca24fc540f19d07d2d6a61b031fc096845f76c9ddc5e8d69902b77df0e
                                                                                                                                                          • Instruction ID: a49bc1e72d40a29b96158b5610945da400a52247deb6a0cb28d6a2a3da824beb
                                                                                                                                                          • Opcode Fuzzy Hash: a0a01bca24fc540f19d07d2d6a61b031fc096845f76c9ddc5e8d69902b77df0e
                                                                                                                                                          • Instruction Fuzzy Hash: CAF0E5377059669FC3008F29D404C49B7F9EF81734306815AE40887322CB20FD41C7D0
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC3208 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b81931cdc23458b5f788fd1d310f97723f67cd031996422f73325a8f0d06e218
                                                                                                                                                          • Instruction ID: 5f5e730a5f3454768cde4e463cea741e972cd0672ad1266356c2315ebdfb03a4
                                                                                                                                                          • Opcode Fuzzy Hash: b81931cdc23458b5f788fd1d310f97723f67cd031996422f73325a8f0d06e218
                                                                                                                                                          • Instruction Fuzzy Hash: C1E022323002106BC300666FB948A9E7AD9DBCA325B00007DEA1EC3381CA612802CBB1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC41A0 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8f6aea7e8749627f4411c2d86c218e3d76708d50e6b810817f18e017abf0057c
                                                                                                                                                          • Instruction ID: 1ab1fe0981c28fb5862ad4416389d9bffc0fc454f73adbb55ceecf7e6de6bf10
                                                                                                                                                          • Opcode Fuzzy Hash: 8f6aea7e8749627f4411c2d86c218e3d76708d50e6b810817f18e017abf0057c
                                                                                                                                                          • Instruction Fuzzy Hash: F0F067B0901B158FD724DF27E408556BFF2FB893057008A3EE84A82A52DB70A44ACF84
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCBEE8 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 15b9bac2f57d9766301136b3b32f02c79e2761499611227fee97699ad5158814
                                                                                                                                                          • Instruction ID: 8cc21da7359395dbb667058328182be60de6ee9596776f192ad14bd45304db40
                                                                                                                                                          • Opcode Fuzzy Hash: 15b9bac2f57d9766301136b3b32f02c79e2761499611227fee97699ad5158814
                                                                                                                                                          • Instruction Fuzzy Hash: A8E02632308218A7C30467BBB81985BBA9ED7CA225340993DFA09C3343DFB59C0193B1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCB080 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: af9ea0b4bd301e6e43e10a9f8cc009679a8d55ffc65bb5976c639c17e8ebfb6f
                                                                                                                                                          • Instruction ID: a4745ae692faa29aa81b6dc5e181f1d0597cc7d978c5b6e016878921938af126
                                                                                                                                                          • Opcode Fuzzy Hash: af9ea0b4bd301e6e43e10a9f8cc009679a8d55ffc65bb5976c639c17e8ebfb6f
                                                                                                                                                          • Instruction Fuzzy Hash: 27E0DF30A0D2C14FD712FB79A9088D93FB58E4329078900EED889CB227DE21CC09C7A3
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC4140 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 059993e68a0836aadc0f0912f32505e60e54d7f98d5a1b1f80508ab4cc7a86be
                                                                                                                                                          • Instruction ID: 8c58095cb227bc3632209d75eb4d7b0f81094003b481d29daabc32471b27919b
                                                                                                                                                          • Opcode Fuzzy Hash: 059993e68a0836aadc0f0912f32505e60e54d7f98d5a1b1f80508ab4cc7a86be
                                                                                                                                                          • Instruction Fuzzy Hash: 92E0ED316047648BC310EB2AE10865A7BE6EBC2318F04083DD242CB642CBA6A806CBD6
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC0471 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0da77b25ad80b77539f2d0af6ada57737e959abcb3fcef78b632a3cd4972f4ca
                                                                                                                                                          • Instruction ID: 0f728ff75425555676b8a98c5801204558ed9bf215355469d67173a8f4ba39ae
