Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fxsound_setup.exe

Overview

General Information

Sample Name:fxsound_setup.exe
Analysis ID:1343637
MD5:9ea725e3e3bc82249957cc00b74c4882
SHA1:3291c62ff7f044dabe2809317df09ae451384cd1
SHA256:3541df625affa384feacf3cd3d64c47d2372eab9a2055d57dde08afe7f85862c
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:50
Range:0 - 100

Signatures

Found evasive API chain (may stop execution after checking mutex)
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to open files direct via NTFS file id
Contains functionality to detect sleep reduction / modifications
Creates files inside the driver directory
Drops certificate files (DER)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Creates driver files
Binary contains a suspicious time stamp
Creates a start menu entry (Start Menu\Programs\Startup)
Launches processes in debugging mode, may be used to hinder debugging
Checks for available system drives (often done to infect USB drives)
Found large amount of non-executed APIs
May check if the current machine is a sandbox (GetTickCount - Sleep)
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
Creates files inside the system directory
PE file contains sections with non-standard names
Queries device information via Setup API
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Sample file is different than original file name gathered from version info
Enables driver privileges
Enables security privileges
Contains functionality to read device registry values (via SetupAPI)
Creates or modifies windows services

Classification

Process Tree

  • System is w10x64
  • fxsound_setup.exe (PID: 7556 cmdline: C:\Users\user\Desktop\fxsound_setup.exe MD5: 9EA725E3E3BC82249957CC00B74C4882)
    • msiexec.exe (PID: 7784 cmdline: C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.x64.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\fxsound_setup.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1700145085 " AI_EUIMSI=" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 7692 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7740 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 6BF8E8F0E65A9BE676F944F6B1AD6904 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7868 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 50F48E14FB205B68BFB05310562FC39D MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • fxdevcon64.exe (PID: 8112 cmdline: "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove *DFX12 MD5: 87EAD9C6CD7486421E3142B2A6480F8E)
        • conhost.exe (PID: 8120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • DfxSetupDrv.exe (PID: 8176 cmdline: "C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" check MD5: EFE3CF96899C9D9CC25815F88E9466E2)
        • conhost.exe (PID: 8184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • fxdevcon64.exe (PID: 7260 cmdline: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" install "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.inf MD5: 87EAD9C6CD7486421E3142B2A6480F8E)
        • conhost.exe (PID: 7280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 340 cmdline: schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 1392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • FxSound.exe (PID: 5508 cmdline: "C:\Program Files\FxSound LLC\FxSound\\FxSound.exe" @ MD5: 0A1E1E6B90FE62B9011393501BEF58D7)
  • svchost.exe (PID: 60 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • drvinst.exe (PID: 7400 cmdline: DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{b9e6171e-db51-354e-8520-b3defe7fbf71}\fxvad.inf" "9" "4143399a7" "0000000000000158" "WinSta0\Default" "000000000000016C" "208" "c:\program files\fxsound llc\fxsound\drivers\win10\x64" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
    • drvinst.exe (PID: 5812 cmdline: DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:ed86ca115cc2c934:DFX_Device:14.1.0.0:root\fxvad," "4143399a7" "0000000000000184" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
  • updater.exe (PID: 1556 cmdline: "C:\Program Files\FxSound LLC\FxSound\updater.exe" /silent MD5: BC7B29CD513AEC979CEFBF30E6D68A01)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Uses 32bit PE files
Source: fxsound_setup.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 45.79.74.123:443 -> 192.168.2.11:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.79.74.123:443 -> 192.168.2.11:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.79.74.123:443 -> 192.168.2.11:49713 version: TLS 1.2
Creates a directory in C:\Program Files
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLCJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSoundJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\FxSound.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\DriversJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\AppsJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\updater.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxInstall.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvadntamd64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvadntx86.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvadntamd64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvadntx86.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\FactsoftJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\1.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\10.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\11.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\12.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\2.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\3.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\4.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\5.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\6.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\7.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\8.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\9.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Bold.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Medium.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Regular.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Bold.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Medium.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Regular.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Bold.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Medium.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Regular.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Medium.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Regular.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\updater.iniJump to behavior
Creates a software uninstall entry
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FxSound 1.1.20.0Jump to behavior
PE / OLE file has a valid certificate
Source: fxsound_setup.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: fxsound_setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: wininet.pdb source: fxsound_setup.exe, 00000000.00000003.1382644368.00000000057AC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\Release\fxdevcon32.pdb" source: fxdevcon32.exe0.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\Updater.pdb source: updater.exe, 00000014.00000002.1600834899.0000000000514000.00000002.00000001.01000000.0000000E.sdmp, updater.exe, 00000014.00000000.1572031841.0000000000514000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\code32\Mains\DfxSetupDrv\Release\DfxSetupDrv.pdbNN(GCTL source: DfxSetupDrv.exe, 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe, 00000009.00000000.1460979745.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Project\x64\Release\App\FxSound.pdb source: FxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb? source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\Release\fxdevcon32.pdb source: fxdevcon32.exe0.2.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\x64\Release\fxdevcon64.pdb source: fxdevcon64.exe, 00000007.00000000.1456039657.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000B.00000000.1476235358.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000B.00000002.1551653891.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe0.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr
Source: Binary string: wininet.pdbUGP source: fxsound_setup.exe, 00000000.00000003.1382644368.00000000057AC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\code32\Mains\DfxSetupDrv\Release\DfxSetupDrv.pdb source: DfxSetupDrv.exe, 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe, 00000009.00000000.1460979745.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\Vijay\Documents\Projects\FxSound\fxsound-driver\fxvad\pcmex\x64\Release\fxvad.pdb source: drvinst.exe, 0000000E.00000003.1523404397.0000020532931000.00000004.00000020.00020000.00000000.sdmp, fxvad.sys1.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: fxsound_setup.exe
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\x64\Release\fxdevcon64.pdb source: fxdevcon64.exe, 00000007.00000000.1456039657.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000B.00000000.1476235358.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000B.00000002.1551653891.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe0.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdbo source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00909310 _wcsrchr,_wcsrchr,GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection,0_2_00909310
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00900640 FindFirstFileW,FindClose,CloseHandle,CloseHandle,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_00900640
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008DB1B0 FindFirstFileW,GetLastError,FindClose,0_2_008DB1B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0090A4B0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_0090A4B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0090A8B0 FindFirstFileW,FindClose,0_2_0090A8B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008DA850 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,0_2_008DA850
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007E0880 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW,0_2_007E0880
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008DABE0 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,FindNextFileW,0_2_008DABE0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008E8F30 FindFirstFileW,FindClose,FindClose,0_2_008E8F30
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008BFE80 FindFirstFileW,FindNextFileW,FindClose,0_2_008BFE80
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668317C0 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,7_2_00007FF7668317C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0046E2C0 GetLastError,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindClose,20_2_0046E2C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004F3F59 FindFirstFileExW,20_2_004F3F59
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: FxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: http://Locationftp:juceftp://https://GetAdaptersAddressesiphlpapi.dllhttps:
Source: fxsound_setup.exe, 00000000.00000003.1568506889.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568045919.000000000128F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568935644.00000000012A6000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000002.1570771672.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/D
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, fxdevcon64.exe0.2.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr, FxSound.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: fxsound_setup.exe, 00000000.00000003.1569176251.00000000012DA000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568506889.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1569077914.00000000012B4000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568045919.000000000128F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568935644.00000000012A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrus
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, MSI54E7.tmp.2.dr, fxdevcon64.exe0.2.dr, FxSound.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, fxdevcon64.exe0.2.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr, FxSound.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, fxdevcon64.exe0.2.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr, FxSound.exe.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: fxsound_setup.exe, 00000000.00000003.1569176251.00000000012DA000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568506889.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1569077914.00000000012B4000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568045919.000000000128F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568935644.00000000012A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.di
Source: fxsound_setup.exe, 00000000.00000003.1569176251.00000000012DA000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568506889.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1569077914.00000000012B4000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568045919.000000000128F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568935644.00000000012A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digiD
Source: fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, fxdevcon64.exe0.2.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr, FxSound.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, MSI54E7.tmp.2.dr, fxdevcon64.exe0.2.dr, FxSound.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, fxdevcon64.exe0.2.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr, FxSound.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: FxSound.exe.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, MSI54E7.tmp.2.dr, fxdevcon64.exe0.2.dr, FxSound.exe.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: fxsound_setup.exe, 00000000.00000003.1568506889.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568045919.000000000128F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568935644.00000000012A6000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000002.1570771672.00000000012A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicer
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, MSI54E7.tmp.2.dr, fxdevcon64.exe0.2.dr, FxSound.exe.2.drString found in binary or memory: http://ocsp.digicert.com0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, fxdevcon64.exe0.2.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr, FxSound.exe.2.drString found in binary or memory: http://ocsp.digicert.com0A
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, fxvad.sys1.2.dr, fxdevcon64.exe0.2.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr, FxSound.exe.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://ocsp.digicert.com0C
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://ocsp.digicert.com0H
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://ocsp.digicert.com0I
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://ocsp.digicert.com0O
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, fxdevcon64.exe0.2.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr, FxSound.exe.2.drString found in binary or memory: http://ocsp.digicert.com0X
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.drString found in binary or memory: http://t2.symcb.com0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.drString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.drString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.drString found in binary or memory: http://tl.symcd.com0&
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, fxdevcon32.exe0.2.dr, MSI54E7.tmp.2.dr, fxvad.sys1.2.dr, fxdevcon64.exe0.2.dr, FxSound.exe.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://www.digicert.com/CPS0
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: fxdevcon64.exe, 0000000B.00000003.1478555908.000001CCAF499000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1549322260.000001CCAF4EF000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1484296055.000001CCAF4FD000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1487592875.000001CCAF4F2000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486450383.000001CCAF4FA000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1477028350.000001CCAF464000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486128835.000001CCAF4F2000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1484296055.000001CCAF502000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1488333577.000001CCAF46C000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486450383.000001CCAF4F2000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000002.1551091054.000001CCAF4F0000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486450383.000001CCAF502000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1496603587.0000020532423000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1496033222.000002053240E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1528929684.0000020532427000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1495120602.0000020532418000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1496759769.0000020532419000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1493645036.0000020532418000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1492790054.0000020532414000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1491919648.000002053240C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000002.1532451790.00000205323F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fxsound.com
Source: fxdevcon64.exe, 0000000B.00000003.1478555908.000001CCAF49F000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1487886959.000001CCAF4CD000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486684884.000001CCAF4D0000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1478600335.000001CCAF4A6000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1485206126.000001CCAF519000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1478641204.000001CCAF471000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1477028350.000001CCAF46A000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1484263589.000001CCAF516000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486552595.000001CCAF4CD000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486128835.000001CCAF4CD000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1482844106.000001CCAF487000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1488236237.000001CCAF4D0000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1485074247.000001CCAF518000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1495718197.0000020532436000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1492496102.000002053240B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1490792749.0000020532410000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1492217232.0000020532419000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1493087738.0000020532419000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1493645036.0000020532434000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1492496102.0000020532419000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1523489054.0000020532911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fxsound.comd
Source: drvinst.exe, 0000000E.00000003.1523489054.0000020532911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fxsound.comid
Source: updater.exe, 00000014.00000002.1600932305.00000000006BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/
Source: updater.exe, 00000014.00000002.1601081772.00000000006F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/fxsoundlatest
Source: updater.exe, 00000014.00000002.1601081772.00000000006F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/fxsoundlatestoad
Source: MSI54E7.tmp.2.drString found in binary or memory: https://download.fxsound.com/updates
Source: updater.exe, 00000014.00000002.1600932305.0000000000681000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/updates?
Source: fxsound_setup.exe, 00000000.00000003.1382279118.0000000006810000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/updatesf
Source: updater.exe, 00000014.00000002.1600932305.0000000000681000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/updatesp
Source: updater.exe, 00000014.00000002.1600932305.0000000000678000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/updatester
Source: updater.exe, 00000014.00000003.1600408832.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp, updater.exe, 00000014.00000002.1600932305.00000000006E7000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599367575.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599073454.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599367575.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000002.1601081772.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000002.1601081772.00000000006F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exe
Source: updater.exe, 00000014.00000002.1600932305.00000000006BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exeIE5
Source: updater.exe, 00000014.00000003.1599073454.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599367575.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000002.1601081772.00000000006F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.fxsound.com/
Source: updater.exe, 00000014.00000002.1600932305.00000000006DA000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599073454.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000002.1600932305.0000000000681000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599367575.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599073454.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1590052056.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599128981.00000000006F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.fxsound.com/cs/sgMPaBYtQvliu88/downloads3.fxsound.com/fxsound/1.1.20.0/updates.txt/dow
Source: FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://forms.gle/ATx1ayXDWRaMdiR59
Source: FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://forms.gle/ATx1ayXDWRaMdiR59:Take
Source: MSI54E7.tmp.2.drString found in binary or memory: https://forum.fxsound.com
Source: MSI54E7.tmp.2.drString found in binary or memory: https://forum.fxsound.com%
Source: fxsound_setup.exe, 00000000.00000003.1568095758.0000000006807000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568407036.000000000680C000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000002.1572363756.000000000681D000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1569195741.0000000006811000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1569663597.000000000681C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://forum.fxsound.comG
Source: FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://james722808.typeform.com/to/QfEP5QrP
Source: FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://james722808.typeform.com/to/QfEP5QrPSupporthttps://www.fxsound.com/learning-centerChangelog;
Source: FxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://juce.com
Source: FxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://postman-echo.com
Source: FxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://postman-echo.comdaveHttpClient
Source: MSI54E7.tmp.2.drString found in binary or memory: https://s3.amazonaws.com/downloads3.fxsound.com/fxsound/2/updates.txt
Source: FxSound.exe.2.drString found in binary or memory: https://sketch.com
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.drString found in binary or memory: https://www.advancedinstaller.com
Source: fxvad.sys1.2.dr, fxvadntx86.cat0.2.drString found in binary or memory: https://www.digicert.com/CPS0
Source: fxsound_setup.exe, 00000000.00000002.1572015870.00000000067C8000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568144250.00000000067C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/blog/fxsound-is-now-completely-free=c
Source: fxsound_setup.exe, 00000000.00000003.1375871358.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1375613892.00000000012A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/blog/fxsound-is-now-completely-freeC
Source: fxsound_setup.exe, 00000000.00000003.1568506889.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1569077914.00000000012B4000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568045919.000000000128F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568935644.00000000012A6000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000002.1570793010.00000000012B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/blog/fxsound-is-now-completely-freetS
Source: FxSound.exe.2.drString found in binary or memory: https://www.fxsound.com/changelog
Source: MSI54E7.tmp.2.drString found in binary or memory: https://www.fxsound.com/changelog%
Source: FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://www.fxsound.com/changelog.Click
Source: fxsound_setup.exe, 00000000.00000002.1572184771.00000000067EC000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568144250.00000000067E3000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568225437.00000000067E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/changelog335
Source: fxsound_setup.exe, 00000000.00000002.1572184771.00000000067EC000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568144250.00000000067E3000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568225437.00000000067E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/changelogIONti(
Source: fxsound_setup.exe, 00000000.00000002.1572184771.00000000067EC000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568144250.00000000067E3000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568225437.00000000067E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/changelogenter
Source: MSI54E7.tmp.2.drString found in binary or memory: https://www.fxsound.com/learning-center
Source: MSI54E7.tmp.2.drString found in binary or memory: https://www.fxsound.com/learning-center%
Source: FxSound.exe, 00000013.00000002.2632982103.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2365194503.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2053751329.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2107623897.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2364698447.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2054170500.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2108143491.0000019841C54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/learning-center/installation-troubleshooting
Source: FxSound.exe, 00000013.00000002.2632982103.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2365194503.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2053751329.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2107623897.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2364698447.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2054170500.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2108143491.0000019841C54000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/learning-center/installation-troubleshooting.
Source: FxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://www.fxsound.com/learning-center/installation-troubleshootingFXSOUND_Oops
Source: FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://www.fxsound.com/learning-center/no-sound-with-fxsound-realtek
Source: FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://www.fxsound.com/learning-center/no-sound-with-fxsound-realtekPreset
Source: fxsound_setup.exe, 00000000.00000002.1572184771.00000000067EC000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568144250.00000000067E3000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568225437.00000000067E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/learning-center7)v
Source: fxsound.x64.msi.0.drString found in binary or memory: https://www.fxsound.com/learning-centerARPNOMODIFYEnableUserControlARPNOREPAIRARPSYSTEMCOMPONENTARPU
Source: FxSound.exe.2.drString found in binary or memory: https://www.fxsound.com/presets
Source: FxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000002.2631856479.00000198400EC000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe.2.drString found in binary or memory: https://www.fxsound.com/support
Source: FxSound.exe, 00000013.00000002.2631856479.00000198400EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/supportN
Source: FxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://www.paypal.com/donate/?hosted_button_id=JVNQGYXCQ2GPG
Source: FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drString found in binary or memory: https://www.paypal.com/donate/?hosted_button_id=JVNQGYXCQ2GPG1.1.20.0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.drString found in binary or memory: https://www.thawte.com/cps0/
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.drString found in binary or memory: https://www.thawte.com/repository0W
Source: unknownDNS traffic detected: queries for: download.fxsound.com
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0048D1F0 GetLastError,ResetEvent,InternetQueryDataAvailable,GetLastError,GetLastError,Sleep,WaitForSingleObject,SetEvent,ResetEvent,InternetReadFile,GetLastError,GetLastError,Sleep,WaitForSingleObject,SetEvent,WriteFile,Sleep,GetFileSize,GetLastError,CloseHandle,DeleteFileW,MoveFileW,CopyFileW,GetLastError,DeleteFileW,CloseHandle,20_2_0048D1F0
Source: global trafficHTTP traffic detected: GET /updates HTTP/1.1Accept: */*User-Agent: AdvancedInstallerHost: download.fxsound.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /cs/sgMPaBYtQvliu88/downloads3.fxsound.com/fxsound/1.1.20.0/updates.txt/download HTTP/1.1Accept: */*User-Agent: AdvancedInstallerConnection: Keep-AliveCache-Control: no-cacheHost: drive.fxsound.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: fxsound_setup.exe, 00000000.00000000.1360330763.00000000009F9000.00000002.00000001.01000000.00000003.sdmp, fxsound_setup.exe, 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: FlashWindowExFlashWindowGetPackagePathKernel32.dllhttp://www.google.comTESTtin9999.tmphttp://www.yahoo.comhttp://www.example.com.partGET "filenameattachment=123POSTcharsetDLDISO-8859-1US-ASCIIutf-8utf-16FTP Server*/*AdvancedInstallerLocal Network ServerIf-Modified-Since: %s equals www.yahoo.com (Yahoo)
Source: fxsound_setup.exeString found in binary or memory: TFlashWindowExFlashWindowGetPackagePathKernel32.dllhttp://www.google.comTESTtin9999.tmphttp://www.yahoo.comhttp://www.example.com.partGET "filenameattachment=123POSTcharsetDLDISO-8859-1US-ASCIIutf-8utf-16FTP Server*/*AdvancedInstallerLocal Network ServerIf-Modified-Since: %s equals www.yahoo.com (Yahoo)
Source: unknownHTTPS traffic detected: 45.79.74.123:443 -> 192.168.2.11:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.79.74.123:443 -> 192.168.2.11:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.79.74.123:443 -> 192.168.2.11:49713 version: TLS 1.2
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{3ff6872b-9707-8c41-b67a-99b8257606f4}\SET74AB.tmpJump to dropped file
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeFile created: C:\Users\user\AppData\Local\Temp\{b9e6171e-db51-354e-8520-b3defe7fbf71}\SET6F3D.tmpJump to dropped file
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeFile created: (copy)Jump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{3ff6872b-9707-8c41-b67a-99b8257606f4}Jump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008F4CA00_2_008F4CA0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007E80800_2_007E8080
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007EC1270_2_007EC127
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007EC1160_2_007EC116
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007E42000_2_007E4200
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008345B00_2_008345B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007C45FE0_2_007C45FE
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_009848600_2_00984860
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007E08800_2_007E0880
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007DEAF00_2_007DEAF0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008BAA200_2_008BAA20
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0098CBBA0_2_0098CBBA
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008ECFD00_2_008ECFD0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007C30100_2_007C3010
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0097D24E0_2_0097D24E
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007EB4610_2_007EB461
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007EF4E00_2_007EF4E0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_009916390_2_00991639
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0098F7110_2_0098F711
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00997AA70_2_00997AA7
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007EDAC00_2_007EDAC0
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668317C07_2_00007FF7668317C0
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF766824FEC7_2_00007FF766824FEC
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668347287_2_00007FF766834728
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF76682A7947_2_00007FF76682A794
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668258FA7_2_00007FF7668258FA
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668300787_2_00007FF766830078
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668156307_2_00007FF766815630
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF76682EBEC7_2_00007FF76682EBEC
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF766830B3C7_2_00007FF766830B3C
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668123407_2_00007FF766812340
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668113707_2_00007FF766811370
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668294BC7_2_00007FF7668294BC
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668331F87_2_00007FF7668331F8
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668159507_2_00007FF766815950
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF766824B107_2_00007FF766824B10
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: 9_2_00D539B09_2_00D539B0
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: 9_2_00D563509_2_00D56350
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004C20D020_2_004C20D0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004D881020_2_004D8810
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0049A83020_2_0049A830
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_00492B0020_2_00492B00
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004B730020_2_004B7300
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004B76A020_2_004B76A0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0049997020_2_00499970
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004BC11020_2_004BC110
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004F622D20_2_004F622D
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0048643020_2_00486430
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0047A57020_2_0047A570
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0049451020_2_00494510
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004F262920_2_004F2629
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004E88C020_2_004E88C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004FC8C020_2_004FC8C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004A8AF020_2_004A8AF0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0046EB6020_2_0046EB60
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004ECF5A20_2_004ECF5A
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004E4FC520_2_004E4FC5
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004C905020_2_004C9050
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0047306020_2_00473060
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004F10B020_2_004F10B0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004732C020_2_004732C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004E535320_2_004E5353
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0046F47020_2_0046F470
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004A78E020_2_004A78E0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004F797120_2_004F7971
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004BDB8020_2_004BDB80
Source: C:\Users\user\Desktop\fxsound_setup.exeSection loaded: lpk.dllJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sysJump to behavior
Source: fxsound_setup.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI4BF6.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\404a02.msiJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: String function: 007C7160 appears 48 times
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: String function: 007C9800 appears 48 times
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: String function: 007C7D00 appears 344 times
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: String function: 007C92A0 appears 51 times
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: String function: 00D51DE0 appears 54 times
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: String function: 00D56330 appears 117 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 004637D0 appears 195 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 004DCBC7 appears 35 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 00464580 appears 31 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 00462670 appears 157 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 004DD660 appears 55 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 004680D0 appears 35 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 00463660 appears 181 times
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0091F0D0 NtdllDefWindowProc_W,0_2_0091F0D0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00897A10 GetSystemDirectoryW,LoadLibraryExW,NtdllDefWindowProc_W,0_2_00897A10
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0087C330 NtdllDefWindowProc_W,0_2_0087C330
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007E2390 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection,0_2_007E2390
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007D44A0 GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W,0_2_007D44A0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007DE540 NtdllDefWindowProc_W,0_2_007DE540
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007DE6B0 IsWindow,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_007DE6B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007D4BC0 SysFreeString,SysAllocString,GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,NtdllDefWindowProc_W,SysFreeString,0_2_007D4BC0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008310D0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_008310D0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007D7190 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow,0_2_007D7190
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007D5220 NtdllDefWindowProc_W,0_2_007D5220
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007F58F0 NtdllDefWindowProc_W,0_2_007F58F0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007D78B0 NtdllDefWindowProc_W,0_2_007D78B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007E7AC0 NtdllDefWindowProc_W,0_2_007E7AC0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007D7E70 NtdllDefWindowProc_W,0_2_007D7E70
Source: fxsound_setup.exe, 00000000.00000003.1382644368.00000000057AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs fxsound_setup.exe
Source: fxsound_setup.exeBinary or memory string: OriginalFilenameviewer.exeF vs fxsound_setup.exe
Source: fxsound_setup.exeBinary or memory string: OriginalFilenamelzmaextractor.dllF vs fxsound_setup.exe
Source: fxsound_setup.exeBinary or memory string: OriginalFilenameAICustAct.dllF vs fxsound_setup.exe
Source: fxsound_setup.exeBinary or memory string: OriginalFilenamePrereq.dllF vs fxsound_setup.exe
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeProcess token adjusted: Load DriverJump to behavior
Source: C:\Windows\System32\svchost.exeProcess token adjusted: SecurityJump to behavior
Source: fxsound_setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: FxSound.lnk.2.drLNK file: ..\..\..\..\..\..\Program Files\FxSound LLC\FxSound\FxSound.exe
Source: Check for FxSound updates.lnk.2.drLNK file: ..\..\..\..\..\..\Program Files\FxSound LLC\FxSound\updater.exe
Source: FxSound.lnk0.2.drLNK file: ..\..\..\..\..\..\Program Files\FxSound LLC\FxSound\FxSound.exe
Source: FxSound.lnk1.2.drLNK file: ..\..\..\Program Files\FxSound LLC\FxSound\FxSound.exe
Source: C:\Users\user\Desktop\fxsound_setup.exeFile created: C:\Users\user\AppData\Roaming\FxSound LLCJump to behavior
Source: classification engineClassification label: mal42.evad.winEXE@28/103@2/1
Source: C:\Users\user\Desktop\fxsound_setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008DE5B0 FormatMessageW,GetLastError,0_2_008DE5B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007C9160 LoadResource,LockResource,SizeofResource,0_2_007C9160
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLCJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile read: C:\Users\user\Desktop\fxsound_setup.exeJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\fxsound_setup.exe C:\Users\user\Desktop\fxsound_setup.exe
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6BF8E8F0E65A9BE676F944F6B1AD6904 C
Source: C:\Users\user\Desktop\fxsound_setup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.x64.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\fxsound_setup.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1700145085 " AI_EUIMSI="
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 50F48E14FB205B68BFB05310562FC39D
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove *DFX12
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe "C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" check
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" install "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.inf
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{b9e6171e-db51-354e-8520-b3defe7fbf71}\fxvad.inf" "9" "4143399a7" "0000000000000158" "WinSta0\Default" "000000000000016C" "208" "c:\program files\fxsound llc\fxsound\drivers\win10\x64"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:ed86ca115cc2c934:DFX_Device:14.1.0.0:root\fxvad," "4143399a7" "0000000000000184"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /f
Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\FxSound.exe "C:\Program Files\FxSound LLC\FxSound\\FxSound.exe" @
Source: unknownProcess created: C:\Program Files\FxSound LLC\FxSound\updater.exe "C:\Program Files\FxSound LLC\FxSound\updater.exe" /silent
Source: C:\Users\user\Desktop\fxsound_setup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.x64.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\fxsound_setup.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1700145085 " AI_EUIMSI="Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 6BF8E8F0E65A9BE676F944F6B1AD6904 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 50F48E14FB205B68BFB05310562FC39DJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\FxSound.exe "C:\Program Files\FxSound LLC\FxSound\\FxSound.exe" @Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove *DFX12Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe "C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" checkJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" install "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.infJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /fJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{b9e6171e-db51-354e-8520-b3defe7fbf71}\fxvad.inf" "9" "4143399a7" "0000000000000158" "WinSta0\Default" "000000000000016C" "208" "c:\program files\fxsound llc\fxsound\drivers\win10\x64"Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:ed86ca115cc2c934:DFX_Device:14.1.0.0:root\fxvad," "4143399a7" "0000000000000184"Jump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI43F7.tmpJump to behavior
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668161B0 _invalid_parameter_noinfo_noreturn,CoCreateInstance,CoTaskMemFree,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,GetFullPathNameW,7_2_00007FF7668161B0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004D2F80 CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,QueryFullProcessImageNameW,CloseHandle,Process32NextW,CloseHandle,GetWindowThreadProcessId,GetWindowTextW,GetWindowLongW,GetWindowLongW,GetWindowLongW,GetWindowLongW,20_2_004D2F80
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1392:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7280:120:WilError_03
Source: C:\Windows\System32\drvinst.exeMutant created: \BaseNamedObjects\DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{E498B5A6-FA64-40c6-9327-9E6F15FF6546}
Source: C:\Program Files\FxSound LLC\FxSound\FxSound.exeMutant created: \Sessions\1\BaseNamedObjects\Global\juceAppLock_FxSound
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8120:120:WilError_03
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCommand line argument: RICHED20.DLL20_2_004CCA40
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCommand line argument: BT20_2_004CCA40
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCommand line argument: BT20_2_004CCA40
Source: updater.exeString found in binary or memory: -startminimized
Source: updater.exeString found in binary or memory: -startappfirst
Source: updater.exeString found in binary or memory: /install
Source: updater.exeString found in binary or memory: -installready
Source: updater.exeString found in binary or memory: /installservice
Source: fxsound_setup.exeString found in binary or memory: INSERT INTO `` (`Property`, `Order`, `Value`, `Text`) VALUES (?,?,?,?) TEMPORARYComboBoxListBoxSELECT * FROM `%s` WHERE `Property`='%s' AND `Value`='%s'SELECT * FROM `%s` WHERE `Property`='%s'EditSELECT `Message` FROM `Error` WHERE `Error` = %sSELECT `Text` FROM `UIText` WHERE `Key` = '%s'tmpALLUSERS = 1ALLUSERS = 2MSIINSTALLPERUSER = 1AI_PACKAGE_TYPE = "x64"AI_PACKAGE_TYPE = "Intel64"SELECT * FROM `Control` WHERE `Dialog_` = '%s' AND `Control` = '%s'SELECT `Attributes` FROM `Control` WHERE `Dialog_` = '%s' AND `Control` = '%s'$=3WS_BORDERWS_CAPTIONWS_CHILDWS_CHILDWINDOWWS_CLIPCHILDRENWS_CLIPSIBLINGSWS_DISABLEDWS_DLGFRAMEWS_GROUPWS_HSCROLLWS_ICONICWS_SIZEBOXWS_SYSMENUWS_TABSTOPWS_THICKFRAMEWS_VISIBLEWS_VSCROLLWS_MAXIMIZEBOXWS_MAXIMIZEWS_MINIMIZEBOXWS_MINIMIZEWS_OVERLAPPEDWINDOWWS_OVERLAPPEDWS_POPUPWINDOWWS_POPUPWS_TILEDWINDOWWS_TILEDWS_EX_ACCEPTFILESWS_EX_APPWINDOWWS_EX_CLIENTEDGEWS_EX_CONTEXTHELPWS_EX_CONTROLPARENTWS_EX_DLGMODALFRAMEWS_EX_LEFTWS_EX_LEFTSCROLLBARWS_EX_LTRREADINGWS_EX_MDICHILDWS_EX_NOPARENTNOTIFYWS_EX_OVERLAPPEDWINDOWWS_EX_PALETTEWINDOWWS_EX_RTLREADINGWS_EX_STATICEDGEWS_EX_TOOLWINDOWWS_EX_TOPMOSTWS_EX_TRANSPARENTWS_EX_WINDOWEDGEWS_EX_RIGHTSCROLLBARWS_EX_RIGHTWS_EX_LAYEREDWS_EX_NOACTIVATEWS_EX_NOINHERITLAYOUTWS_EX_LAYOUTRTLWS_EX_COMPOSITEDWS_EXAI_TRIAL_MESSAGE_BODYAI_MSM_TRIAL_MESSAGE_BODYAI_APP_FILEAI_README_FILEAI_APP_ARGSAI_RUN_AS_ADMINMsiLogFileLocation[ProgramFilesFolder][LocalAppDataFolder]Programs\[ProgramFiles64Folder][CommonFilesFolder][LocalAppDataFolder]Programs\Common\[CommonFiles64Folder][WindowsFolder][LocalAppDataFolder][SystemFolder][WindowsVolume][ProgramMenuFolder][DesktopFolder][StartupFolder][TemplateFolder][AdminToolsFolder][AI_UserProgramFiles][WindowsVolume]Program Files (x86)\[AI_ProgramFiles][WindowsVolume]Program Files\MIGRATEFindRelatedProductsMigrateFeatureStatesAI_SETMIXINSTLOCATIONAPPDIRAI_RESTORE_LOCATIONSELECT `ActionProperty` FROM `Upgrade`ActionTarget`Action`='SET_APPDIR' OR `Action`='SET_SHORTCUTDIR'CustomActionSET_APPDIRSET_SHORTCUTDIRSHORTCUTDIRProgramMenuFolderAI_SH_INITEDBrowseDlgCancelDlgDiskCostDlgExitDialogMsiRMFilesInUseOutOfDiskDlgOutOfRbDiskDlgDialog_Control_(`Control_` = 'Next' OR `Control_` = 'Install') AND `Event` = 'EndDialog' AND `Argument` = 'Return'ControlEventAI_INSTALLPERUSER = "0"ALLUSERSVersionMsi >= "5.0"2MSIINSTALLPERUSERAI_NEWINSTProductLanguageAI_INTANCE_LOCATIONAI_UPGRADENoLanguageVersionStringInstallLocationAI_REPLACE_PRODUCTSAI_Replaced_Versions_ListAI_Upgrade_Replace_Question_YesBackUp_AI_Upgrade_Question_YesAI_Upgrade_Question_YesAI_Upgrade_Replace_Question_NoBackUp_AI_Upgrade_Question_NoAI_Upgrade_Question_NoYesDELETE FROM `Shortcut` WHERE `Shortcut`.`Directory_`='%s'DELETE FROM `IniFile` WHERE `IniFile`.`Section`='InternetShortcut' AND`IniFile`.`DirProperty`='%s'SELECT * FROM `%s`ShortcutIniFileAI_DESKTOP_SH0AI_STARTMENU_SHAI_QUICKLAUNCH_SHAI_STARTUP_SHAI_SHORTCUTSREGNot InstalledDesktopFolderQuickLaunch_DirStartupFolderAI_SH_DIRProductNameRiched20.dll -user -mach
Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files\FxSound LLC\FxSound\updater.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: fxsound_setup.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLCJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSoundJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\FxSound.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\DriversJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\AppsJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\updater.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxInstall.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvadntamd64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvadntx86.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvadntamd64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvadntx86.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\FactsoftJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\1.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\10.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\11.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\12.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\2.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\3.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\4.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\5.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\6.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\7.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\8.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\9.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Bold.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Medium.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Regular.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Bold.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Medium.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Regular.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Bold.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Medium.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Regular.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Medium.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Regular.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\updater.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FxSound 1.1.20.0Jump to behavior
Source: fxsound_setup.exeStatic file information: File size 46914960 > 1048576
Source: fxsound_setup.exeStatic PE information: certificate valid
Source: fxsound_setup.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x237c00
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: fxsound_setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wininet.pdb source: fxsound_setup.exe, 00000000.00000003.1382644368.00000000057AC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\Release\fxdevcon32.pdb" source: fxdevcon32.exe0.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\Updater.pdb source: updater.exe, 00000014.00000002.1600834899.0000000000514000.00000002.00000001.01000000.0000000E.sdmp, updater.exe, 00000014.00000000.1572031841.0000000000514000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\code32\Mains\DfxSetupDrv\Release\DfxSetupDrv.pdbNN(GCTL source: DfxSetupDrv.exe, 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe, 00000009.00000000.1460979745.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Project\x64\Release\App\FxSound.pdb source: FxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb? source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\Release\fxdevcon32.pdb source: fxdevcon32.exe0.2.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\x64\Release\fxdevcon64.pdb source: fxdevcon64.exe, 00000007.00000000.1456039657.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000B.00000000.1476235358.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000B.00000002.1551653891.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe0.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr
Source: Binary string: wininet.pdbUGP source: fxsound_setup.exe, 00000000.00000003.1382644368.00000000057AC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\code32\Mains\DfxSetupDrv\Release\DfxSetupDrv.pdb source: DfxSetupDrv.exe, 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe, 00000009.00000000.1460979745.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: C:\Users\Vijay\Documents\Projects\FxSound\fxsound-driver\fxvad\pcmex\x64\Release\fxvad.pdb source: drvinst.exe, 0000000E.00000003.1523404397.0000020532931000.00000004.00000020.00020000.00000000.sdmp, fxvad.sys1.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: fxsound_setup.exe
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\x64\Release\fxdevcon64.pdb source: fxdevcon64.exe, 00000007.00000000.1456039657.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000B.00000000.1476235358.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000B.00000002.1551653891.00007FF766839000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe0.2.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdbo source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.dr
Source: fxsound_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: fxsound_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: fxsound_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: fxsound_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: fxsound_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_0123C9A2 pushad ; iretd 0_3_0123CEA9
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_0123F7E0 push ecx; ret 0_3_0123F811
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_0123F87D push ebx; ret 0_3_0123F889
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_009751AE push ecx; ret 0_2_009751C1
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008BB3E0 push ecx; mov dword ptr [esp], 3F800000h0_2_008BB516
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007DB860 push ecx; mov dword ptr [esp], ecx0_2_007DB861
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: 9_2_00D59276 push ecx; ret 9_2_00D59289
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004DD1AC push ecx; ret 20_2_004DD1BF
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008DE740 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_008DE740
Source: shi4678.tmp.0.drStatic PE information: 0xC7FEC470 [Wed Apr 29 05:06:56 2076 UTC]
Source: shi4678.tmp.0.drStatic PE information: section name: .wpp_sf
Source: shi4678.tmp.0.drStatic PE information: section name: .didat
Source: FxSound.exe.2.drStatic PE information: section name: _RDATA
Source: fxdevcon64.exe.2.drStatic PE information: section name: _RDATA
Source: fxdevcon64.exe0.2.drStatic PE information: section name: _RDATA
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4E3E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D10.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D40.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D7F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\updater.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sysJump to dropped file
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeFile created: C:\Users\user\AppData\Local\Temp\{b9e6171e-db51-354e-8520-b3defe7fbf71}\SET6F6E.tmpJump to dropped file
Source: C:\Users\user\Desktop\fxsound_setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSI4706.tmpJump to dropped file
Source: C:\Users\user\Desktop\fxsound_setup.exeFile created: C:\Users\user\AppData\Local\Temp\shi4678.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI536F.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{3ff6872b-9707-8c41-b67a-99b8257606f4}\SET74DC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\FxSound.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4BF6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxInstall.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DEF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DBF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI536F.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{3ff6872b-9707-8c41-b67a-99b8257606f4}\SET74DC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4E3E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4BF6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D10.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D40.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4D7F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DEF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4DBF.tmpJump to dropped file