                                                                                                                                                          • Opcode Fuzzy Hash: 0da77b25ad80b77539f2d0af6ada57737e959abcb3fcef78b632a3cd4972f4ca
                                                                                                                                                          • Instruction Fuzzy Hash: 4DE06DB5909205DFDB00EBB0FA1469E7BA0EB45209B1109AEC004AB251E7345F19DB51
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCB260 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3a2ac1a8c80bd92ebf7abcb63fbb06ff3f29114ec4ee566832c3349c9b98f917
                                                                                                                                                          • Instruction ID: b6e7f5173517011998776780ed124837d2107706d79d68b6ef5442f6f8996907
                                                                                                                                                          • Opcode Fuzzy Hash: 3a2ac1a8c80bd92ebf7abcb63fbb06ff3f29114ec4ee566832c3349c9b98f917
                                                                                                                                                          • Instruction Fuzzy Hash: E7E02B3290C3505F4706D7F494151DE3FA78D831B471501E7C50CCB242DD2A0D0583E1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC0480 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 61954f8cdc9c7ae019970c6479800cdf9ebcfbe5ae882fb84518ed25c23c4e52
                                                                                                                                                          • Instruction ID: 8b2588a9fbdca623567373549f8ebb1173e37b29be458ed4d6e621de20d2f8b8
                                                                                                                                                          • Opcode Fuzzy Hash: 61954f8cdc9c7ae019970c6479800cdf9ebcfbe5ae882fb84518ed25c23c4e52
                                                                                                                                                          • Instruction Fuzzy Hash: 4EE04670909209EFDB10EFB4FA1569E77A8EB4420AF104AAEC404A7240EB756F14DB61
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC66A0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f198f0230d0ff2c20cbb4d387c889dab73e1904d92fe672eb02e66219e65e4bf
                                                                                                                                                          • Instruction ID: fe2d9cd980eeabde6448ccddfd89db9f6e4771d68bd46cfaabcbcdee0e80c6e1
                                                                                                                                                          • Opcode Fuzzy Hash: f198f0230d0ff2c20cbb4d387c889dab73e1904d92fe672eb02e66219e65e4bf
                                                                                                                                                          • Instruction Fuzzy Hash: A9E02C7210C3A80FE302DB38F855C9D3BC1EB85308316498CEA44CF28AC6691E0283C3
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC31C0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1a0dd849bccb2f80c50a5a7dc10c2409107c8947a48bfadd749cdb20ba8ddc5d
                                                                                                                                                          • Instruction ID: a95de853d39647e0ee26b0ab457511dc810bc03f89ccd9b43f72418b76085a8f
                                                                                                                                                          • Opcode Fuzzy Hash: 1a0dd849bccb2f80c50a5a7dc10c2409107c8947a48bfadd749cdb20ba8ddc5d
                                                                                                                                                          • Instruction Fuzzy Hash: 75D0C231700014474514636EB5084AE3B9EEFC6122304003EE507C3241CF151C0747E5
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCBE90 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5984b9a1c55a162cede504d909fc57106129ed007a6371a8927c4abd649e3f43
                                                                                                                                                          • Instruction ID: 1bedd8341c321496b94d25fa96a9cd446ec36b299e8267479a581a2ef24eaeb7
                                                                                                                                                          • Opcode Fuzzy Hash: 5984b9a1c55a162cede504d909fc57106129ed007a6371a8927c4abd649e3f43
                                                                                                                                                          • Instruction Fuzzy Hash: 77E0D828A0D3D84FD74ACB39E0271067F619B82615F0480DFC0458F557C62A9645C752
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCDF98 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bc5c8370c83ae0c357d9de7aed6894856f2a64b8f1cc68fdbf81ec044babe6be
                                                                                                                                                          • Instruction ID: 89ace9c19af7e61d84878f788476fc1c2ff6bbb86a740d33e44e3b664f9ae2e5
                                                                                                                                                          • Opcode Fuzzy Hash: bc5c8370c83ae0c357d9de7aed6894856f2a64b8f1cc68fdbf81ec044babe6be