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /f
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSoundJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FxSound.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound\Check for FxSound updates.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound\FxSound.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FxSound.lnkJump to behavior
Source: C:\Windows\System32\drvinst.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FXVAD

Hooking and other Techniques for Hiding and Protection

barindex
Tries to open files direct via NTFS file id
Source: C:\Windows\System32\drvinst.exeFile opened: C:\Windows\System32\drivers
Source: C:\Windows\System32\drvinst.exeFile opened: C:\Windows\System32\drivers
Source: C:\Windows\System32\drvinst.exeFile opened: C:\Windows\System32\drivers
Source: C:\Users\user\Desktop\fxsound_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FxSound LLC\FxSound\FxSound.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FxSound LLC\FxSound\FxSound.exeProcess information set: NOGPFAULTERRORBOX

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleepgraph_9-3517
Contains functionality to detect sleep reduction / modifications
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0047F5F020_2_0047F5F0
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeAPI coverage: 4.8 %
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeAPI coverage: 5.4 %
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0047F5F020_2_0047F5F0
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exeJump to dropped file
Source: C:\Users\user\Desktop\fxsound_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi4678.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{3ff6872b-9707-8c41-b67a-99b8257606f4}\SET74DC.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4E3E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4D10.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4D40.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4DEF.tmpJump to dropped file
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{b9e6171e-db51-354e-8520-b3defe7fbf71}\SET6F6E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4DBF.tmpJump to dropped file
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF766818C60 SetupDiGetClassDevsW,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyW,SetupDiEnumDeviceInfo,SetupDiDestroyDeviceInfoList,SetupDiRemoveDevice,SetupDiDestroyDeviceInfoList,7_2_00007FF766818C60
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00909310 _wcsrchr,_wcsrchr,GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection,0_2_00909310
Source: updater.exe, 00000014.00000002.1600932305.00000000006E7000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000002.1600932305.0000000000681000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_009719D1 VirtualQuery,GetSystemInfo,0_2_009719D1
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00900640 FindFirstFileW,FindClose,CloseHandle,CloseHandle,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_00900640
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008DB1B0 FindFirstFileW,GetLastError,FindClose,0_2_008DB1B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0090A4B0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_0090A4B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0090A8B0 FindFirstFileW,FindClose,0_2_0090A8B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008DA850 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,0_2_008DA850
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007E0880 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW,0_2_007E0880
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008DABE0 FindFirstFileW,GetFileAttributesW,SetFileAttributesW,GetFileAttributesW,FindNextFileW,0_2_008DABE0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008E8F30 FindFirstFileW,FindClose,FindClose,0_2_008E8F30
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008BFE80 FindFirstFileW,FindNextFileW,FindClose,0_2_008BFE80
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668317C0 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,7_2_00007FF7668317C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0046E2C0 GetLastError,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindClose,20_2_0046E2C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004F3F59 FindFirstFileExW,20_2_004F3F59
Source: C:\Users\user\Desktop\fxsound_setup.exeFile Volume queried: C:\Users\user\AppData\Roaming FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile Volume queried: C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile Volume queried: C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile Volume queried: C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008DE740 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_008DE740
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_009741D9 mov esi, dword ptr fs:[00000030h]0_2_009741D9
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0098E8FB mov eax, dword ptr fs:[00000030h]0_2_0098E8FB
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0098E93F mov eax, dword ptr fs:[00000030h]0_2_0098E93F
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0097FDF7 mov ecx, dword ptr fs:[00000030h]0_2_0097FDF7
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004EA021 mov ecx, dword ptr fs:[00000030h]20_2_004EA021
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004DB4B4 mov esi, dword ptr fs:[00000030h]20_2_004DB4B4
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004F3D58 mov eax, dword ptr fs:[00000030h]20_2_004F3D58
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\FxSound.exe "C:\Program Files\FxSound LLC\FxSound\\FxSound.exe" @Jump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00979913 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00979913
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_00488E20 CreateFileW,GetLastError,OutputDebugStringW,OutputDebugStringW,SetFilePointer,FlushFileBuffers,WriteFile,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,OutputDebugStringW,WriteFile,WriteFile,FlushFileBuffers,FlushFileBuffers,20_2_00488E20
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00974245 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,0_2_00974245
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007FAEA0 __set_se_translator,SetUnhandledExceptionFilter,0_2_007FAEA0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00974CCD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00974CCD
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_007FD8C0 __set_se_translator,SetUnhandledExceptionFilter,0_2_007FD8C0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00979913 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00979913
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF76681CFC0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF76681CFC0
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF76681C4D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_00007FF76681C4D8
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF76681D168 SetUnhandledExceptionFilter,7_2_00007FF76681D168
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF766822AA8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00007FF766822AA8
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: 9_2_00D59074 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00D59074
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: 9_2_00D58C17 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_00D58C17
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: 9_2_00D591D6 SetUnhandledExceptionFilter,9_2_00D591D6
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004DCC13 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,20_2_004DCC13
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004DD270 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_004DD270
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004DD403 SetUnhandledExceptionFilter,20_2_004DD403
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_004E1813 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,20_2_004E1813
Source: C:\Users\user\Desktop\fxsound_setup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\fxsound llc\fxsound 1.1.20.0\install\fxsound.x64.msi" ai_setupexepath=c:\users\user\desktop\fxsound_setup.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1700145085 " ai_euimsi="
Source: C:\Users\user\Desktop\fxsound_setup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\fxsound llc\fxsound 1.1.20.0\install\fxsound.x64.msi" ai_setupexepath=c:\users\user\desktop\fxsound_setup.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1700145085 " ai_euimsi="Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove *DFX12Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe "C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" checkJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" install "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.infJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /fJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_008DCF90 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,FindCloseChangeNotification,0_2_008DCF90
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 20_2_0048DE30 LocalFree,LocalFree,LocalFree,GetLastError,SetEntriesInAclW,LocalAlloc,GetLastError,InitializeSecurityDescriptor,GetLastError,LocalFree,SetSecurityDescriptorDacl,GetLastError,LocalFree,CreateFileW,SetFilePointer,LocalFree,LocalFree,LocalFree,20_2_0048DE30
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,0_2_009030D0
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: EnumSystemLocalesW,7_2_00007FF76682BFF0
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: EnumSystemLocalesW,7_2_00007FF7668350E8
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: EnumSystemLocalesW,7_2_00007FF766835018
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: GetLocaleInfoW,7_2_00007FF7668355D4
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_00007FF766835524
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_00007FF766835700
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: GetLocaleInfoW,7_2_00007FF7668353CC
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,7_2_00007FF766834CCC
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: GetLocaleInfoW,7_2_00007FF76682C430
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_00007FF766835180
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: EnumSystemLocalesW,20_2_004F01BA
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,20_2_004F0664
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,20_2_004F677C
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: EnumSystemLocalesW,20_2_004F6A69
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: EnumSystemLocalesW,20_2_004F6A1E
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: EnumSystemLocalesW,20_2_004F6B04
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,20_2_004F6B8F
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,20_2_004F6DE2
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,20_2_004F6F0B
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,20_2_004F7011
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,20_2_004F70E0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,20_2_0046B6B0
Source: C:\Users\user\Desktop\fxsound_setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeQueries volume information: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvadntamd64.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{3ff6872b-9707-8c41-b67a-99b8257606f4}\fxvadNTAMD64.cat VolumeInformationJump to behavior
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF766818C60 SetupDiGetClassDevsW,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyW,SetupDiEnumDeviceInfo,SetupDiDestroyDeviceInfoList,SetupDiRemoveDevice,SetupDiDestroyDeviceInfoList,7_2_00007FF766818C60
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 7_2_00007FF7668311E0 cpuid 7_2_00007FF7668311E0
Source: C:\Users\user\Desktop\fxsound_setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0090CF60 InitializeCriticalSection,EnterCriticalSection,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,LeaveCriticalSection,GetLocalTime,0_2_0090CF60
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_009181C0 GetUserNameW,GetUserNameW,GetLastError,GetUserNameW,GetEnvironmentVariableW,GetEnvironmentVariableW,RegDeleteValueW,RegCloseKey,RegCloseKey,RegQueryInfoKeyW,RegCloseKey,RegCloseKey,RegDeleteKeyW,RegCloseKey,RegDeleteValueW,RegCloseKey,0_2_009181C0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_009198C0 CreateNamedPipeW,CreateFileW,0_2_009198C0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
1
Replication Through Removable Media		11
Native API		1
LSASS Driver		1
LSASS Driver		1
Disable or Modify Tools		OS Credential Dumping1
System Time Discovery		1
Replication Through Removable Media		1
Archive Collected Data		Exfiltration Over Other Network Medium2
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default Accounts13
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
Encrypted Channel		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain Accounts1
Scheduled Task/Job		21
Windows Service		21
Windows Service		2
Obfuscated Files or Information		Security Account Manager1
Account Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Non-Application Layer Protocol		Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCron1
Scheduled Task/Job		12
Process Injection		1
Timestomp		NTDS4
File and Directory Discovery		Distributed Component Object ModelInput CaptureTraffic Duplication3
Application Layer Protocol		Data DestructionVirtual Private ServerEmployee Names
Cloud AccountsLaunchd2
Registry Run Keys / Startup Folder		1
Scheduled Task/Job		1
DLL Side-Loading		LSA Secrets45
System Information Discovery		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
Replication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder		1
File Deletion		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
External Remote ServicesSystemd TimersStartup ItemsStartup Items33
Masquerading		DCSync141
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
Process Injection		Proc Filesystem2
Process Discovery		Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
Exploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedExfiltration Over Symmetric Encrypted Non-C2 ProtocolWeb ProtocolsInternal DefacementMalvertisingNetwork Topology

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1343637 Sample: fxsound_setup.exe Startdate: 16/11/2023 Architecture: WINDOWS Score: 42 68 drive.fxsound.com 2->68 70 download.fxsound.com 2->70 72 Found evasive API chain (may stop execution after checking mutex) 2->72 74 Contains functionality to detect sleep reduction / modifications 2->74 9 msiexec.exe 150 115 2->9         started        12 svchost.exe 2 2->12         started        14 fxsound_setup.exe 26 2->14         started        16 updater.exe 2->16         started        signatures3 process4 dnsIp5 52 C:\Program Files\FxSound LLC\...\updater.exe, PE32 9->52 dropped 54 C:\Program Files\...\DfxSetupDrv.exe, PE32 9->54 dropped 56 C:\Windows\Installer\MSI536F.tmp, PE32 9->56 dropped 62 19 other files (none is malicious) 9->62 dropped 19 msiexec.exe 9->19         started        22 msiexec.exe 9->22         started        24 FxSound.exe 9->24         started        26 drvinst.exe 12->26         started        28 drvinst.exe 8 12 12->28         started        58 C:\Users\user\AppData\Local\...\shi4678.tmp, PE32+ 14->58 dropped 60 C:\Users\user\AppData\Local\...\MSI4706.tmp, PE32 14->60 dropped 31 msiexec.exe 5 14->31         started        66 drive.fxsound.com 45.79.74.123, 443, 49712, 49713 LINODE-APLinodeLLCUS United States 16->66 file6 process7 file8 76 Uses schtasks.exe or at.exe to add and modify task schedules 19->76 33 fxdevcon64.exe 9 9 22->33         started        36 DfxSetupDrv.exe 3 22->36         started        38 fxdevcon64.exe 1 22->38         started        40 schtasks.exe 22->40         started        78 Tries to open files direct via NTFS file id 26->78 64 C:\Windows\System32\...\SET74DC.tmp, PE32+ 28->64 dropped signatures9 process10 file11 50 C:\Users\user\AppData\Local\...\SET6F6E.tmp, PE32+ 33->50 dropped 42 conhost.exe 33->42         started        44 conhost.exe 36->44         started        46 conhost.exe 38->46         started        48 conhost.exe 40->48         started        process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
fxsound_setup.exe0%ReversingLabs
fxsound_setup.exe0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\FxSound LLC\FxSound\Apps\DfxInstall.dll0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Apps\DfxInstall.dll0%VirustotalBrowse
C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe0%VirustotalBrowse
C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exe0%VirustotalBrowse
C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exe0%VirustotalBrowse
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe0%VirustotalBrowse
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sys0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sys0%VirustotalBrowse
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exe0%VirustotalBrowse
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.sys0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.sys0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.sys0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\FxSound.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\updater.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSI4706.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shi4678.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{b9e6171e-db51-354e-8520-b3defe7fbf71}\SET6F6E.tmp0%ReversingLabs
C:\Windows\Installer\MSI4BF6.tmp0%ReversingLabs
C:\Windows\Installer\MSI4D10.tmp0%ReversingLabs
C:\Windows\Installer\MSI4D40.tmp0%ReversingLabs
C:\Windows\Installer\MSI4D7F.tmp0%ReversingLabs
C:\Windows\Installer\MSI4DBF.tmp0%ReversingLabs
C:\Windows\Installer\MSI4DEF.tmp0%ReversingLabs
C:\Windows\Installer\MSI4E3E.tmp0%ReversingLabs
C:\Windows\Installer\MSI536F.tmp0%ReversingLabs
C:\Windows\System32\DriverStore\Temp\{3ff6872b-9707-8c41-b67a-99b8257606f4}\SET74DC.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://sketch.com0%URL Reputationsafe
https://sketch.com0%URL Reputationsafe
https://forms.gle/ATx1ayXDWRaMdiR59:Take0%Avira URL Cloudsafe
https://forms.gle/ATx1ayXDWRaMdiR590%Avira URL Cloudsafe
https://forum.fxsound.comG0%Avira URL Cloudsafe
http://crl3.digiD0%Avira URL Cloudsafe
http://crl3.di0%Avira URL Cloudsafe
http://www.fxsound.comid0%Avira URL Cloudsafe
http://www.fxsound.comd0%Avira URL Cloudsafe
https://forms.gle/ATx1ayXDWRaMdiR59:Take0%VirustotalBrowse
https://forum.fxsound.com%0%Avira URL Cloudsafe
http://ocsp.digicer0%Avira URL Cloudsafe
https://forms.gle/ATx1ayXDWRaMdiR590%VirustotalBrowse
https://postman-echo.comdaveHttpClient0%Avira URL Cloudsafe
http://Locationftp:juceftp://https://GetAdaptersAddressesiphlpapi.dllhttps:0%Avira URL Cloudsafe
https://postman-echo.com0%Avira URL Cloudsafe
https://postman-echo.com0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
download.fxsound.com
45.79.74.123
truefalse
    		high
    drive.fxsound.com
    		45.79.74.123
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://drive.fxsound.com/cs/sgMPaBYtQvliu88/downloads3.fxsound.com/fxsound/1.1.20.0/updates.txt/downloadfalse
        		high
        https://download.fxsound.com/updatesfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://www.fxsound.com/learning-centerMSI54E7.tmp.2.drfalse
            		high
            http://www.fxsound.comfxdevcon64.exe, 0000000B.00000003.1478555908.000001CCAF499000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1549322260.000001CCAF4EF000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1484296055.000001CCAF4FD000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1487592875.000001CCAF4F2000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486450383.000001CCAF4FA000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1477028350.000001CCAF464000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486128835.000001CCAF4F2000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1484296055.000001CCAF502000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1488333577.000001CCAF46C000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486450383.000001CCAF4F2000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000002.1551091054.000001CCAF4F0000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486450383.000001CCAF502000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1496603587.0000020532423000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1496033222.000002053240E000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1528929684.0000020532427000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1495120602.0000020532418000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1496759769.0000020532419000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1493645036.0000020532418000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1492790054.0000020532414000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1491919648.000002053240C000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000002.1532451790.00000205323F5000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://www.fxsound.com/changelog%MSI54E7.tmp.2.drfalse
                		high
                https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exeIE5updater.exe, 00000014.00000002.1600932305.00000000006BC000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://www.fxsound.com/learning-center/installation-troubleshootingFXSOUND_OopsFxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                    		high
                    http://crl3.difxsound_setup.exe, 00000000.00000003.1569176251.00000000012DA000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568506889.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1569077914.00000000012B4000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568045919.000000000128F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568935644.00000000012A6000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.fxsound.com/learning-centerARPNOMODIFYEnableUserControlARPNOREPAIRARPSYSTEMCOMPONENTARPUfxsound.x64.msi.0.drfalse
                      		high
                      https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exeupdater.exe, 00000014.00000003.1600408832.0000000002ED0000.00000004.00000800.00020000.00000000.sdmp, updater.exe, 00000014.00000002.1600932305.00000000006E7000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599367575.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599073454.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599367575.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000002.1601081772.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000002.1601081772.00000000006F9000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://forms.gle/ATx1ayXDWRaMdiR59:TakeFxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        https://sketch.comFxSound.exe.2.drfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://www.fxsound.com/presetsFxSound.exe.2.drfalse
                          		high
                          https://www.fxsound.com/learning-center/no-sound-with-fxsound-realtekFxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                            		high
                            https://drive.fxsound.com/cs/sgMPaBYtQvliu88/downloads3.fxsound.com/fxsound/1.1.20.0/updates.txt/dowupdater.exe, 00000014.00000002.1600932305.00000000006DA000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599073454.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000002.1600932305.0000000000681000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599367575.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599073454.00000000006F3000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1590052056.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599128981.00000000006F6000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://james722808.typeform.com/to/QfEP5QrPSupporthttps://www.fxsound.com/learning-centerChangelog;FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                                		high
                                https://www.fxsound.com/supportFxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000002.2631856479.00000198400EC000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe.2.drfalse
                                  		high
                                  https://james722808.typeform.com/to/QfEP5QrPFxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                                    		high
                                    https://www.fxsound.com/supportNFxSound.exe, 00000013.00000002.2631856479.00000198400EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.paypal.com/donate/?hosted_button_id=JVNQGYXCQ2GPGFxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                                        		high
                                        https://download.fxsound.com/updatesterupdater.exe, 00000014.00000002.1600932305.0000000000678000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://forum.fxsound.comMSI54E7.tmp.2.drfalse
                                            		high
                                            https://download.fxsound.com/fxsoundlatestupdater.exe, 00000014.00000002.1601081772.00000000006F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://forms.gle/ATx1ayXDWRaMdiR59FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://download.fxsound.com/updater.exe, 00000014.00000002.1600932305.00000000006BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.fxsound.com/learning-center7)vfxsound_setup.exe, 00000000.00000002.1572184771.00000000067EC000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568144250.00000000067E3000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568225437.00000000067E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.fxsound.com/learning-center/no-sound-with-fxsound-realtekPresetFxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                                                    		high
                                                    http://crl3.digiDfxsound_setup.exe, 00000000.00000003.1569176251.00000000012DA000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568506889.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1569077914.00000000012B4000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568045919.000000000128F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568935644.00000000012A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://download.fxsound.com/updatesffxsound_setup.exe, 00000000.00000003.1382279118.0000000006810000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://forum.fxsound.comGfxsound_setup.exe, 00000000.00000003.1568095758.0000000006807000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568407036.000000000680C000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000002.1572363756.000000000681D000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1569195741.0000000006811000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1569663597.000000000681C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.fxsound.com/learning-center/installation-troubleshooting.FxSound.exe, 00000013.00000002.2632982103.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2365194503.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2053751329.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2107623897.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2364698447.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2054170500.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2108143491.0000019841C54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.fxsound.com/changelogFxSound.exe.2.drfalse
                                                          		high
                                                          https://drive.fxsound.com/updater.exe, 00000014.00000003.1599073454.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000003.1599367575.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000014.00000002.1601081772.00000000006F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://download.fxsound.com/updatespupdater.exe, 00000014.00000002.1600932305.0000000000681000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.fxsound.com/blog/fxsound-is-now-completely-free=cfxsound_setup.exe, 00000000.00000002.1572015870.00000000067C8000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568144250.00000000067C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.fxsound.com/learning-center%MSI54E7.tmp.2.drfalse
                                                                  		high
                                                                  http://www.fxsound.comiddrvinst.exe, 0000000E.00000003.1523489054.0000020532911000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.fxsound.com/changelogIONti(fxsound_setup.exe, 00000000.00000002.1572184771.00000000067EC000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568144250.00000000067E3000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568225437.00000000067E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.fxsound.com/changelog.ClickFxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                                                                      		high
                                                                      https://www.thawte.com/cps0/fxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.drfalse
                                                                        		high
                                                                        https://www.fxsound.com/changelogenterfxsound_setup.exe, 00000000.00000002.1572184771.00000000067EC000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568144250.00000000067E3000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568225437.00000000067E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://download.fxsound.com/updates?updater.exe, 00000014.00000002.1600932305.0000000000681000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.paypal.com/donate/?hosted_button_id=JVNQGYXCQ2GPG1.1.20.0FxSound.exe, 00000013.00000002.2634098994.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000013.00000000.1564471060.00007FF71EF3B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                                                                              		high
                                                                              http://www.fxsound.comdfxdevcon64.exe, 0000000B.00000003.1478555908.000001CCAF49F000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1487886959.000001CCAF4CD000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486684884.000001CCAF4D0000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1478600335.000001CCAF4A6000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1485206126.000001CCAF519000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1478641204.000001CCAF471000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1477028350.000001CCAF46A000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1484263589.000001CCAF516000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486552595.000001CCAF4CD000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1486128835.000001CCAF4CD000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1482844106.000001CCAF487000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1488236237.000001CCAF4D0000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000B.00000003.1485074247.000001CCAF518000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1495718197.0000020532436000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1492496102.000002053240B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1490792749.0000020532410000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1492217232.0000020532419000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1493087738.0000020532419000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1493645036.0000020532434000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1492496102.0000020532419000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000E.00000003.1523489054.0000020532911000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.thawte.com/repository0Wfxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.drfalse
                                                                                		high
                                                                                https://download.fxsound.com/fxsoundlatestoadupdater.exe, 00000014.00000002.1601081772.00000000006F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.advancedinstaller.comfxsound_setup.exe, fxsound.x64.msi.0.dr, MSI4D7F.tmp.2.dr, MSI4E3E.tmp.2.drfalse
                                                                                    		high
                                                                                    https://www.fxsound.com/learning-center/installation-troubleshootingFxSound.exe, 00000013.00000002.2632982103.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2365194503.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2053751329.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2107623897.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2364698447.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2054170500.0000019841C54000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000013.00000003.2108143491.0000019841C54000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://forum.fxsound.com%MSI54E7.tmp.2.drfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		low
                                                                                      http://ocsp.digicerfxsound_setup.exe, 00000000.00000003.1568506889.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568045919.000000000128F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568935644.00000000012A6000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000002.1570771672.00000000012A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://s3.amazonaws.com/downloads3.fxsound.com/fxsound/2/updates.txtMSI54E7.tmp.2.drfalse
                                                                                        		high
                                                                                        https://www.fxsound.com/blog/fxsound-is-now-completely-freetSfxsound_setup.exe, 00000000.00000003.1568506889.00000000012A0000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1569077914.00000000012B4000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568045919.000000000128F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568935644.00000000012A6000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000002.1570793010.00000000012B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://juce.comFxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                                                                                            		high
                                                                                            https://postman-echo.comdaveHttpClientFxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.fxsound.com/blog/fxsound-is-now-completely-freeCfxsound_setup.exe, 00000000.00000003.1375871358.00000000012AA000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1375613892.00000000012A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.fxsound.com/changelog335fxsound_setup.exe, 00000000.00000002.1572184771.00000000067EC000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568144250.00000000067E3000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1568225437.00000000067E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://Locationftp:juceftp://https://GetAdaptersAddressesiphlpapi.dllhttps:FxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		low
                                                                                                https://postman-echo.comFxSound.exe, 00000013.00000000.1564471060.00007FF71EF64000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.2.drfalse
                                                                                                • 0%, Virustotal, Browse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown

                                                                                                World Map of Contacted IPs

                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs

                                                                                                Public IPs

                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                45.79.74.123
                                                                                                		download.fxsound.comUnited States
                                                                                                		63949LINODE-APLinodeLLCUSfalse

                                                                                                General Information

                                                                                                Joe Sandbox Version:38.0.0 Ammolite
                                                                                                Analysis ID:1343637
                                                                                                Start date and time:2023-11-16 15:32:37 +01:00
                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                Overall analysis duration:0h 9m 54s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                Number of analysed new started processes analysed:25
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:0
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Sample file name:fxsound_setup.exe
                                                                                                Detection:MAL
                                                                                                Classification:mal42.evad.winEXE@28/103@2/1
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 80%
                                                                                                HCA Information:Failed
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .exe

                                                                                                Warnings

                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                • Execution Graph export aborted for target FxSound.exe, PID 5508 because there are no executed function
                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                Simulations

                                                                                                Behavior and APIs

                                                                                                TimeTypeDescription
                                                                                                15:34:02Task SchedulerRun new task: Update path: "C:\Program Files\FxSound LLC\FxSound\updater.exe" s>/silent

                                                                                                Joe Sandbox View / Context

                                                                                                IPs

                                                                                                No context

                                                                                                Domains

                                                                                                No context

                                                                                                ASNs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                LINODE-APLinodeLLCUSSecuriteInfo.com.Win32.RATX-gen.10863.32284.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 45.33.104.46
                                                                                                SecuriteInfo.com.Trojan.Inject4.59820.15812.20006.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 45.33.104.46
                                                                                                137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                                                                • 45.33.6.223
                                                                                                https://app.box.com/s/66xk2tdm22emcw1byhrb0qse73en82rpGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 50.116.10.131
                                                                                                approval_order_PO.docx.docGet hashmaliciousRemcosBrowse
                                                                                                • 45.33.42.226
                                                                                                https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=gweninglis.com.au/hsg/dlajklshj/ukjwyskw02#d29qY2llY2gudXJiYW5jenlrQGtnaG0uY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 172.104.63.236
                                                                                                https://brelif.net/acd/ab4/tac.phpGet hashmaliciousUnknownBrowse
                                                                                                • 139.162.78.222
                                                                                                SecuriteInfo.com.Win32.PWSX-gen.1807.23407.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 45.33.104.46
                                                                                                Doc606112.xlsGet hashmaliciousAgentTeslaBrowse
                                                                                                • 45.33.42.226
                                                                                                https://jetchage.shopGet hashmaliciousUnknownBrowse
                                                                                                • 50.116.10.131
                                                                                                http://jetchage.shopGet hashmaliciousUnknownBrowse
                                                                                                • 50.116.10.131
                                                                                                https://vf229ak2.page.link/iDzQGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 172.104.121.22
                                                                                                RFQ_No._64002292TMS.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                • 72.14.184.19
                                                                                                Item_Design_367828.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                • 173.255.247.91
                                                                                                Company_profile_081123.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                • 173.255.247.91
                                                                                                BL_NS11062302_42500.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                • 173.255.247.91
                                                                                                Korea_Order-68652781178.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                • 45.33.42.226
                                                                                                http://www.nice.org/guidance/cg169Get hashmaliciousUnknownBrowse
                                                                                                • 45.33.30.197
                                                                                                https://secure.payment-gateway.microransom.us/XZHpGV1ZURTNSMFFyYW10dFVYVktaSEZoUlU5c0wwWllLMFpZV0dVM2JHSnliWEZYWVdRNWNVZHJSazVpWmxad1QwRkJURzUwWkVoRmEyOVlaMFkyUm5Kd2RXSjRRemRuU0dKek1rNUNRV3RZZEM5MlZXVnJXR3RKV0hsWWExbzJTekZrUjNsYVlsUnhSazV6YW5NelVIazFORUppV25JNFNrdFhSWG80VjFSTk4wb3ZXUzlaVFZGclJVdHJVbEl5ZEZKSmNuQnRNbXBuYVdOVFJ6UlFZa3hxTjBkbFFUY3dkRFpoWTFnd1dqbEdOMU5WTDBncmNTdFphbnBCUkVscExTMXNMMUJQU1VKcVdteHBXV2R6Y0hoSEx6RnRWME4zUFQwPS0tMWMwZGQwOWYwYWYzYmM3YTA3YjM5YWQ2YzBiMzY4NzdhMDI1OGZlYw==?cid=1785382594Get hashmaliciousUnknownBrowse
                                                                                                • 173.255.203.101
                                                                                                setuo.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                • 45.79.14.106

                                                                                                JA3 Fingerprints

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                37f463bf4616ecd445d4a1937da06e19Watchercli.exeGet hashmaliciousRemcosBrowse
                                                                                                • 45.79.74.123
                                                                                                tsnsign.exeGet hashmaliciousRemcosBrowse
                                                                                                • 45.79.74.123
                                                                                                securitydriver_debug.exeGet hashmaliciousRemcosBrowse
                                                                                                • 45.79.74.123
                                                                                                QmVFwFfFIy.exeGet hashmaliciousVidarBrowse
                                                                                                • 45.79.74.123
                                                                                                Transferencia-30.000,00 EURpdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                • 45.79.74.123
                                                                                                HP5CG01225WR_Update.jsGet hashmaliciousUnknownBrowse
                                                                                                • 45.79.74.123
                                                                                                w2JY8zNo18.exeGet hashmaliciousVidarBrowse
                                                                                                • 45.79.74.123
                                                                                                HP5CG0394BMG_Update.jsGet hashmaliciousUnknownBrowse
                                                                                                • 45.79.74.123
                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                • 45.79.74.123
                                                                                                56F2F2548297D7B72AF40B7898D1DABE2DCB809038898.exeGet hashmaliciousUnknownBrowse
                                                                                                • 45.79.74.123
                                                                                                56F2F2548297D7B72AF40B7898D1DABE2DCB809038898.exeGet hashmaliciousUnknownBrowse
                                                                                                • 45.79.74.123
                                                                                                Transferencia.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                • 45.79.74.123
                                                                                                file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                • 45.79.74.123
                                                                                                serverInstallv4.exeGet hashmaliciousRemcosBrowse
                                                                                                • 45.79.74.123
                                                                                                Odconfig.exeGet hashmaliciousRemcosBrowse
                                                                                                • 45.79.74.123
                                                                                                plHost.exeGet hashmaliciousRemcosBrowse
                                                                                                • 45.79.74.123
                                                                                                SecuriteInfo.com.Trojan.PWS.Steam.36751.7877.27701.exeGet hashmaliciousVidarBrowse
                                                                                                • 45.79.74.123
                                                                                                syncchannel_alpha_v1.exeGet hashmaliciousRemcosBrowse
                                                                                                • 45.79.74.123
                                                                                                wizarddaemon.exeGet hashmaliciousRemcosBrowse
                                                                                                • 45.79.74.123
                                                                                                Installpluginv3.exeGet hashmaliciousRemcosBrowse
                                                                                                • 45.79.74.123

                                                                                                Dropped Files

                                                                                                No context

                                                                                                Created / dropped Files

                                                                                                (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):10590
                                                                                                Entropy (8bit):7.254430659006022
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:1OgjZ7OPJCbngEw9JPgXkhYCClQBcA5E8qnajEzHbC:18UuLh3Cl+x5E8l4zu
                                                                                                MD5:ACDAAE5D1219E7703285C42F774BE54D
                                                                                                SHA1:47DF82D8C843BF1ADC098A26E9E3E27217B3104D
                                                                                                SHA-256:25C8DAE186155D20F74FEEDEFB4F84161E4215925B8FD0C898F68F3E50EBCD7D
                                                                                                SHA-512:83B663222FB22B1760EA8551D19557F3F2905BFAC205B380B23DD7F2A65A37B851A3C3C345E4A768B76700BB891B97C96A0DBBB58D81358993293AD1EB3E300A
                                                                                                Malicious:false
                                                                                                Preview:0.)Z..*.H........)K0.)G...1.0...`.H.e......0.....+.....7......0...0...+.....7.....7.M&...A.f..B....210319161347Z0...+.....7.....0..?0....#..6yS{.I..^o.Q{.A.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0.... Kt=..].....&...m.ng..,.....Q...|1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... Kt=..].....&...m.ng..,.....Q...|0... ..\...{...*p$..B.F.C8..C.p....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..\...{...*p$..B.F.C8..C.p....0.....w7=-{x|<....8....O.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s......C0..?0....+.....7......0.....S.u.

                                                                                                C:\Config.Msi\404a04.rbs

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:modified
                                                                                                Size (bytes):19455
                                                                                                Entropy (8bit):5.803798362752378
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:OZsrtD0eThIJrhyKcHZbjUml+a9FEa9FA9/O:O2rh0eThIJrYiM+a96a9G2
                                                                                                MD5:1FFCE01CA40BC733E37A9DEA4301968F
                                                                                                SHA1:5CA2A1F42DF553AB99D3B466F5F241E453784F37
                                                                                                SHA-256:CB1D84C57D10CC58341762BF77BA9827D8DF5DFE612C32FE01EC7B578B39D096
                                                                                                SHA-512:51568DD71C70418F51E01A964978AFD4D7930E8D634568154D7A93B8E98A721B716C779BEBA5F9430CA34DE5D33DE4DEC987C9D93224404D9AD9876523C05FA3
                                                                                                Malicious:false
                                                                                                Preview:...@IXOS.@.....@8|pW.@.....@.....@.....@.....@.....@......&.{14600665-0165-49E8-8017-D1BD6A290335}..FxSound..fxsound.x64.msi.@.....@.....@.....@......fxsound.exe..&.{D5DE046A-A59D-4852-B552-7C613C8DBEAF}.....@.....@.....@.....@.......@.....@.....@.......@......FxSound......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{215927B7-6543-4106-B941-F33B96B65E3B}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{82E872A6-8D59-4785-92C3-8BBFF79EB0E4}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{E6F40D13-6200-4931-A7A2-6142F7821778}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{EE536E27-12E6-4F20-A3E7-6A073AED85CB}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{FF4D6223-08FD-4830-A07F-C3307A8FA1B5}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{F8459A73-F385-4ED6-809A-50204A74B04F}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{D56B8D69-2366-40AF-BA27-0E50E5434C55}&.{14600665-0165-49

                                                                                                C:\Program Files\FxSound LLC\FxSound\Apps\DfxInstall.dll

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):128920
                                                                                                Entropy (8bit):6.533310057171278
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:u2XK2Ncn8sLtc666YCM/QVMmFbeN/dor5jwMLhynDU:NcttcyYP4tEor2ehynQ
                                                                                                MD5:4EF82B076F26BBCEB356A3E226CF5238
                                                                                                SHA1:525D5CA0001909F576120ADC8926B8C12A6106C7
                                                                                                SHA-256:8A43BCC9DC92D121EF173D728F68BC77C937A0A136C949FD85802C6E0CD26879
                                                                                                SHA-512:D849F895F8C41D28FF85BE5B8F3DC4E70F35A4289B91728D60C155DC53D855C6C4BE881C6B18C02C9D6A21A7C2116CE6674C09F61F1B97964895E30C9EB538F5
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................>......>......>........................................e..................Rich...........PE..L......e...........!...$.4...................P............................... ............@....................................x........................)..............p...........................H...@............P...............................text...|3.......4.................. ..`.rdata...q...P...r...8..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):66968
                                                                                                Entropy (8bit):6.423656272557826
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:z9XQDo3evkZGiX4WU5LraxxpHC2F6oDE6496io2lcefUKIto2qfAF0EaFY2yOFa5:hXWo3e8wiX4WU5LraTpHC2F6oDR491o3
                                                                                                MD5:EFE3CF96899C9D9CC25815F88E9466E2
                                                                                                SHA1:1EC6B385A1F142C6AD7E92FFB8CFA8CF9FC7E415
                                                                                                SHA-256:F29777FE088459C3F5B96384590FD0E1A2F3D947FB19ED866FB8F28F7D954143
                                                                                                SHA-512:8544A35F70461C30A5C5004CB469315FAFB2DD17034AEE41F7127E3010703008ACAA78FBF26DD02E748A88BB39AEB41154F84CA10F6530FB032A7B536DE0335E
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........'.j.t.j.t.j.t../t.j.t.4.u.j.t.4.u.j.t.4.u.j.t.4.u.j.t\4.u.j.t...u.j.t...u.j.t...u.j.t.j.tEj.t\4.u.j.t\4Ct.j.t\4.u.j.tRich.j.t........................PE..L.....&`....................."......S.............@.......................................@.....................................@........................)..........`...p...............................@............................................text............................... ..`.rdata...=.......>..................@..@.data...x...........................@....gfids..P...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):209896
                                                                                                Entropy (8bit):6.180609423723243
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:+ug+dP/Gc/vj7lxXdE/WgetVLFWPLFKmTRY81WVdSWRWiBQ:+6P/BzzC+getVLFWPZQlc
                                                                                                MD5:B94BDE258AFA7DA0A9CD3FEB22A64EDD
                                                                                                SHA1:D3867CEF5939CF4F73EAEC32EBD72D354C40B534
                                                                                                SHA-256:3C44390B0C3CA51707EB977373788C155AF5F8197E3CE6D61F2775AF5B204FFF
                                                                                                SHA-512:A74B6754544C6A188D59A24449271DF2519A7E54AD88F55F7CBDC50D8B7F2FE24297D0E84A39AA6E6CB3607926D9C49293B0F4092E3158E2353AE4C308EEBB8C
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.w...w...w..Q....w..Q...{w..Q....w...*...w...*...w...*...w...*...w..8.(..w...w..Aw...*...w...*...w...wt..w...*...w..Rich.w..........................PE..L......^.............................G............@..................................u....@..................................7..x........................#...`.......(..p............................)..@............................................text............................... ..`.rdata..............................@..@.data...03...P.......8..............@....gfids...............D..............@..@.rsrc................F..............@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):239592
                                                                                                Entropy (8bit):6.003536434480152
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:fWGh+NCEVePaUS11HF7isSN1W1q7KZXB/W5Sho8VRnK/qZWRWf:+tNCOrUS17VSNwqOnK/du
                                                                                                MD5:4EAC440540483593DB5EDE2F7203417B
                                                                                                SHA1:9C09D1CF19C6B7AED59D263EC560460475AEAA5D
                                                                                                SHA-256:0DC27FF7BFB0D75FC6FCE439BC1AF557E68A18DED441DDEA8705DB6BF8DF9A4F
                                                                                                SHA-512:874FD7A73226D74D5EE664FEAFBF29BB0DDF474891D43BB8CBE397CF9751A53CFECC1A981D3E39E25DA7228E0089B28170E603F14DE6455F9FFFFF0B4729CD68
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=v^.S%^.S%^.S%.~.%[.S%.~.%..S%.~.%S.S%=.P$V.S%=.V$x.S%=.W$K.S%0.V$U.S%...%Q.S%^.R%..S%0.Z$V.S%0..%_.S%^..%_.S%0.Q$_.S%Rich^.S%................PE..d..."..^.........."..................N.........@....................................L.....`.....................................................x....0...................#..............p...........................0................................................text............................... ..`.rdata..|...........................@..@.data....=..........................@....pdata..............................@..@.gfids....... ......................@..@.rsrc........0......................@..@.reloc...............|..............@..B........................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):269720
                                                                                                Entropy (8bit):6.3385709845453615
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:wrRV8AjsaX6xJMmp/LyFEJ3tI8TD9BTzxlKohK4z+5AtH:C/OTMuTyeJGI9Bpso8KH
                                                                                                MD5:87EAD9C6CD7486421E3142B2A6480F8E
                                                                                                SHA1:64A7C04194E6CB5D467FFDD95A7E5BF25A6FD814
                                                                                                SHA-256:52298E9EE19A8DF4BA59DFE89B7A51D6424DBA73B0FC2622D07FC6E7B9112681
                                                                                                SHA-512:1F551258D8F538F6AE69125D724D905A2A00AE84900AFDA83299159AF008F1A6252B1A2CD005523BADA669B3677C7E8C6B44E3BF2DD6CFA63996DD047E354D96
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n............}......}.....w.....w......w.....}.b...}.......A..Hv....Hv....Hv=....Hv.....Rich...........................PE..d.....b.........."......|..........D..........@.............................P......}e....`.........................................................0..........4#.......)...@.......o..p...........................Pn..@............................................text....z.......|.................. ..`.rdata...........0..................@..@.data....*..........................@....pdata..4#.......$..................@..@_RDATA..\.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.inf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Windows setup INFormation
                                                                                                Category:dropped
                                                                                                Size (bytes):5334
                                                                                                Entropy (8bit):5.628759224235533
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:3q9BSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3qzSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                MD5:328087CAF99B50D988A304BEEEA3FCE8
                                                                                                SHA1:23FFEF913679537BB049008F5E6F8E517BB24192
                                                                                                SHA-256:BA175CFDDD91B87BDDA3F1DF2A70249E1742E846B843381EB0438B70F91A110A
                                                                                                SHA-512:D006E8DE0F9258A3EE75723E458D635586040702C1357630F199CF5740C7E29D87FEFD4B869A897BDD26B67FAD134E6BF35A2C01C3A00ACC8BF20181D7DA1AA3
                                                                                                Malicious:false
                                                                                                Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/17/2021,14.1.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sys

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):326656
                                                                                                Entropy (8bit):2.91036654915667
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:3Ft4aLqpAogNTiqwu2CvcCjikibqqqqqqqqqqqqqqqqqqqaFgNj////////////l:T45A/N8Cfjik6scccoFtr
                                                                                                MD5:EAF913C1DE47C2421669B662EDAA5A6A
                                                                                                SHA1:53524526E1898A90FA98AE02E662B9C0E6DC2848
                                                                                                SHA-256:425629B6309000013E8CD1A9B827BEE365D21C9F743873AADD0C3BC96A999D2A
                                                                                                SHA-512:BB674FEB73751172A1ACE65AAB89C5EBF952A07F7AF0F3EC1DADF357FF693230CF08910AE273E8335EEC35E5827DA6405272D05C161987DF679199935AF21A76
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................X.......X.R.....X.......Rich....................PE..d....@R`.........."......6..........0..........@............................. ......cM....`A....................................................<........|...@...........$..........8)..8...........................p)............... ...............................text...)........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@.......(..............@..HPAGE....J'...P...(...,.............. ..`INIT.................T.............. ..b.rsrc....|.......~...X..............@..B.reloc..............................@..B........................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvadntamd64.cat

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):10590
                                                                                                Entropy (8bit):7.254430659006022
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:1OgjZ7OPJCbngEw9JPgXkhYCClQBcA5E8qnajEzHbC:18UuLh3Cl+x5E8l4zu
                                                                                                MD5:ACDAAE5D1219E7703285C42F774BE54D
                                                                                                SHA1:47DF82D8C843BF1ADC098A26E9E3E27217B3104D
                                                                                                SHA-256:25C8DAE186155D20F74FEEDEFB4F84161E4215925B8FD0C898F68F3E50EBCD7D
                                                                                                SHA-512:83B663222FB22B1760EA8551D19557F3F2905BFAC205B380B23DD7F2A65A37B851A3C3C345E4A768B76700BB891B97C96A0DBBB58D81358993293AD1EB3E300A
                                                                                                Malicious:false
                                                                                                Preview:0.)Z..*.H........)K0.)G...1.0...`.H.e......0.....+.....7......0...0...+.....7.....7.M&...A.f..B....210319161347Z0...+.....7.....0..?0....#..6yS{.I..^o.Q{.A.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0.... Kt=..].....&...m.ng..,.....Q...|1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... Kt=..].....&...m.ng..,.....Q...|0... ..\...{...*p$..B.F.C8..C.p....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..\...{...*p$..B.F.C8..C.p....0.....w7=-{x|<....8....O.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s......C0..?0....+.....7......0.....S.u.