                                                                                                                                                          • Instruction Fuzzy Hash: 86E092B5D0424E9F8B94EFA9D5425BEBFF4AB48200F10816AD918E3240E6345A51CFE1
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCB270 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fd4ae5f3241116675f7a15ddbeeb491162ef23771ed68bd53833d61cd7cef2ae
                                                                                                                                                          • Instruction ID: 2c02fd347b31412c3c68da0ae022024eb6384345fdc9dd722e03fdb1e0f02753
                                                                                                                                                          • Opcode Fuzzy Hash: fd4ae5f3241116675f7a15ddbeeb491162ef23771ed68bd53833d61cd7cef2ae
                                                                                                                                                          • Instruction Fuzzy Hash: 1ED022336083282B0704EAA998004CE7F9DCA84078B0100AAC70CC7200EE712A0043E6
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC78D8 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 41b5d907aa4791da74b3081df91e4f9b07d471d194e584112238f56045b13d65
                                                                                                                                                          • Instruction ID: 1c05d2703ec6413e7e81eaab2369cf7c33da5ae22384ce3a60329e100cc2f583
                                                                                                                                                          • Opcode Fuzzy Hash: 41b5d907aa4791da74b3081df91e4f9b07d471d194e584112238f56045b13d65
                                                                                                                                                          • Instruction Fuzzy Hash: 5ED05E3270D1D01B8302A37D79200986FA19BC609531D10FED581C77D2CC845C069366
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC6D18 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e33bf19aa89821b1d73fc776db9d33d2bc0ac17c60b899ccaa076bb4812bcf34
                                                                                                                                                          • Instruction ID: 73511b1f12da1d3eb72a9361a0c32aacf0185eaba8147f6bc19bf7036bbca976
                                                                                                                                                          • Opcode Fuzzy Hash: e33bf19aa89821b1d73fc776db9d33d2bc0ac17c60b899ccaa076bb4812bcf34
                                                                                                                                                          • Instruction Fuzzy Hash: 6ED017362481849FCB42DB68C844C883F32BF3A21030441E9E585CF233C2628811DB00
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC0448 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: be5c9a5b78c82a32bc01e5e407561f638362eb6b813f03ea15e153ef4ad8b34d
                                                                                                                                                          • Instruction ID: 37184c05793bdf1fe649fbaf8bdb059266653d600572fe3bac1fba9aa6b898e1
                                                                                                                                                          • Opcode Fuzzy Hash: be5c9a5b78c82a32bc01e5e407561f638362eb6b813f03ea15e153ef4ad8b34d
                                                                                                                                                          • Instruction Fuzzy Hash: 58C01230819309DFCA109FA4B50872B766CE707715F40165D950853100AB755961C565
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FCB241 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 317d41791796b23b7a9f97bb4fb1293f2598400ceb4c568aa91e2c72261755e2
                                                                                                                                                          • Instruction ID: 8e752bcb509959df3184ce215bb530ebeb957ac1741c681c03d32b70dc66769b
                                                                                                                                                          • Opcode Fuzzy Hash: 317d41791796b23b7a9f97bb4fb1293f2598400ceb4c568aa91e2c72261755e2
                                                                                                                                                          • Instruction Fuzzy Hash: 51B0121006D3C30FCF0347A29D550C43F3099432113050AC6C092CB917C10A8C0FE7E3
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC7D29 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 41686658b1e45e93b0ab262633c3a0976806a71b1b996f8bb3498e5d17e7bb1b
                                                                                                                                                          • Instruction ID: b6fe4e29cb1ffce28e8bd139b49e4965c355b2b638a8e2df8c07c3c28e1ec7fa
                                                                                                                                                          • Opcode Fuzzy Hash: 41686658b1e45e93b0ab262633c3a0976806a71b1b996f8bb3498e5d17e7bb1b
                                                                                                                                                          • Instruction Fuzzy Hash: FEB0123381C07817C602D2ADBB404C4BF2084900A72E84B9AD54CCD7A39609C01342A8
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 04FC5A57 Relevance: 8.9, Strings: 7, Instructions: 114COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,~g$,~g$,~g$,~g$,~g$,~g$,~g