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):216472
                                                                                                Entropy (8bit):6.58720462389318
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:Q0BoIohQyb1eSbUPWU7jTufjAOena7kWcoyt:iIsQybqWU7yjJpyt
                                                                                                MD5:5CA5F72D8A7A6C1A265AA0E349BAEB59
                                                                                                SHA1:1BDA4CA3D6541FEE025CB93664BEFF8A22C7356A
                                                                                                SHA-256:9F07E799804897D2A9C1297322B66D753A9134A1BCA1CF7F13DC5834377A5381
                                                                                                SHA-512:FFBD33AFB1D84B5225151F9B22BE914E8F2BB43D92D0A4C46818F796A997149505F610F38C1803910A476757352B18EB9AB8E6A227A5A60276FE62AC51E62BC2
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.C...-...-...-.......-...)...-.q.)...-.q.....-.q.(.B.-...(..-...,...-...,..-..$...-..-...-......-../...-.Rich..-.........................PE..L.....b............................q........0....@..........................`......X.....@.........................p.......H........0...............$...)...@......p...p...............................@............0...............................text...,........................... ..`.rdata.......0......................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.inf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Windows setup INFormation
                                                                                                Category:dropped
                                                                                                Size (bytes):5334
                                                                                                Entropy (8bit):5.628759224235533
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:3q9BSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3qzSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                MD5:328087CAF99B50D988A304BEEEA3FCE8
                                                                                                SHA1:23FFEF913679537BB049008F5E6F8E517BB24192
                                                                                                SHA-256:BA175CFDDD91B87BDDA3F1DF2A70249E1742E846B843381EB0438B70F91A110A
                                                                                                SHA-512:D006E8DE0F9258A3EE75723E458D635586040702C1357630F199CF5740C7E29D87FEFD4B869A897BDD26B67FAD134E6BF35A2C01C3A00ACC8BF20181D7DA1AA3
                                                                                                Malicious:false
                                                                                                Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/17/2021,14.1.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.sys

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):322560
                                                                                                Entropy (8bit):2.8824956385159206
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:mwrXoME2X1k56OBvZTwJikibqqqqqqqqqqqqqqqqqqqaFgNj///////////////y:VfE2X1Ng2ik6sccco3tq
                                                                                                MD5:C05A2F8F443C7D756F594B583D7C820F
                                                                                                SHA1:0DA76FA1BA7CF5E631C8AC25E9A3C3BA105C5381
                                                                                                SHA-256:7BA582F2B468502E7DFF903069A7A5E177479C92B483EB9EDBF683A85B423CB9
                                                                                                SHA-512:5069C8D568D463324CF426D9CD14994D3E4912EA7921D4F9EAE3F3BFA6C6022AA4D9BD6834690A97C74DDBDA1ADFFE6F587FD631251ED53E663BC3E54A2238BF
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5..q...q...q...e..p...e..t...q...o...e..u.......{....._.p.......p...Richq...................PE..L....@R`.................2..........0p....... ....@.................................Z.....@E................................`p..<........|...............$...........&..8............................'............... ...............................text............................... ..h.rdata..X.... ......................@..H.data........0......................@...PAGE..... ...@..."... .............. ..`INIT....h....p.......B.............. ..b.rsrc....|.......~...F..............@..B.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvadntx86.cat

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):10581
                                                                                                Entropy (8bit):7.255569051169796
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:OOggMgObJC+ngEw9JPgXkhYCVyLHIMvN/qnajyCRe:OdNuLh3k/lmCo
                                                                                                MD5:CC51E0BF07678A35F8CE058E2A674B18
                                                                                                SHA1:F44CF566246C83C37177403439E8C203A672B543
                                                                                                SHA-256:15D3EB929843C1A3D5AEAFC6D93E673906ABBB95208DF95009BA8962AC6AD11C
                                                                                                SHA-512:EFD4A37255F375278B9AC9E9B1FE86A0B198B90E9F8E9494AD2D49A060B6C99905C69B7773439ED80CF48A673F3B6349B5657602D4456D50A2DC49118133139C
                                                                                                Malicious:false
                                                                                                Preview:0.)Q..*.H........)B0.)>...1.0...`.H.e......0.....+.....7......0...0...+.....7.....9lN.A..H. ..>.....210319161347Z0...+.....7.....0..?0....#..6yS{.I..^o.Q{.A.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0.... HYu.dQ...a.....s:1'm. .}X..+xi1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... HYu.dQ...a.....s:1'm. .}X..+xi0... ..\...{...*p$..B.F.C8..C.p....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..\...{...*p$..B.F.C8..C.p....0.......d\-.u......];...u1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s......!0...0....+.....7......0.....S.u.

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):269720
                                                                                                Entropy (8bit):6.338509183501062
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:crRV8AjsaX6xJMmp/LyFEJ3tI8TD9BTzxlKohK4z+5Atw:+/OTMuTyeJGI9Bpso8Kw
                                                                                                MD5:225F1417E8EA755755A3C0E58F9FD09A
                                                                                                SHA1:55B5165B0EB06441EF26FD16F66E1BE9D4EF8BFF
                                                                                                SHA-256:F86FB7F2585BAF2D22FC35A70A34BCB724EB0B1B9C9D8D1BE7013E919AFE28AD
                                                                                                SHA-512:B37E510FC8DE5D2E644A0D46E5AB81A8461E4A391F5F5F520B13D650832A977DA3A18F2DA9BF317D0FB34968E5CE58BB948B73210538F535707DB1DA227F1C27
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n............}......}.....w.....w......w.....}.b...}.......A..Hv....Hv....Hv=....Hv.....Rich...........................PE..d.....b.........."......|..........D..........@.............................P.......&....`.........................................................0..........4#.......)...@.......o..p...........................Pn..@............................................text....z.......|.................. ..`.rdata...........0..................@..@.data....*..........................@....pdata..4#.......$..................@..@_RDATA..\.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.inf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Windows setup INFormation
                                                                                                Category:dropped
                                                                                                Size (bytes):5334
                                                                                                Entropy (8bit):5.628596767870037
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:3quSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3quSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                MD5:82D8CBA970FF0CF924F8C750E4470873
                                                                                                SHA1:F2EDC8BD8FCAF38976DC8E718D5D3ACE3BE82792
                                                                                                SHA-256:042C6B79DFF1FDA007776F7EA14CAF4E7665F0A2A3F00644966EFDA6478B4939
                                                                                                SHA-512:02B2E5FD829DE9C0C7841319376ABF2F2B89064CE59AEE8EC6B8F886DB25D7ADE4F05E1B5B3BBC76F0DE660F91C9799314B85A418DEBBB5A66ABE928A31C9B54
                                                                                                Malicious:false
                                                                                                Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/22/2021,14.2.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.sys

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):326120
                                                                                                Entropy (8bit):2.895336145016568
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:pAm4aLqpAogNTiqwu2CvcijikibqqqqqqqqqqqqqqqqqqqaFgNj////////////9:P45A/N8C/jik6scccR
                                                                                                MD5:36F645D44476652DD078287D05499BC5
                                                                                                SHA1:287A7AD815F60691942B0BF533B39C20AD43300D
                                                                                                SHA-256:DAB6F4A9A68821FE8CC4B11AF19CC5FDE71E67FB9275E39E2ABDA680E477446B
                                                                                                SHA-512:4CC4F625661EE755B44D94B8F4C91F7FFDB6DAF6DA39CD6147C5465C7448EB9620A0E71BAC6414AE2BBB99CE8CD379B03A98D70863CC384BE83F70BA00254FF5
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e..!...!...!...5.. ...5..$...!...9...5..#...5..".....+....u. ..... ...Rich!...................PE..d...L.X`.........."......6..........0..........@............................. .......6....`A....................................................<........|...@...........!..........8)..8...........................p)............... ...............................text...)........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@.......(..............@..HPAGE....J'...P...(...,.............. ..`INIT.................T.............. ..b.rsrc....|.......~...X..............@..B.reloc..............................@..B........................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvadntamd64.cat

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):9568
                                                                                                Entropy (8bit):7.231189475826073
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:VrIMfdZubhlYZputZscF8Bd1LoZo6wTBZHklE8:nFZQYZCZsHLoilht8
                                                                                                MD5:381CF31B9363FB10C0E4DD4FA3847A74
                                                                                                SHA1:8B360D53A6D63E1A32A650BD7326EFED17BEBEA5
                                                                                                SHA-256:82EC9E6E7EC723052CB1D608A39DC41D501818027837730D0D9F3B42DBE750C8
                                                                                                SHA-512:8DCBB28C2A35BE40B984F614B094B29E27F41AC0F679CD74BC39BDB3DEDAE129A53EBB95069D62B12FC355A2088FF74D643AE5E3CB7E1B216FB89CFFAB8EEE77
                                                                                                Malicious:false
                                                                                                Preview:0.%\..*.H........%M0.%I...1.0...`.H.e......0.....+.....7......0...0...+.....7.......L.7F.E..i...cY..210322123238Z0...+.....7.....0...0..w.RB.5.2.0.9.5.B.A.D.2.A.4.7.9.4.8.0.A.E.1.9.8.C.3.C.7.4.A.6.F.C.9.E.9.1.E.E.6.1.6...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+......... ...yH....Jo.....0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0..o.RF.2.E.D.C.8.B.D.8.F.C.A.F.3.8.9.7.6.D.C.8.E.7.1.8.D.5.D.3.A.C.E.3.B.E.8.2.7.9.2...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0E..+.....7...17050...+.....7.......0!0...+..............v.q.]:.;.'.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......0..0(..+.....7.....0....O.S........7.X.6.4...00..+.....7...."0 ...H.W.I.D.2........f.x.v.a.d...0:..+.....7....,0*.

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):216472
                                                                                                Entropy (8bit):6.587544616995315
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:Z0BoIohQyb1eSbUPWU7jTufjAOena7kWcoyV:FIsQybqWU7yjJpyV
                                                                                                MD5:939B76A79E780C43D9C93B4ED10F74E7
                                                                                                SHA1:89A177E350055B45C9C5E20E2FA4BB61F1B02078
                                                                                                SHA-256:0F03F95818362877E5D6293590AA5B5368AFDD895939B9918D786153BDB6DCC5
                                                                                                SHA-512:253DAF7C95A02237AEADE781B7F5E6B0086A170574DAFE5793798AA936F70BDA36221B08597B3F08B9644D4F70922A6882563D2F2BE67E14ADC6B268D9C176CB
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.C...-...-...-.......-...)...-.q.)...-.q.....-.q.(.B.-...(..-...,...-...,..-..$...-..-...-......-../...-.Rich..-.........................PE..L.....b............................q........0....@..........................`............@.........................p.......H........0...............$...)...@......p...p...............................@............0...............................text...,........................... ..`.rdata.......0......................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.inf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Windows setup INFormation
                                                                                                Category:dropped
                                                                                                Size (bytes):5334
                                                                                                Entropy (8bit):5.628596767870037
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:3quSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3quSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                MD5:82D8CBA970FF0CF924F8C750E4470873
                                                                                                SHA1:F2EDC8BD8FCAF38976DC8E718D5D3ACE3BE82792
                                                                                                SHA-256:042C6B79DFF1FDA007776F7EA14CAF4E7665F0A2A3F00644966EFDA6478B4939
                                                                                                SHA-512:02B2E5FD829DE9C0C7841319376ABF2F2B89064CE59AEE8EC6B8F886DB25D7ADE4F05E1B5B3BBC76F0DE660F91C9799314B85A418DEBBB5A66ABE928A31C9B54
                                                                                                Malicious:false
                                                                                                Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/22/2021,14.2.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.sys

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):322024
                                                                                                Entropy (8bit):2.869696033678278
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:foXmL+F+U1Da96r9rWikibqqqqqqqqqqqqqqqqqqqaFgNj/////////////////b:w/YU1D34ik6scccR
                                                                                                MD5:31B1A479F995A4A3EFF6E11BACC34400
                                                                                                SHA1:11587B7105E94891470273D35C77EBC3ECAF1EBC
                                                                                                SHA-256:A507119631F73432B9E98D8D33815FFED90156C3BFB7E5E81666591D46CE460F
                                                                                                SHA-512:8AAF5E0919370163691B38F5B754C9391DEE12AFB8157CACE51ECE19503B20D96D220948D8ACE262778FD4EB98C48D5FF5B247C53E831CB793FACECAFEBE73C7
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5..ql..ql..ql..e...pl..e...tl..ql..ll..e...ul......{l...._.pl......pl..Richql..........PE..L...b.X`.................2..........0p....... ....@.................................2.....@E................................xp..<........|...............!...........&..8............................'..@............ ..|............................text...g........................... ..h.rdata..X.... ......................@..H.data........0......................@...PAGE..... ...@..."... .............. ..`INIT....r....p.......B.............. ..b.rsrc....|.......~...F..............@..B.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvadntx86.cat

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):9569
                                                                                                Entropy (8bit):7.230532185757443
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:9fIMbdZubhlYZputZscF8Bd1LciivWBZHkWDVjO:ThZQYZCZsHLcDshFjO
                                                                                                MD5:94015CF4A09898205476CEE29F2B75FA
                                                                                                SHA1:9F847A10277C4CAF45A83FA0F53F5D525302AE39
                                                                                                SHA-256:1A453865D234167FBE486F62D632373107994C634D9619E6D310C1DD3B5037E5
                                                                                                SHA-512:A4B34E39DEB20BE3C1F27B3913EEC1B15454D5437EA41DB1C745CA9DAE35765588849FC05957CA27F2D1DDC309C023EC5013F7F7E8D08750003BE6AE299F59D4
                                                                                                Malicious:false
                                                                                                Preview:0.%]..*.H........%N0.%J...1.0...`.H.e......0.....+.....7......0...0...+.....7...... iX..xG..P.>D9...210322123242Z0...+.....7.....0...0..w.R3.3.3.B.F.5.C.F.4.B.0.B.4.A.8.3.4.9.0.1.F.9.3.F.A.2.0.9.4.9.F.F.7.6.3.5.C.A.7.0...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........3;..K.J.I..?..I.v5.p0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0..o.RF.2.E.D.C.8.B.D.8.F.C.A.F.3.8.9.7.6.D.C.8.E.7.1.8.D.5.D.3.A.C.E.3.B.E.8.2.7.9.2...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0E..+.....7...17050...+.....7.......0!0...+..............v.q.]:.;.'.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......0..0(..+.....7.....0....O.S........7.X.8.6...00..+.....7...."0 ...H.W.I.D.2........f.x.v.a.d...0:..+.....7....,0*.

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\1.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):944
                                                                                                Entropy (8bit):4.77740089112828
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:qElw1IoJ3RVyGt5djvBp0HOAppzttw5kuUBwDR:CKiyG5djzUtCt
                                                                                                MD5:F27EA21512686DA8E8C90E0A4D0F5616
                                                                                                SHA1:3231A236C4D517197E28413EED3F5AC74D557CD7
                                                                                                SHA-256:B9FF4BAD7F89D0FDB9032B6AEA475A04FAC8C1EEC39020FA00DB3CD72B91E1FB
                                                                                                SHA-512:45911C28BC677C223BAAF46B6CF1E12EDCE56BF9584FC3317535D8B3BE1AE0F402847C7DDD2D1E7E6DFC01C4C24D04965DC475B9419A85D7A703685335559DB9
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..General..0: Double Params Flag..1: Total number of elements..50: Main 0..20: Main 1..0: Main 2..0: Main 3..60: Main 4..60: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..0: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115: CF.. 0: Boost/Cut..Band 3.. 250: CF.. 1: Boost/Cut..Band 4.. 450: CF.. 2: Boost/Cut..Band 5.. 630: CF.. 0: Boost/Cut..Band 6.. 1250: CF.. -1: Boost/Cut..Band 7.. 2700: CF.. 0: Boost/Cut..Band 8.. 5300: CF.. -1: Boost/Cut..Band 9.. 7500: CF.. -2: Boost/Cut..Band 10.. 13000: CF.. 0: Boost/Cut

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\10.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):963
                                                                                                Entropy (8bit):4.8567723479487075
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:q/vw1IcJOhRVyWWt5djvBp0TOAwUCJaSSOpNBlpA:coKryb5djzcL
                                                                                                MD5:10A1B6C5A17F64D377394251C816FD73
                                                                                                SHA1:3A54DBCB969269F9B4B63A0A72FEC51F9C1F2FD7
                                                                                                SHA-256:5DA7F6318249417A1EDF02D133ED5543334389CE42E75CB904A311C680EF0D33
                                                                                                SHA-512:DC32487CC4488F114C03605702F496AFF597797D1469FC246561F6C9055A4691B5E3AF6D1BCFFCAD6344310B1C1FEA27F70473D2C7A1F6BE6711D37047227C41
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..Movies..0: Double Params Flag..1: Total number of elements..60: Main 0..50: Main 1..0: Main 2..0: Main 3..85: Main 4..35: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. 0: Boost/Cut..Band 3.. 250: CF.. 2: Boost/Cut..Band 4.. 396.85: CF.. 0: Boost/Cut..Band 5.. 734.867: CF.. 2: Boost/Cut..Band 6.. 1360.79: CF.. 2: Boost/Cut..Band 7.. 2519.84: CF.. 1: Boost/Cut..Band 8.. 5350: CF.. -1: Boost/Cut..Band 9.. 8640.48: CF.. 0: Boost/Cut..Band 10.. 13800: CF.. 2: Boost/Cut..

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\11.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):961
                                                                                                Entropy (8bit):4.855292559830285
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:q+w1IZBSRVyWWt5djvBp0TOAppUCJnpQSOpNBNpA:oKIyb5djzMl
                                                                                                MD5:038E70D0B0223598B6F11890C7A39DA1
                                                                                                SHA1:E790CA1456F895C6EF3A112BCEA575FC1F3A1006
                                                                                                SHA-256:D05ED165422959C5F6B4C2B25FBE84B3BB0AA9BBDB72A6B0123BCB7CC2FB3CEA
                                                                                                SHA-512:02BF6CD53AE7D2F1B9DE9868454A8937D72A787227496FE2D07F75AA296AA3FE71464E0ED610EF974E73C0F3E8B51939CE43C6563F2CDA958B7A7964DF42FBF9
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..TV..0: Double Params Flag..1: Total number of elements..50: Main 0..50: Main 1..0: Main 2..20: Main 3..60: Main 4..45: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. 0: Boost/Cut..Band 3.. 250: CF.. 1: Boost/Cut..Band 4.. 396.85: CF.. 0: Boost/Cut..Band 5.. 734.867: CF.. 1: Boost/Cut..Band 6.. 1360.79: CF.. 0: Boost/Cut..Band 7.. 2519.84: CF.. 1: Boost/Cut..Band 8.. 5350: CF.. -1: Boost/Cut..Band 9.. 8640.48: CF.. -1: Boost/Cut..Band 10.. 13800: CF.. 2: Boost/Cut..

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\12.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):955
                                                                                                Entropy (8bit):4.810538314108478
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:qCw1ImJqRVyXt5djvBp0qOA14/7Woh5fMBjfA:2KZyd5djzSSwx3
                                                                                                MD5:EEC389C321A0F4E18D568D9EB52D4A4A
                                                                                                SHA1:46555A411D1DBE75B4994B0D9C44C21B72243EDD
                                                                                                SHA-256:33E8695F8DEDD7E7F4ED640C8F6412C1898D2A06489AAD41C09F0326BDC08DB7
                                                                                                SHA-512:B61D04D025CF4CC2B1FE8CB5881F57BB0C2DD0B3FAB2F47548D433D6EE2B2419838379DAF115FDD9F0C797C9DE8366C21A6DBA1BAB7C6F1E5CC9F2AFA656BBB4
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..Transcription..0: Double Params Flag..1: Total number of elements..100: Main 0..0: Main 1..0: Main 2..0: Main 3..115: Main 4..75: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..0: Integer[1]..0: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 86: CF.. -12: Boost/Cut..Band 3.. 250: CF.. 7: Boost/Cut..Band 4.. 293: CF.. 2: Boost/Cut..Band 5.. 615: CF.. -1: Boost/Cut..Band 6.. 1320: CF.. 7: Boost/Cut..Band 7.. 3430: CF.. 0: Boost/Cut..Band 8.. 4630: CF.. 10: Boost/Cut..Band 9.. 6360: CF.. 3: Boost/Cut..Band 10.. 11770: CF.. -12: Boost/Cut..

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\2.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):959
                                                                                                Entropy (8bit):4.801168282589878
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:q3vw1IyvjRVyWWt5djvBp0COASiepELDYB0iA:JKUyb5djzV
                                                                                                MD5:EE618C4C177068C08DACDFC8411D5610
                                                                                                SHA1:726B0F02F137361D658EE0A45FE4C8AD64F83C87
                                                                                                SHA-256:690ED5C16C33B8EFD0ED7C7AEF90F71E6DF3F20C2A44114E98CF8CF7355DBED8
                                                                                                SHA-512:D1C6652D14ED28DC5D71D0017CE975F57F247E5134033384B50B0FF094C407CDB11E0AF4518A900025E4B56131F25AAC300E8702F4D6E7E267FDA44B93B8985F
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..Music..0: Double Params Flag..1: Total number of elements..50: Main 0..35: Main 1..0: Main 2..35: Main 3..20: Main 4..60: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 110.0: CF.. 2: Boost/Cut..Band 3.. 250.0: CF.. 2: Boost/Cut..Band 4.. 370.0: CF.. 1: Boost/Cut..Band 5.. 650.0: CF.. 0: Boost/Cut..Band 6.. 1200.0: CF.. 0: Boost/Cut..Band 7.. 2130.0: CF.. 0: Boost/Cut..Band 8.. 4550.0: CF.. -1: Boost/Cut..Band 9.. 6850.0: CF.. 0: Boost/Cut..Band 10.. 16000: CF.. 2: Boost/Cut..

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\3.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):965
                                                                                                Entropy (8bit):4.861329835911262
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:qYnw1IcEmJNPRVyXedjvBp0qOAOUAJtGJ7KxBr7cA:rwKcLLyudjzg
                                                                                                MD5:8A3BB2B9767A3FD8397C2783F3EE1A65
                                                                                                SHA1:8802B8F2FB027A8AF228548BA70D577138057EED
                                                                                                SHA-256:77720ED67150B2C854A36F2F8002913E98788A9634BE0FC1540A19CA1423BFB6
                                                                                                SHA-512:50184F85557C1CFAAAB4DC37693FB6AA854EE22E7D1061CA1780F16BDD57912F9726891A060AD74934E08DE4199BBD6B7E94914E42DD05BED9194012BF85DDBD
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..Voice..0: Double Params Flag..1: Total number of elements..72: Main 0..0: Main 1..0: Main 2..0: Main 3..95: Main 4..0: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..0: Integer[1]..0: Integer[2]..1: Integer[3]..0: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. -4: Boost/Cut..Band 3.. 214.311: CF.. -2: Boost/Cut..Band 4.. 396.85: CF.. 2: Boost/Cut..Band 5.. 734.867: CF.. 4: Boost/Cut..Band 6.. 1360.79: CF.. 5: Boost/Cut..Band 7.. 3430.8: CF.. 3: Boost/Cut..Band 8.. 5250.0: CF.. 3: Boost/Cut..Band 9.. 6300: CF.. 5: Boost/Cut..Band 10.. 11770: CF.. -11: Boost/Cut..

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\4.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):963
                                                                                                Entropy (8bit):4.827256471188213
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:qBJw1IsJzlLRVyWWt5djvBp0rOAbUAJ4QSOpApBEiA:COKayb5djzhu
                                                                                                MD5:54307B58B9FD001E1910F98FDB25D966
                                                                                                SHA1:1DBDBE2906679A4C97FE294D90BBBAEB4EB4019E
                                                                                                SHA-256:FC6CD10E51D33A70E74091A662054989D97CDE5AE705475C8D80F681708FF07F
                                                                                                SHA-512:15D185CD1B740DC726AE9A77F0F650DE05E0C74F76DBF10E5BACA4124CDADDD30636D814CE051B4B0D3979CB4ED493C00925AE52B505FEBA9CEFAA528FAFD8CD
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..Volume Boost..0: Double Params Flag..1: Total number of elements..32: Main 0..20: Main 1..0: Main 2..0: Main 3..103: Main 4..35: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 101: CF.. 3: Boost/Cut..Band 3.. 240: CF.. 2: Boost/Cut..Band 4.. 396.85: CF.. 2: Boost/Cut..Band 5.. 734.867: CF.. 0: Boost/Cut..Band 6.. 1360.79: CF.. 0: Boost/Cut..Band 7.. 2519.84: CF.. 1: Boost/Cut..Band 8.. 4670: CF.. 1: Boost/Cut..Band 9.. 11760: CF.. 2: Boost/Cut..Band 10.. 16000: CF.. 2: Boost/Cut..

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\5.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):966
                                                                                                Entropy (8bit):4.857342274064095
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:qpRw1IRJOhRVyXt5djvBp0d5OAhHWiQSHvEGBaqA:kmKSyd5djzYL87
                                                                                                MD5:471670C3295D3BBFED92E693981C30E1
                                                                                                SHA1:23274FA49B6CCA00CA92CFF619B04EE657E4D97B
                                                                                                SHA-256:F961856C2FEF99BCC9ABDA07BF3B1F19C9B16685208EA0E28CD4ED3F39778418
                                                                                                SHA-512:54A54D9B8FFBE2B22F6151445D9F50941C738F112678DEDD5114D14503E4088CE77DF2D6428DB6E95DB6031A78E4F6444D8F8BA8ECEC360408EBEF9771D002E3
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..Gaming..0: Double Params Flag..1: Total number of elements..35: Main 0..0: Main 1..0: Main 2..0: Main 3..85: Main 4..35: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..0: Integer[1]..0: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 128.75: CF.. 0: Boost/Cut..Band 3.. 238.311: CF.. 2: Boost/Cut..Band 4.. 444.0: CF.. 2: Boost/Cut..Band 5.. 805.0: CF.. 2: Boost/Cut..Band 6.. 1360.79: CF.. 0: Boost/Cut..Band 7.. 2519.84: CF.. -1: Boost/Cut..Band 8.. 4400.12: CF.. -1: Boost/Cut..Band 9.. 7930.48: CF.. 2: Boost/Cut..Band 10.. 12570: CF.. 2: Boost/Cut..

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\6.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):982
                                                                                                Entropy (8bit):4.857216071020656
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:qAZIRw1IDluRVyWWt5djvBp0TOAVUCJ4QS7TBlOA:DimKSyb5djzRT
                                                                                                MD5:3817D6E5582793099881320401DFDDD7
                                                                                                SHA1:AC6CDB82AE160EB3E6A55B338A7332B8CAC3DD1D
                                                                                                SHA-256:59024B05F345CBB6332A581C916676D685913F0EBD1A8D0D8ECAD395D9D11E3B
                                                                                                SHA-512:DF55BEEA1F116F5B6996DFE0212A115582CDAE1B110726D94462F4D3D1E20FE0D1400591A9CCB966B2865A0EFCEF913FE03048C7BD60A974B6074FBF492B9403
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..Classic Processing..0: Double Params Flag..1: Total number of elements..60: Main 0..35: Main 1..0: Main 2..60: Main 3..60: Main 4..70: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. 0: Boost/Cut..Band 3.. 214.311: CF.. 0: Boost/Cut..Band 4.. 396.85: CF.. 0: Boost/Cut..Band 5.. 734.867: CF.. 0: Boost/Cut..Band 6.. 1360.79: CF.. 0: Boost/Cut..Band 7.. 2519.84: CF.. 0: Boost/Cut..Band 8.. 4666.12: CF.. 0: Boost/Cut..Band 9.. 8640.48: CF.. 0: Boost/Cut..Band 10.. 13500: CF.. 0: Boost/Cut..

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\7.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):984
                                                                                                Entropy (8bit):4.890210143884036
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:qIZIRw1IIvxtCRVyZWt5djvBp0fOAQpU5pJeWSEfBNMvpA:/imKDyo5djz91i
                                                                                                MD5:16F49CF8417B0E368FAEB40CB70F3239
                                                                                                SHA1:CE95736E467389C60F5C23BEA0DFFCCE547D529D
                                                                                                SHA-256:0CC4E260945485F45D2BEEAEC9D7FF8F8EAE92FBD7C094AED4B39ABCDFBA07B3
                                                                                                SHA-512:08BFC9B87D9C28DB55EBFCEF8D00748B7F351538AB224A03F97E263928079CAB6C0755B4740F1F6481AB547103557148C4AA607969A25FD97E0E86CE039D4AA8
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..Light Processing..0: Double Params Flag..1: Total number of elements..25: Main 0..0: Main 1..0: Main 2..35: Main 3..5: Main 4..20: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..0: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. -1: Boost/Cut..Band 3.. 214.311: CF.. 1: Boost/Cut..Band 4.. 396.85: CF.. 1: Boost/Cut..Band 5.. 734.867: CF.. -1: Boost/Cut..Band 6.. 1360.79: CF.. -1: Boost/Cut..Band 7.. 2519.84: CF.. -2: Boost/Cut..Band 8.. 4666.12: CF.. -1: Boost/Cut..Band 9.. 8640.48: CF.. -1: Boost/Cut..Band 10.. 13600: CF.. 1: Boost/Cut..

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\8.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):971
                                                                                                Entropy (8bit):4.857752267847404
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:qXwJw1I4v5RVyWWt5djvBp0d8O8wtZpFSHfBNpVA:TOK8yb5djztRO
                                                                                                MD5:C4EF8C129665163D28601E229493892A
                                                                                                SHA1:3737A43F1A503166E063A44DEF48152C5DEF1EFF
                                                                                                SHA-256:4A22A50C3AA77F6E887CD9E30DE1D381BEF900D5391EC84AD3154546FD1399A8
                                                                                                SHA-512:3257A8A3EACA06AA89FB4A26139F5908DAACFEC34C6613D94F78B458184BF41E52561F99A9B0CA6580DC8D7EB845F47EC30033C72C3CCF9F4410E2331C514466
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..Bass Boost..0: Double Params Flag..1: Total number of elements..30: Main 0..35: Main 1..0: Main 2..35: Main 3..20: Main 4..75: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 98.0: CF.. 3: Boost/Cut..Band 3.. 158.3: CF.. 3: Boost/Cut..Band 4.. 345.0: CF.. 2: Boost/Cut..Band 5.. 541.867: CF.. 1: Boost/Cut..Band 6.. 1170.0: CF.. -1: Boost/Cut..Band 7.. 2519.84: CF.. -1: Boost/Cut..Band 8.. 4666.12: CF.. -1: Boost/Cut..Band 9.. 8640.48: CF.. -1: Boost/Cut..Band 10.. 14650: CF.. 0: Boost/Cut..

                                                                                                C:\Program Files\FxSound LLC\FxSound\Factsoft\9.fac

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):978
                                                                                                Entropy (8bit):4.8615388361461545
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:qjw1I9JaRVyGt5djvBp0TOAVUCJnpfpSOpHBlpA:pKcyG5djzr1
                                                                                                MD5:D6712E9A03F84CA656BCB54815D11287
                                                                                                SHA1:73D3CCD471460C24465597985329BC864B52C29A
                                                                                                SHA-256:FBF25A50A996204B8F732E43ADF5ED8DB4FF6EAE6AA19C5832461B96AC71A016
                                                                                                SHA-512:85DA0E65B9B0C18469165391343396DA5A3E9E153793FD6CCCF979F427C097A38DA5A439A7B10CBD5481A10E5435C1117BACEDFFB7B44F6C6872E40BCDE92483
                                                                                                Malicious:false
                                                                                                Preview:CLASS1 : Effect Type..9: Version..Streaming Video..0: Double Params Flag..1: Total number of elements..35: Main 0..35: Main 1..0: Main 2..0: Main 3..54: Main 4..35: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..0: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. 0: Boost/Cut..Band 3.. 214.311: CF.. 0: Boost/Cut..Band 4.. 396.85: CF.. 0: Boost/Cut..Band 5.. 734.867: CF.. 1: Boost/Cut..Band 6.. 1360.79: CF.. 1: Boost/Cut..Band 7.. 2519.84: CF.. 1: Boost/Cut..Band 8.. 5350.0: CF.. -1: Boost/Cut..Band 9.. 8640.48: CF.. 0: Boost/Cut..Band 10.. 13800: CF.. 2: Boost/Cut..

                                                                                                C:\Program Files\FxSound LLC\FxSound\FxSound.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):4595096
                                                                                                Entropy (8bit):6.568137368170458
                                                                                                Encrypted:false
                                                                                                SSDEEP:98304:qJTC0pDGBBBBBBBBBBBBBBBBBBBBBBBBBU2U1oO:iTLDGBBBBBBBBBBBBBBBBBBBBBBBBBU7
                                                                                                MD5:0A1E1E6B90FE62B9011393501BEF58D7
                                                                                                SHA1:AA1A03B628301E17A17B178E7307780AA54B93CE
                                                                                                SHA-256:F934DE57CFA0633F125B6707D21727F25B02D7C96E13FDCF3CB84042EE43876B
                                                                                                SHA-512:1E9236D3F22114BD9A3DC91F64618F9E1803F26107A3E4FA7763DC14B3CA9487C7D31ED0D09AA10A54A8868B5982A23D1675694A7D262167424B1B5407180B7F
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........B.....................R...............................................t..................................P.......8............Rich............PE..d...K..e.........."....$..+.........@..........@..............................G.....^XF...`...................................................A.T....`F......@D.4.....E..)....G.(|....:.T.....................:.(.....:.@.............+..............................text...8.+.......+................. ..`.rdata..>.....+.......+.............@..@.data...ti....A.......A.............@....pdata..4....@D.......B.............@..@_RDATA..\....PF.......D.............@..@.rsrc........`F.......D.............@..@.reloc..(|....G..~...vE.............@..B........................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Bold.ttf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 13 names, Microsoft, language 0x409
                                                                                                Category:dropped
                                                                                                Size (bytes):201148
                                                                                                Entropy (8bit):6.077443346933577
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:bbUD3Sp234i3viK7ldlrTft7yEeVfvVF1wSlCfzMV4lzCO0aMbVKgdIxfBEP:b4Di81v3ftneVfb1wXMizCtjzdIg
                                                                                                MD5:DEC15F4454DA4C3DCDBA85A36C9F9A37
                                                                                                SHA1:EE2C78FD0AF8AA895F15A93F9A61E13A960C17F3
                                                                                                SHA-256:4A204F20F82129D09196FA3F16F2340B9CBBE2FC5E27038E0E57F76E03D96E38
                                                                                                SHA-512:2FAAF11B8C6B5F487E8D563C8BA05F8CD34FA595AC2AD3CB9B1BFF29283DB7BE33D9345DFD9C19BD3EB058BBB8F45C32649F4B18E35F33CA300B35A516AEAB33
                                                                                                Malicious:false
                                                                                                Preview:............GDEF............GPOS.}.7...<...|GSUB.$+...C... "OS/2V.B.......`cmap.<..........cvt 3...........fpgmM$.|.......mgasp............glyf...........head.M.:...h...6hhea...i...D...$hmtx|. ...-P....loca.#.9.......Pmaxp...J...$... named..G........post......d...9,prep.K.........................N...R.....(.:.......m...................1.s........................33.7"._.<............F......x......s.4.........................X...K...X...^.2.B............ ...............ULA .............U.. .............. ...K...RX....Y.......cp...B@..k[K;.'..*...B@.p.`.P.@.4.,.....*...B@.r.h.X.H.:.0.%...*...BA..@.@.@.@.@.@......*...BA..@.@.@.@.@.@.@....*...D.$..QX.@.X..dD.&..QX......@.cTX...DYYYY@.r.b.R.B.6... ...*..........D..d..DD............................................................................>....."...6.........?...J...........?.?.....J.J.......................>......."...6.........;.........>.C....."...>...........G.......>......."...6.............4............."...$.5...7.:...<.=...B.\

                                                                                                C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Medium.ttf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 15 names, Microsoft, language 0x409
                                                                                                Category:dropped
                                                                                                Size (bytes):199912
                                                                                                Entropy (8bit):6.096339699160351
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:1DmsP234i3vSKmaHeqI9vOogmrctL7CzXjvfEZgczCLy5Bw9upmnJ0:1Dmse1v3He7Hh3zcBOupmnJ0
                                                                                                MD5:4C61E408402414F36F5C3A06ECC5915B
                                                                                                SHA1:F3C1C9E778680061C35EC512C918F1A630868872
                                                                                                SHA-256:02CF88921629EEBFB25FBBCF5D46D0EF5BB307BB0D8AF482F47A65BB6620B088
                                                                                                SHA-512:8F98065BD0B2FDA1A658FCCF9166BB4387A279D3471FFA8BE43B78FF874EE62735350390157270BC73A9AD84B7AC2DF81FC0538E3B5B569965C3D1BA55C47B92
                                                                                                Malicious:false
                                                                                                Preview:............GDEF............GPOS...6...t...GSUB.$+...D$.. "OS/2V..J.......`cmap.<..........cvt 0...........fpgmM$.|.. ....mgasp............glyf.@........|.head.8.!...h...6hhea...A...D...$hmtx+Bn...-.....locaKc.........Pmaxp...T...$... nameg5.........*post......dH..9,prep.K.........................L...P.....6.H.......m...............R...B.5........................33)..w_.<............F......x......5...........................X...K...X...^.2.>............ ...............ULA .............U.. .............. ...K...RX....Y.......cp...B@..k[K;.'..*...B@.p.`.P.@.4.,.....*...B@.r.h.X.H.:.0.%...*...BA..@.@.@.@.@.@......*...BA..@.@.@.@.@.@.@....*...D.$..QX.@.X..dD.&..QX......@.cTX...DYYYY@.r.b.R.B.6... ...*..........D..d..DD............................................................a.a.T.T.........>.........8.b.b.T.T.8...@...b.b.T.T.8.8.....@.@.....a.a.T.T...........>...........8.a.a.T.T.;.........>.@.........>.a.a.T.T...G.......>...........8.............4............."...$.5...7.:...<.=...B.\

                                                                                                C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Regular.ttf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:TrueType Font data, 17 tables, 1st "GDEF", 13 names, Microsoft, language 0x409
                                                                                                Category:dropped
                                                                                                Size (bytes):201976
                                                                                                Entropy (8bit):6.085964601621602
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:N5ZPg234i3vgm8LjbRWJrqi+Z5qefAMTvP/fXJGeqNE5Hv:Nrb1v18LjbwN/KAMTvPHXgZN4v
                                                                                                MD5:AED416691BA9AFB1590D9DDF220F5996
                                                                                                SHA1:8A441A013BB65EDB42D747EFC85CABA6D4149464
                                                                                                SHA-256:720187E6F1FEC0D3510A9407BFDF8B952DC61BD990EDEBAA477FBD72F66775C5
                                                                                                SHA-512:06B7933D35247259EA58271C6EDADB1DC7CAE80A158A47A4F41192773876C08F3DC0B31D5E11948936CFA6F696DAB1F6B10B9B5A697DBC7ACD06BCB49EFC44EC
                                                                                                Malicious:false
                                                                                                Preview:............GDEF............GPOS..f>...T....GSUB.$+...D... "OS/2U..?.......`cmap.<..........cvt /2..........fpgmM$.|.......mgasp............glyfQ.....8....head./.....h...6hhea...0...D...$hmtx......-h....locaqO.9.......Pmaxp...V...$... namef.1........post......d(..9,prep.K.........................L...R.....6.H.......m...............;...H..........................33.k.._.<............F......x........................|.........X...K...X...^.2.;............ ...............ULA .............U.. .............. ...K...RX....Y.......cp...B@..k[K;.'..*...B@.p.`.P.@.4.,.....*...B@.r.h.X.H.:.0.%...*...BA..@.@.@.@.@.@......*...BA..@.@.@.@.@.@.@....*...D.$..QX.@.X..dD.&..QX......@.cTX...DYYYY@.r.b.R.B.6... ...*..........D..d..DD............................................................H.H.>.>.........>.........9.H.H.>.>.5...<...H.H.>.>.5.5.....<.<.....H.H.>.>...........>...........9.H.H.>.>.;.........>.?.........>.H.H.>.>...G.......>...........9.............4............."...$.5...7.:...<.=...B.\

                                                                                                C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Bold.otf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:OpenType font data
                                                                                                Category:dropped
                                                                                                Size (bytes):4909668
                                                                                                Entropy (8bit):7.368899402965331
                                                                                                Encrypted:false
                                                                                                SSDEEP:98304:enEug8DH6ILVsFG88XJb2kRAOpEa3m5L4IlSyHApLmSi72TJiqvYg5Ka6xQQ3L:eu6dAl8ZTRAOpl30c6ELWmiqvY6yrL
                                                                                                MD5:E2406FF1791C401BC93E73D9E44E6D2B
                                                                                                SHA1:49E50DE244558C4C21F43D85B7404CABB970B30B
                                                                                                SHA-256:E7BE1CDB169344A75BDF09F8563DCF5E662194BE3064873B6B4CA57E0BA0774F
                                                                                                SHA-512:2A386A33F204FA5D07DA0DA4BB45590DDECA669235B77471FCA2E5405F749C9AD35289D439F48F2340377E27EE85725644C6F051D6DEEA10ED9C49B837B845FA
                                                                                                Malicious:false
                                                                                                Preview:OTTO.......pCFF .......|.E..GDEF............GPOS\.._..x<....GSUB..0.......j4OS/2...........`VORG....... ....cmap......%h....head.!4g.......6hhea..iv...@...$hmtx............maxpa%P.........name..H........:post...2... ... vhea.jv....d...$vmtx..Rc..........P.a%.........................................2.....................................n................a%...............>.n................_............j_.<...........x.......x......n...........................X...K...X...^.2.E............0...+.<.........GOOG. . ...p....... `.............. .......p.....f...k...k...z...........g...`.......{...g...g...g...g...g...g...g...g...g...g...g...g...g...................................................W...^...^...W...W...^...W...^...^...^...W...^...^...W...W...^...W...^...^...^...d...d...k.$...%...&.a.'.h...b...a...............b.......g.......g...v...g...g...g.......g...................g...v...g...g...g...................}...................v...................................-...O...a...a...g........

                                                                                                C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Medium.otf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:OpenType font data
                                                                                                Category:dropped
                                                                                                Size (bytes):4768768
                                                                                                Entropy (8bit):7.457467785730833
                                                                                                Encrypted:false
                                                                                                SSDEEP:98304:ZyEuezzWZAAjDyfnbWfANGPj89xGXE5D6fUdeujQlae22ljN1PSTl/EsqoCXpmU9:ZlzyZAAnyvbWY/9MODkKQl92YjeTls1L
                                                                                                MD5:32666AE307200B0BCAB5553590672BB1
                                                                                                SHA1:A4CDC5C494D118E231A32DDA98373E7835AC9DD8
                                                                                                SHA-256:256BB06B91D974DDBC0E3C063C85522CDA6187CC638F0C6AE5D752EFA63FE093
                                                                                                SHA-512:EB1459B024346ECB2A2014A481202C76988F2757C1287908295ECBF71E51CE1FDB886CC07C28B49D86FAEDD59FBFC7C017D5C5B797D03447314F882184E76847
                                                                                                Malicious:false
                                                                                                Preview:OTTO.......pCFF ...o.....B..GDEF............GPOS.....xx....GSUB..0....D..j4OS/2.G.........`VORG....... ....cmap......$.....head.'3........6hhea..i....@...$hmtx.i.....P....maxpa%P.........name..R........ppost...2... ... vhea..v....d...$vmtx..o....H......P.a%.........................................2.....................................o................a%............. .O.o................_............y_.<...........w.......w......o...........................X...K...X...^.2.E............0...+.<.........GOOG... ...p....... `.............. .......p.....d...g...g...v...........d...k...].......x...e...d...d...d...d...d...d...d...d...d...d...d...d...................................................T...[...[...T...T...[...T...[...[...[...T...[...[...T...T...[...T...[...[...[...d...d.$...%...&._.'.e..._..._..............._.......e.......e...u...e...e...e.......e...................e...u...e...e...e...................|...................u...................................*...O..._..._...e........