                                                                                                                                                          • API String ID: 0-810847461
                                                                                                                                                          • Opcode ID: c4bc62a604e28f01485b3518cd7e23cb60538aa51a8c5275ea3dbd3a18442267
                                                                                                                                                          • Instruction ID: d2374aa54430d1a6e548b4ce78f0cfcc861eace8f47616a963c366f4803876dc
                                                                                                                                                          • Opcode Fuzzy Hash: c4bc62a604e28f01485b3518cd7e23cb60538aa51a8c5275ea3dbd3a18442267
                                                                                                                                                          • Instruction Fuzzy Hash: 093108743082546BE705AB34E85563E239BFBCA168B28452DD8038B795CF396C0FA393
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC5E90 Relevance: 8.9, Strings: 7, Instructions: 112COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,~g$,~g$,~g$,~g$,~g$,~g$,~g
                                                                                                                                                          • API String ID: 0-810847461
                                                                                                                                                          • Opcode ID: 9a5e76e5c3cf312a1a59be86daed52878b44f0bbe58909b262772011fc802985
                                                                                                                                                          • Instruction ID: 0c0d27349673994db264546d65a34eadef6724406984e77cb284871b7aaa6364
                                                                                                                                                          • Opcode Fuzzy Hash: 9a5e76e5c3cf312a1a59be86daed52878b44f0bbe58909b262772011fc802985
                                                                                                                                                          • Instruction Fuzzy Hash: B231CB7930C2545BE705AF34EC5163E279BEFCA164B28446DC9038B394DF396C0AA763
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC5EA0 Relevance: 8.9, Strings: 7, Instructions: 107COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,~g$,~g$,~g$,~g$,~g$,~g$,~g
                                                                                                                                                          • API String ID: 0-810847461
                                                                                                                                                          • Opcode ID: 33cc9f22488493e40301e6817faa24fc881a5db78ccddc85da919975a2a5221d
                                                                                                                                                          • Instruction ID: 4f743a11223feef8861f984555cf6b0d4bad308513367bc13c76cc4b88e753fd
                                                                                                                                                          • Opcode Fuzzy Hash: 33cc9f22488493e40301e6817faa24fc881a5db78ccddc85da919975a2a5221d
                                                                                                                                                          • Instruction Fuzzy Hash: 3B318C7930815467E704AB74EC5163E239BEBC9164F28442DD9038B394DF397C0A63A3
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                          Function 04FC5A68 Relevance: 8.9, Strings: 7, Instructions: 107COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000001.00000002.341546528.0000000004FC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04FC0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_1_2_4fc0000_vbc.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,~g$,~g$,~g$,~g$,~g$,~g$,~g
                                                                                                                                                          • API String ID: 0-810847461
                                                                                                                                                          • Opcode ID: 2bacd3161fb2ae8f0dd63413d2969cf6976fa9f044e50fe31cea25c5bc478ce1
                                                                                                                                                          • Instruction ID: 4201ef811d4a2ced3b7d801ca7b034a078864409536b273deae63a149d3563cc
                                                                                                                                                          • Opcode Fuzzy Hash: 2bacd3161fb2ae8f0dd63413d2969cf6976fa9f044e50fe31cea25c5bc478ce1
                                                                                                                                                          • Instruction Fuzzy Hash: 4931AA753081146BE704AB35F85563E239BFBCA158F28552DD9038B794DF396C0BA393
                                                                                                                                                          Uniqueness

                                                                                                                                                          Uniqueness Score: -1.00%