                                                                                                C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Regular.otf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:OpenType font data
                                                                                                Category:dropped
                                                                                                Size (bytes):4744692
                                                                                                Entropy (8bit):7.421579840888723
                                                                                                Encrypted:false
                                                                                                SSDEEP:98304:WREu/Kcw9VIXKPq8fCupfDdcCMjfe3NmletiwzaSs3ItjgB7v2bGPzraG69s9U59:WzbW+XKPPKqrd18f9MScGPXaVIU5YBQ
                                                                                                MD5:210989664066C01D8FFDBDF56BB773CD
                                                                                                SHA1:5F533D0D5CAF3847AFA2D78301E7B87B3485ECBC
                                                                                                SHA-256:29445948E432137E0DE104DEC389E956D72633AA0E4CB04CA572BB8E378E3D35
                                                                                                SHA-512:86AB46CE5F441AB7ADE525B0ACE1347D0B26A77303CDE9F11C68C772431E9CE181F50847C9D4D31026752F6230E66549692108DF9F1197F99C42FB5525C42ADC
                                                                                                Malicious:false
                                                                                                Preview:OTTO.......pCFF ...=....B.YGDEF............GPOS......x.....GSUB..0.......j4OS/2...........`VORG....... ....cmap......$.....head.-3}.......6hhea..i....@...$hmtx............maxpa%P.........name..Hy.......*post...2... ... vhea..v....d...$vmtx...j..........P.a%.........................................2.....................................p................a%.............6.[.p................_...........7h_.<...........w.......w......p...........................X...K...X...^.2.E............0...+.<.........GOOG.@. ...p....... `.............. .......p.....c...d...k...d...........b...i...[.......u...c...b...b...b...b...b...b...b...b...b...b...b...b...w...w...w...w.......w...w...w...w.......w...w...R...Y...Y...R...R...Y...R...Y...Y...Y...R...Y...Y...R...R...Y...R...Y...Y...Y...d...d.$...%...&.].'.c...]...]...............].......c.......c...c...c...c.......c...................c...c...c...c... ...............{...................................................'...N...]...]...c....................

                                                                                                C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Bold.otf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:OpenType font data
                                                                                                Category:dropped
                                                                                                Size (bytes):8716392
                                                                                                Entropy (8bit):7.495261473238618
                                                                                                Encrypted:false
                                                                                                SSDEEP:196608:tYotfY/gXxDZWgpU9Gt1Bzo5UO86DT2O/Hq8ADWmAp5G9r+4wNQ/+W:xtg/+DEx9RU0T2O/UW1p5G9lk+
                                                                                                MD5:9C8CB849CB0041912EC77C9C59725A2A
                                                                                                SHA1:60A514FD2A07CA63EBD7F5484951E50CB03F4FC2
                                                                                                SHA-256:D1961BE1161EA1BE08496C920862D06EA5C23A757628F4FD69368DE1D9F51BED
                                                                                                SHA-512:2C89324DCC21D9AAA44258BF96A295115F19B8264AB125250E20AB5BE0A7C1A55754BD754B569D938C7145FB431FCAFDA75900CD461F6A3FADD2D38728D13931
                                                                                                Malicious:false
                                                                                                Preview:OTTO.......pCFF G8j........fGDEF............GPOS.7"e..|....^GSUB..2.......)`OS/2...........`VORG#)..... ....cmap].....7h..E#head.!4{.......6hhea.......@...$hmtx.^K^...0....maxpx.P.........name..H........:post...2... ... vhea.j.o...d...$vmtx..yr.......B..P.x..........................................2.....................................n................x................>.n................wm........D..E_.<...........x.......x......n...........................X...K...X...^.2.E............ ...*.<.........GOOG. . ...p....... `.............. .......p.....f...k...k...z...........g...`.......{...g...g...g...g...g...g...g...g...g...g...g...g...g...................................................W...^...^...W...W...^...W...^...^...^...W...^...^...W...W...^...W...^...^...^...d...d...k...........a...h...b...a...............b.......g.......g...v...g...g...g.......g...................g...v...g...g...g...................}...................v...................................-...O...a...a...g........

                                                                                                C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Medium.otf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:OpenType font data
                                                                                                Category:dropped
                                                                                                Size (bytes):8508580
                                                                                                Entropy (8bit):7.531997873570796
                                                                                                Encrypted:false
                                                                                                SSDEEP:196608:jhk120oT4Q8zL13Y0kv11hkQzvL9+fWdJMEtr9HYMiOA5dZARxZsa2Hl9:9OQTD8zL1DkdzZL9+eJT4MjMKRbp2z
                                                                                                MD5:34D4F8EE5AD2748A4CF36D3D414B49AF
                                                                                                SHA1:57F0F560DF654BC8E322A44C947672AE92CD2FAD
                                                                                                SHA-256:9C62CEB174D7529AE4A7F2071F6531991CFADBC2F1897910B48BA951A580AC57
                                                                                                SHA-512:63D2E90007C7D26203E5010291478A431701018F6A75107C2365DCF3B968CE38086CED05E31C57505B5C2564E22A32E63410E5B143D57F7ED914276967096788
                                                                                                Malicious:false
                                                                                                Preview:OTTO.......pCFF ...q...x.|.,GDEF............GPOSN.....|.....GSUB..2....D..)`OS/2.G.........`VORG....... ....cmap].....7...E#head.'4........6hhea.......@...$hmtx..\.........maxpx.P.........name.eR........ppost...2... ... vhea.......d...$vmtx.......d...B..P.x..........................................2.....................................o................x.............. .O.o................wm..........._.<...........w.......w......o...........................X...K...X...^.2.E............ ...*.<.........GOOG... ...p....... `.............. .......p.....d...g...g...v...........d...k...].......x...e...d...d...d...d...d...d...d...d...d...d...d...d...................................................T...[...[...T...T...[...T...[...[...[...T...[...[...T...T...[...T...[...[...[...d...d..........._...e..._..._..............._.......e.......e...u...e...e...e.......e...................e...u...e...e...e...................|...................u...................................*...O..._..._...e........

                                                                                                C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Regular.otf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:OpenType font data
                                                                                                Category:dropped
                                                                                                Size (bytes):8482020
                                                                                                Entropy (8bit):7.490491055703114
                                                                                                Encrypted:false
                                                                                                SSDEEP:196608:V7zc85mwwTUbsFIpaGu97lX6vf6LzkROpDYBFSvjL/0jbGQH2YQylFW:i85mzTDGu97gEzkRNrS3/NC29ynW
                                                                                                MD5:E3AE561F7B8052D9AA9F2B0B09C33EA1
                                                                                                SHA1:7FB779EA2A8D83D7F80D4A2865D1EBB5E3CF1257
                                                                                                SHA-256:A2B93E6C2DB05D6BBBF6F27D413EC73269735B7B679019C8A5AA9670FF0FFBF2
                                                                                                SHA-512:32B1F305AEC14A5EA7C1166F76C5BA7DCD1D4FCF513902EA1E2811EC1F2B72CC73EFB6CAE4369FD877619EE66EAABD014C6ED0FF7C9D9B5E7F1C5FF3DCC8E8AD
                                                                                                Malicious:false
                                                                                                Preview:OTTO.......pCFF .^.......|..GDEF............GPOSS`.8..|h....GSUB..2.......)`OS/2...........`VORGb...... ....cmap].....7D..E#head.-3........6hhea...&...@...$hmtx...H...H....maxpx.P.........name..Hz.......*post...2... ... vhea.......d...$vmtx...........B..P.x..........................................2.....................................p................x..............6.[.p................wm..........._.<...........w.......w......p...........................X...K...X...^.2.E............ ...*.<.........GOOG.@. ...p....... `.............. .......p.....c...d...k...d...........b...i...[.......u...c...b...b...b...b...b...b...b...b...b...b...b...b...w...w...w...w.......w...w...w...w.......w...w...R...Y...Y...R...R...Y...R...Y...Y...Y...R...Y...Y...R...R...Y...R...Y...Y...Y...d...d...........]...c...]...]...............].......c.......c...c...c...c.......c...................c...c...c...c... ...............{...................................................'...N...]...]...c....................

                                                                                                C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Medium.ttf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2022 The Noto Project Authors (https://github.com/notofonts/thai)Noto Sans Thai Medium
                                                                                                Category:dropped
                                                                                                Size (bytes):46448
                                                                                                Entropy (8bit):6.342108991808269
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:mK81vBz2gZztejCF0T0y/bGxWBraFRP+PTleQBJ/vmjpJIuzXrlay+Jv8iqK5:mKMZzrE0tFRKTl1/vmxBay+Jv8iqK5
                                                                                                MD5:B26FBAE4345B2CD98CF41FCA34206B56
                                                                                                SHA1:A4075B2CFEAE20A076B0303622F3EC7A4A558480
                                                                                                SHA-256:6ACDBF858F40BCC0FA57B3971B1C5FE904C46B38DF8E4073556BD51F22FED358
                                                                                                SHA-512:E560A762DB0E95D5C85A7392C7E7622DA101DDADCCC3AC90C2ED09668FFD5AC4662EAB4EAC1A9486F599ABF0F321C3783D62838D48DD0046489B3BC26F486E0A
                                                                                                Malicious:false
                                                                                                Preview:............GDEF...\........GPOS.`.....p....GSUB>.C....@....OS/2...........`STAT.[.W...0...@cmap..TL........gasp.......|....glyfm.......w.head..<...|....6hhea.5.....h...$hmtx......}....`loca%.....y.....maxp......x.... name>.cL.......xpost..v;...p....preph..............^............3.!.%!.!^.....5.....63.d.............3....7..#"&&54632...&&#"....326553.3.3..#"&'7..326553..H..Y?6U0SJ.$..... +3363k...'<#.0.....39k..Z.C='P;KV..K..(*,099....f,:...C..<:x.....K...........#.'..7.32............#'32654&##532654&##..3.K.{y@;(A&7eF..K;>NzvH7DGjQ@$..JU8K..."?1:R+V=-,7V0,-).w.2.....N.....$....."&5.3...3265.3....2zjk;>><kk.ph.W..?>>?.Z..hp...&...../....35#53.326654&&#"..56632......#.G..)8.!H:1V&.c;]p30n[.L.'UDFW'..`..B~[X{A...3.....+.=..."&554676654&#"..'6632.............326554&##5326653............dk...........9.'0........00 $..& .k.,...e.^\7/9..".....H.../ #0..,%5*0./..#&?%6.7L... )..T[...O...../.#..."&&553...326554&&#"..56632....#'#....8Q,i54@H%E01\(.j?Vk2U...Y.&P@.{58REV<B...`..6hM..Q'4...?...B

                                                                                                C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Regular.ttf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:TrueType Font data, 16 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2022 The Noto Project Authors (https://github.com/notofonts/thai)Noto Sans ThaiRegular
                                                                                                Category:dropped
                                                                                                Size (bytes):46380
                                                                                                Entropy (8bit):6.332636311465189
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:tKC1+LWAHjb4oBQ4TETj4oaNGrHmcsa3cGr2yxzQqaf2KVvbd+9MzXrlaKn8iqK8:tKo4400XHDsa39/x8qevBBaKn8iqK8
                                                                                                MD5:DB4FA9CBA5C3BED6D99A608207F5240B
                                                                                                SHA1:65AF553B1091B015CAFEA3A1498C9F8E36997864
                                                                                                SHA-256:2166DDD8DD7650AC7A7D81FD229CACBE99C06CF559D93DB3B37D356312DEB405
                                                                                                SHA-512:BD81A38A4ADB1849D19393D6476719C13E93EA418DCF369E38872D0FF59325FD8058AC683B514EE3B6663FD8F88BABDA0CFD065CC5E0F7ED9E1858B5893F031F
                                                                                                Malicious:false
                                                                                                Preview:............GDEF...\...`....GPOS...#...L....GSUB>.C.........OS/2._.........`STAT...V.......Dcmap..TL........gasp.......X....glyf*.#.......w.head..<...|....6hhea.5.....`...$hmtxw.....}....`loca#..b..y.....maxp......x.... name9][........Zpost..v;...L....preph..............^............3.!.%!.!^.....5.....63.d.............3....7..#"&&54632...&&#"....326553.3.3..#"&'7..326553..L..Z?7U/RH.#.....#/87;7Y...)>#.......7<Y..a.F=(O:JU..C..,/14>>....l-;...:..?=w.....O...........#.'..7.32............#'32654&##532654&##..3.O.{|@<)B'8eF..RADVzvP;JNiY=$..IV9J..."?2:Q+LA1/;M301+.n.2.....Q.....$....."&5.3...3265.3....-vfY@CDAYg.ld.^..CBBC._..dl...&..........35#53.326654&&#"..56632......#.L..-<.!I>/W(.b9[m0/iX.F.(ZJJ\*..S..C~ZW{A...6.....*.=..."&554676654&#"..'6632.............326554&##5326653............_g...........5.%-......2.24"&..)".Y.....`.[[=2:..".....@...-.%0...%;.2./1.%'9&7.5J...!)..MW...Q.......#..."&&553...326554&&#"..56632....#'#....8S-X::GN'H30[+.g=Uj1I...[.'Q@..7=YIZBH...S..6hM..Q(3...B...9

                                                                                                C:\Program Files\FxSound LLC\FxSound\updater.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):1057176
                                                                                                Entropy (8bit):6.336031755439875
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:vgDKXk+MUYWnd/xgHKfZKKuDeNnEQh9Ip+o55cZPBREGz5ItHXBhb:vq+26/bse+g9UgZPBREGz5oHXBhb
                                                                                                MD5:BC7B29CD513AEC979CEFBF30E6D68A01
                                                                                                SHA1:26CAF25713A32D16658F062E14CD7C6068F536E4
                                                                                                SHA-256:5FD669E66046950328A555C8F3223D9F3E8599C7128E9DE15D29BD76CDE5DE30
                                                                                                SHA-512:AEA0CC8B1B195149DFD662948E04250CB6539B7C836C64AE8DE8C11A916A9CBEA13486691F33FE8FB1060CA3E267DCA385A5913DEC66A9CFE641B8FB98A57B69
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.k..{8..{8..{8.ex9..{8.e~9~.{8.m.9..{8.mx9..{8.o~9..{8.m~9..{8.e.9..{8.e}9..{8.ez9..{8..z8~.{8.mr9..{8.m.8..{8.my9..{8Rich..{8........................PE..L...[..b..........".... ............o........@....@..........................0.......F....@.....................................,....P...:...............)......<...@...p............................\..@............@..t...d........................text....-.......................... ..`.rdata..Z....@.......2..............@..@.data...<)... ......................@....rsrc....:...P...<..................@..@.reloc..<............X..............@..B................................................................................................................................................................................................................................................................................

                                                                                                C:\Program Files\FxSound LLC\FxSound\updater.ini

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):484
                                                                                                Entropy (8bit):5.430713079925545
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:1CGbPmi+BtvtSx7u1XK3VyXWCECFbSt7MecHB8zQ:1nn+be7u18V6g7MeRzQ
                                                                                                MD5:66DF04C3C3E209E28CD4226DDA3FA646
                                                                                                SHA1:A07956CF11956D975F601CA25D3267485319764B
                                                                                                SHA-256:7290DBD8641C8D682005AE0E93DA8F9AFD0C19A2A3C24F6ED781B4CFB0F53611
                                                                                                SHA-512:E7036D1DF37233DAA9611EB24615FB6D09E6F10707E9ECD729729A1E4858BE18092B090A8FD6BC69EDF929016FFF2990B03BD4F8E518EB00F9499FFEEB035980
                                                                                                Malicious:false
                                                                                                Preview:[General]..AppDir=C:\Program Files\FxSound LLC\FxSound\..ApplicationName=FxSound..CompanyName=FxSound LLC..ApplicationVersion=1.1.20.0..DefaultCommandLine=/silent..URL1=https://s3.amazonaws.com/downloads3.fxsound.com/fxsound/2/updates.txt..CheckFrequency=2..DownloadsFolder=C:\ProgramData\FxSound LLC\FxSound\updates\..Flags=NoDisableAutoCheck|PerMachine|VerifyDigitalSignature|NoUpdaterInstallGUI..ID={1CA2081B-0D5A-41DF-86E8-2788204CE340}..URL=https://download.fxsound.com/updates..

                                                                                                C:\ProgramData\FxSound LLC\FxSound\updates\updates.aiu.part

                                                                                                Download File
                                                                                                Process:C:\Program Files\FxSound LLC\FxSound\updater.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):497
                                                                                                Entropy (8bit):5.546037615393976
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:8odu5B8u1bWYSu1aFYl6zLOZrK3GfvXFQn0WYX0VB5:fu1bou1aul68u3MXH3cB5
                                                                                                MD5:59451DEEB43402AD76F849F6E15AE125
                                                                                                SHA1:E64FA3C155C7C0DDCD8DFC3606D9F533D5CF4B17
                                                                                                SHA-256:A236454D0707640CE09E73D38877A97CF6280B289B1A8A47D36DFBC74EC6EDD6
                                                                                                SHA-512:D2EF11FD1917A548DD4D271F66CE29505E2B2482CEC90816D4F0B7587325E73B703C6F69BE212C483E5178740559AC5E3AEA26AEA454B1C2AC8375486459CDC1
                                                                                                Malicious:false
                                                                                                Preview:;aiu;....[Update]..Name = FxSound..ProductVersion = 1.1.20.0..URL = https://download.fxsound.com/fxsoundlatest..URL1 = https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exe..Size = 46914960..SHA256 = 3541DF625AFFA384FEACF3CD3D64C47D2372EAB9A2055D57DDE08AFE7F85862C..MD5 = 9ea725e3e3bc82249957cc00b74c4882..ServerFileName = fxsound_setup.exe..Flags = SilentInstall|Sys64..RegistryKey = HKUD\Software\FxSound LLC\FxSound\Version..Version = 1.1.20.0..AutoCloseApplication = [APPDIR]FxSound.exe..

                                                                                                C:\ProgramData\FxSound\FxSound.settings

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):365
                                                                                                Entropy (8bit):5.210278155455057
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:TMVBd/1qFPM+/QOQlvqitMvVQqAvcW+cDvcWFLPcg:TMHdkFjQnjtMv3kzJZ0g
                                                                                                MD5:BE359259B30D461DBF8D299C3347C4AC
                                                                                                SHA1:7E8087FEC573363C1B568D993892ED1881F28B06
                                                                                                SHA-256:D2357AE5AEE6D8691DB67B9F9E7684A96B6FAC4DF62336F5F13679AE1D18727E
                                                                                                SHA-512:176E02BB757D35AE7732DA8CD17AEC6AA2771E3E346BB1F2F0CECD439DD6123926626368711554527729D4B83717331DE775B0796D087D12E348981137E24DC1
                                                                                                Malicious:false
                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>..<PROPERTIES>.. <VALUE name="power" val="1"/>.. <VALUE name="hotkeys" val="1"/>.. <VALUE name="preset" val="General"/>.. <VALUE name="cmd_on_off" val="196689"/>.. <VALUE name="cmd_open_close" val="196677"/>.. <VALUE name="cmd_change_preset" val="196673"/>.. <VALUE name="cmd_change_output" val="196695"/>..</PROPERTIES>

                                                                                                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound\Check for FxSound updates.lnk

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Sat Sep 16 21:13:02 2023, mtime=Thu Nov 16 13:33:48 2023, atime=Sat Sep 16 21:13:02 2023, length=1057176, window=hide
                                                                                                Category:dropped
                                                                                                Size (bytes):2074
                                                                                                Entropy (8bit):3.643855326275831
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:8q+bdatRdX/1d0VVd0Vz50bCS7crCW0bv:8q+g975o3W
                                                                                                MD5:530CA7B65233B22CE04011CDF529881D
                                                                                                SHA1:2150C7F72742E497C675A2E93E2844AA11B394CC
                                                                                                SHA-256:7C7DBD722878FEC245BF9D51F610D82B2C16CDCA656FE46FAD6509847D2857D7
                                                                                                SHA-512:0D8CBC3AA6B556D323BBBB613CCEC1E264FE96D8FFFB039B1B89882710D06447A272C322656E4A9BB20A23449B4022B32A2A16C940BE23EC383AC5AB9C7D70E1
                                                                                                Malicious:false
                                                                                                Preview:L..................F.@.. ....+S.......B.....+S......!...........................P.O. .:i.....+00.../C:\.....................1.....pW8t..PROGRA~1..t......O.IpW8t....B...............J....._...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....`.1.....pW8t..FXSOUN~1..H......pW8tpW8t.........................._...F.x.S.o.u.n.d. .L.L.C.....V.1.....pW:t..FxSound.@......pW8tpW:t..........................[...F.x.S.o.u.n.d.....b.2..!..0W.. .updater.exe.H......0W..pW9t....d.........................u.p.d.a.t.e.r...e.x.e......._...............-.......^...........;yc......C:\Program Files\FxSound LLC\FxSound\updater.exe..?.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.u.p.d.a.t.e.r...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.../.c.h.e.c.k.n.o.w.G.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.1.4.6.0.0.6.6.5.-.0.1.6.5.-.4.9.E.8.-.8.0.1.7.-.D.1.B.D.6.A.2.9.0.3.3.5.}.\.f.x.s.o.u.n.d.

                                                                                                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound\FxSound.lnk

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Sep 16 16:44:52 2023, mtime=Thu Nov 16 13:33:50 2023, atime=Sat Sep 16 16:44:52 2023, length=4595096, window=hide
                                                                                                Category:dropped
                                                                                                Size (bytes):2054
                                                                                                Entropy (8bit):3.6278255907185066
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:86+bdatRftDO/Bd0VsKd0Vd50bCS7crCW0b3:86+g4n5o3W
                                                                                                MD5:142435FDAC35154EA54C70EAE79C3895
                                                                                                SHA1:AA6E82A6314DC770C4337A57403CAE093FCC05B9
                                                                                                SHA-256:3A1E49B7C1DD149E31E4C9F14EE672F6D005406904BE0185DC4ECF1A4C005ED2
                                                                                                SHA-512:3C83E350D0B40F7A43FAF5F70485283AC28088AD77D050571DA49D1CB7DD399D16B31903A5A36724CFF86A401C6EF81BE1F3D11B79108A9694B2EECF30C1F877
                                                                                                Malicious:false
                                                                                                Preview:L..................F.@.. ......~....$U........~......F..........................P.O. .:i.....+00.../C:\.....................1.....pW8t..PROGRA~1..t......O.IpW8t....B...............J....._...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....`.1.....pW8t..FXSOUN~1..H......pW8tpW8t.........................._...F.x.S.o.u.n.d. .L.L.C.....V.1.....pW:t..FxSound.@......pW8tpW:t..........................[...F.x.S.o.u.n.d.....b.2...F.0W.. .FxSound.exe.H......0W..pW9t..............................F.x.S.o.u.n.d...e.x.e......._...............-.......^...........;yc......C:\Program Files\FxSound LLC\FxSound\FxSound.exe..?.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.F.x.S.o.u.n.d...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.G.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.1.4.6.0.0.6.6.5.-.0.1.6.5.-.4.9.E.8.-.8.0.1.7.-.D.1.B.D.6.A.2.9.0.3.3.5.}.\.f.x.s.o.u.n.d...e.x.e.........%Sys

                                                                                                C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\FxSound.lnk

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Sep 16 16:44:52 2023, mtime=Thu Nov 16 13:33:48 2023, atime=Sat Sep 16 16:44:52 2023, length=4595096, window=hide
                                                                                                Category:dropped
                                                                                                Size (bytes):2054
                                                                                                Entropy (8bit):3.631412769664099
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:8v+bdatNftDO/Bd0VsKd0Vd50bCS7crCW0b3:8v+gsn5o3W
                                                                                                MD5:41EABA29310E302A8D5B545285BEB275
                                                                                                SHA1:2CB4FC50E6B68E3F6DCF11A821F3507244358F69
                                                                                                SHA-256:697D6BCB13B77DACC0FD58AF02582AE9D57BB8AF926F52195A44A669B5A8E559
                                                                                                SHA-512:66F55315B5B2A11CD0B8DAF617A746972531984C5964DCA676C01D71DC77DADA495D1FEE3ABCEAEF9E818207C55F6E25261A8CDD805249030A30179B3CC657E7
                                                                                                Malicious:false
                                                                                                Preview:L..................F.@.. ......~..............~......F..........................P.O. .:i.....+00.../C:\.....................1.....pW8t..PROGRA~1..t......O.IpW8t....B...............J....._...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....`.1.....pW8t..FXSOUN~1..H......pW8tpW8t.........................._...F.x.S.o.u.n.d. .L.L.C.....V.1.....pW:t..FxSound.@......pW8tpW:t..........................v...F.x.S.o.u.n.d.....b.2...F.0W.. .FxSound.exe.H......0W..pW9t..............................F.x.S.o.u.n.d...e.x.e......._...............-.......^...........;yc......C:\Program Files\FxSound LLC\FxSound\FxSound.exe..?.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.F.x.S.o.u.n.d...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.G.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.1.4.6.0.0.6.6.5.-.0.1.6.5.-.4.9.E.8.-.8.0.1.7.-.D.1.B.D.6.A.2.9.0.3.3.5.}.\.f.x.s.o.u.n.d...e.x.e.........%Sys

                                                                                                C:\Users\Public\Desktop\FxSound.lnk

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Sep 16 16:44:52 2023, mtime=Thu Nov 16 13:33:50 2023, atime=Sat Sep 16 16:44:52 2023, length=4595096, window=hide
                                                                                                Category:dropped
                                                                                                Size (bytes):2036
                                                                                                Entropy (8bit):3.6291195346780953
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:80+bdatRftDO/cd0VsKd0Vd50bCS7crCW0b3:80+g4C5o3W
                                                                                                MD5:8F198BCF926BE905A069D03FCB14CDBD
                                                                                                SHA1:D0983C6C4A8E8815CF0FACD6E09AE1D80DFD5EC3
                                                                                                SHA-256:8EAD0FE771AFDBE2651135040C89B0AF754DE4245EECBED317800CFFFF504A1E
                                                                                                SHA-512:AD24EF91EDDBC066E090A55D7D4237AAC00F656B767C262299065C3E3D2DD62BE77BCA9982452A5C529C9F436940F57861FAFD804548E2005FD2DAFBEFE1AA03
                                                                                                Malicious:false
                                                                                                Preview:L..................F.@.. ......~.............~......F..........................P.O. .:i.....+00.../C:\.....................1.....pW8t..PROGRA~1..t......O.IpW8t....B...............J....._...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....`.1.....pW8t..FXSOUN~1..H......pW8tpW8t.........................._...F.x.S.o.u.n.d. .L.L.C.....V.1.....pW:t..FxSound.@......pW8tpW:t..........................[...F.x.S.o.u.n.d.....b.2...F.0W.. .FxSound.exe.H......0W..pW9t..............................F.x.S.o.u.n.d...e.x.e......._...............-.......^...........;yc......C:\Program Files\FxSound LLC\FxSound\FxSound.exe..6.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.F.x.S.o.u.n.d...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.G.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.1.4.6.0.0.6.6.5.-.0.1.6.5.-.4.9.E.8.-.8.0.1.7.-.D.1.B.D.6.A.2.9.0.3.3.5.}.\.f.x.s.o.u.n.d...e.x.e.........%SystemRoot%\Installer

                                                                                                C:\Users\user\AppData\Local\Temp\MSI43F7.LOG

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):53274
                                                                                                Entropy (8bit):3.738423346630698
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:NRY3Q7vN7ghOjd3Sk2IGResOYOEOYOQmSk2IGResOYY6YOYmQcaA+QLoiY/VTV/+:MZ
                                                                                                MD5:D228DF3C36FD7DF105AB4166334ED027
                                                                                                SHA1:0F8A36F8472008C715AC53BCB7AD36A6A29F5463
                                                                                                SHA-256:6AECF780CAE1A48D244BE22EDA408C1FB36FA7BC560F6B7193E6D6C736AF8868
                                                                                                SHA-512:7379EB9B6D4180AA30948D3BDEDBBE619BA234E4B40E12EDD889F4781307093C0C11AE5D6989742B3FE2CCB2AF17756FE0FC8FD6AD11C4DDEF37D553EE4B7130
                                                                                                Malicious:false
                                                                                                Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.6./.1.1./.2.0.2.3. . .1.5.:.3.3.:.4.3. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.U.s.e.r.s.\.t.o.t.t.i.\.D.e.s.k.t.o.p.\.f.x.s.o.u.n.d._.s.e.t.u.p...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.8.4.:.F.4.). .[.1.5.:.3.3.:.4.3.:.3.5.8.].:. .S.O.F.T.W.A.R.E. .R.E.S.T.R.I.C.T.I.O.N. .P.O.L.I.C.Y.:. .V.e.r.i.f.y.i.n.g. .p.a.c.k.a.g.e. .-.-.>. .'.C.:.\.U.s.e.r.s.\.t.o.t.t.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d. .1...1...2.0...0.\.i.n.s.t.a.l.l.\.f.x.s.o.u.n.d...x.6.4...m.s.i.'. .a.g.a.i.n.s.t. .s.o.f.t.w.a.r.e. .r.e.s.t.r.i.c.t.i.o.n. .p.o.l.i.c.y.....M.S.I. .(.c.). .(.8.4.:.F.4.). .[.1.5.:.3.3.:.4.3.:.3.5.8.].:. .S.O.F.T.W.A.R.E. .R.E.S.T.R.I.C.T.I.O.N. .P.O.L.I.C.Y.:. .C.:.\.U.s.e.r.s.\.t.o.t.t.i.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d. .1...1...2.0...0.\.i.n.s.t.a.l.l.\.f.x.s.o.u.n.d...x.6.

                                                                                                C:\Users\user\AppData\Local\Temp\MSI4706.tmp

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):563656
                                                                                                Entropy (8bit):6.432700089523593
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\MSI488b.LOG

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Unicode text, UTF-16, little-endian text, with very long lines (361), with CRLF, LF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):299748
                                                                                                Entropy (8bit):3.8343406228927375
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:8ZKljjs43dFNNw1mgjh+mRUKs8t6d0oHzxU7Ov/4DiaCyvFXmXwY+qKnTEF8p7bC:Njl5
                                                                                                MD5:C18A76C62AEEA1B87AA38BCAE702ABAC
                                                                                                SHA1:D9E3B6380FA860E434036E18E0F7E79CD8FF2688
                                                                                                SHA-256:EF11B16604A94676625E5098CAA41FCF9762CD9DE4DB1B3BC72BE99A4846DB71
                                                                                                SHA-512:7D1D3CDB937C387F17A7F95E752A66AA567EBC2F38EAED92E7464EEB409187EEF2B77944FB854A1B3E721FB420B238254DF246430A47F03E5570C3E8C869268E
                                                                                                Malicious:false
                                                                                                Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .1.6./.1.1./.2.0.2.3. . .1.5.:.3.3.:.4.4. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.m.s.i.e.x.e.c...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.6.8.:.6.C.). .[.1.5.:.3.3.:.4.4.:.5.5.9.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.6.8.:.6.C.). .[.1.5.:.3.3.:.4.4.:.5.5.9.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.6.8.:.8.4.). .[.1.5.:.3.3.:.4.4.:.6.2.1.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.6.8.:.8.4.). .[.1.5.:.3.3.:.4.4.:.6.2.1.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .

                                                                                                C:\Users\user\AppData\Local\Temp\shi4678.tmp

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):5038592
                                                                                                Entropy (8bit):6.043058205786219
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:vVkDvLSkqdbEsuV+ebMh8w+/H8pF/bmlEyGjWvcP1xQ+X7TqVAMPLfQyim8kznsY:2Ll+Mn0WHl9VA2ic/
                                                                                                MD5:11F7419009AF2874C4B0E4505D185D79
                                                                                                SHA1:451D8D0470CEDB268619BA1E7AE78ADAE0EBA692
                                                                                                SHA-256:AC24CCE72F82C3EBBE9E7E9B80004163B9EED54D30467ECE6157EE4061BEAC95
                                                                                                SHA-512:1EABBBFDF579A93BBB055B973AA3321FC8DC8DA1A36FDE2BA9A4D58E5751DC106A4A1BBC4AD1F425C082702D6FBB821AA1078BC5ADC6B2AD1B5CE12A68058805
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.D!...!...!...(.V.C...5..."...5...&...5...)...!......5...:...5... ...5...R...5.:. ...5... ...Rich!...................PE..d...p............." .........D...............................................`M.....'.M...`A........................................@.H.L&....I......@K.H.....I..............@M.....`J:.p.......................(....%..............@.......$.H......................text...4B.......D.................. ..`.wpp_sf.....`.......H.............. ..`.rdata...L*......N*.................@..@.data...hD...PI......*I.............@....pdata........I......2I.............@..@.didat.......0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc.......@M.. ....L.............@..B........................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{b9e6171e-db51-354e-8520-b3defe7fbf71}\SET6F3D.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):10590
                                                                                                Entropy (8bit):7.254430659006022
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:1OgjZ7OPJCbngEw9JPgXkhYCClQBcA5E8qnajEzHbC:18UuLh3Cl+x5E8l4zu
                                                                                                MD5:ACDAAE5D1219E7703285C42F774BE54D
                                                                                                SHA1:47DF82D8C843BF1ADC098A26E9E3E27217B3104D
                                                                                                SHA-256:25C8DAE186155D20F74FEEDEFB4F84161E4215925B8FD0C898F68F3E50EBCD7D
                                                                                                SHA-512:83B663222FB22B1760EA8551D19557F3F2905BFAC205B380B23DD7F2A65A37B851A3C3C345E4A768B76700BB891B97C96A0DBBB58D81358993293AD1EB3E300A
                                                                                                Malicious:false
                                                                                                Preview:0.)Z..*.H........)K0.)G...1.0...`.H.e......0.....+.....7......0...0...+.....7.....7.M&...A.f..B....210319161347Z0...+.....7.....0..?0....#..6yS{.I..^o.Q{.A.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0.... Kt=..].....&...m.ng..,.....Q...|1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... Kt=..].....&...m.ng..,.....Q...|0... ..\...{...*p$..B.F.C8..C.p....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..\...{...*p$..B.F.C8..C.p....0.....w7=-{x|<....8....O.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s......C0..?0....+.....7......0.....S.u.

                                                                                                C:\Users\user\AppData\Local\Temp\{b9e6171e-db51-354e-8520-b3defe7fbf71}\SET6F4D.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                File Type:Windows setup INFormation
                                                                                                Category:dropped
                                                                                                Size (bytes):5334
                                                                                                Entropy (8bit):5.628759224235533
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:3q9BSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3qzSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                MD5:328087CAF99B50D988A304BEEEA3FCE8
                                                                                                SHA1:23FFEF913679537BB049008F5E6F8E517BB24192
                                                                                                SHA-256:BA175CFDDD91B87BDDA3F1DF2A70249E1742E846B843381EB0438B70F91A110A
                                                                                                SHA-512:D006E8DE0F9258A3EE75723E458D635586040702C1357630F199CF5740C7E29D87FEFD4B869A897BDD26B67FAD134E6BF35A2C01C3A00ACC8BF20181D7DA1AA3
                                                                                                Malicious:false
                                                                                                Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/17/2021,14.1.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                C:\Users\user\AppData\Local\Temp\{b9e6171e-db51-354e-8520-b3defe7fbf71}\SET6F6E.tmp

                                                                                                Download File
                                                                                                Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):326656
                                                                                                Entropy (8bit):2.91036654915667
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:3Ft4aLqpAogNTiqwu2CvcCjikibqqqqqqqqqqqqqqqqqqqaFgNj////////////l:T45A/N8Cfjik6scccoFtr
                                                                                                MD5:EAF913C1DE47C2421669B662EDAA5A6A
                                                                                                SHA1:53524526E1898A90FA98AE02E662B9C0E6DC2848
                                                                                                SHA-256:425629B6309000013E8CD1A9B827BEE365D21C9F743873AADD0C3BC96A999D2A
                                                                                                SHA-512:BB674FEB73751172A1ACE65AAB89C5EBF952A07F7AF0F3EC1DADF357FF693230CF08910AE273E8335EEC35E5827DA6405272D05C161987DF679199935AF21A76
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................X.......X.R.....X.......Rich....................PE..d....@R`.........."......6..........0..........@............................. ......cM....`A....................................................<........|...@...........$..........8)..8...........................p)............... ...............................text...)........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@.......(..............@..HPAGE....J'...P...(...,.............. ..`INIT.................T.............. ..b.rsrc....|.......~...X..............@..B.reloc..............................@..B........................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.msi

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {1FE29950-43C3-42AA-A25F-578F09237F5B}, Number of Words: 2, Subject: FxSound, Author: FxSound LLC, Name of Creating Application: FxSound, Template: ;1033, Comments: This installer database contains the logic and data required to install FxSound., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                Category:dropped
                                                                                                Size (bytes):2117632
                                                                                                Entropy (8bit):6.598867176501236
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:sxNYvPMg85nF9BrdLq2+cZfsZrAWlGFAvHZXm1+Ck:sY3orxq1AWkFA
                                                                                                MD5:164DBF6A8998960D7EF4E2ACECC5F415
                                                                                                SHA1:27303F0D0BAD5ED8AA551368B3718FF6180BEDD7
                                                                                                SHA-256:965CDEE211FF716C29D9767898D270F2457112A9379A272E6F2C2B09C27B4CA0
                                                                                                SHA-512:BD613F1EF6D1A48455B853381A26027BFFB627A7DDC18260D3B6E82D433D5D62A56C19DC74DE475486E5368EBFF6727C0F8626697378BB93A172214E95636683
                                                                                                Malicious:false
                                                                                                Preview:......................>...................!...................................V.......~...............................X...................................................................................................................................................................................................................................................................................................................................................................................................................p...................,...<....................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...8...:......./...0...1...2...3...4...5...6...7.......9...=...;...C...O...>...?...@...A...B...E...D...L...F...G...H...I...J...K.......M...N...X...P...Q...R...S...T...U...........X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.x64.msi

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {D5DE046A-A59D-4852-B552-7C613C8DBEAF}, Number of Words: 2, Subject: FxSound, Author: FxSound LLC, Name of Creating Application: FxSound, Template: x64;1033, Comments: This installer database contains the logic and data required to install FxSound., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                Category:dropped
                                                                                                Size (bytes):2117632
                                                                                                Entropy (8bit):6.598567603205823
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:VcfYwPMg85nF9Brdgq2+cZfsZXAWlGFAvHZXm1+rN:sY6oruqxAWkFA
                                                                                                MD5:42FA3A7E2E5BC46FBBB6DBC801A7EFEA
                                                                                                SHA1:8B33A5D24120F9B88170CFCF8FDD802DA8882C56
                                                                                                SHA-256:8BE0260EAD9EF1F0D6097CA26A30BBE18A7E59E3BD8160F5465E1107DD1C6648
                                                                                                SHA-512:77574873F7695419F8FBF125B11764DC1F1583F9A3ED8860803AE72AB5C9AA47BD27AF3EE94B29A02D4AF28AE74D26BD90C9A8AC9C9D348F071CF15E011C586A
                                                                                                Malicious:false
                                                                                                Preview:......................>...................!...................................V.......~...............................X...................................................................................................................................................................................................................................................................................................................................................................................................................p...................,...<....................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...8...9......./...0...1...2...3...4...5...6...7.......:...;...=...C...N...>...?...@...A...B...E...D...K...F...G...H...I...J...O...L...M...X...P.......Q...R...S...T...U...........X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound1.cab

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                File Type:Microsoft Cabinet archive data, many, 39420851 bytes, 58 files, at 0x44 +A "FxSound.exe" +A "FxSound.settings", flags 0x4, ID 1234, number 1, extra bytes 20 in head, 1631 datablocks, 0x1 compression
                                                                                                Category:dropped
                                                                                                Size (bytes):39431555
                                                                                                Entropy (8bit):7.998338875644748
                                                                                                Encrypted:true
                                                                                                SSDEEP:786432:rHAuWfgcKbjylyM5fZFKlG4GjIKNnSTAk5jDSUfzTm8/t4zdahXZBHHAIG:suG1KEyM5fZdxjIKNnEZDFLf/SJ+XZpG
                                                                                                MD5:69DB76D4D58760C3CD42C04CFCCB9124
                                                                                                SHA1:40A129702E82DE5F2E6C9498DFBC918717FBA947
                                                                                                SHA-256:029BB5DEC04A6E33970E2EF57997D5372817756DC2C17DFA7D1AE37B3D49318A
                                                                                                SHA-512:8181B712DDAB654CC24703BFFFA0079A74A44524A3700B3ABFB2199186096ADC13C1079745B28C3384ED3C184D7EBADAA80F14AF7760629FA4D11627B38438AD
                                                                                                Malicious:false
                                                                                                Preview:MSCF......Y.....D...........:.................Y..).............._.....F.......0W.. .FxSound.exe.m.....F...,WEX .FxSound.settings...;...F...0W=. .FxSound.exe_2..3.........T\. .ptdevcon32.exe..........T\. .ptdevcon64.exe.....m......T+. .DfxSetupDrv.exe...........T\. .dfx.ico..!........0W.. .updater.exe.....y<....0W.. .DfxInstall.dll.&}...4.....V. .fxsound.ico.....7......T.} .fxdevcon64.exe...........T+. .fxvad.inf...........T+. .fxvad.sys.^)........T+. .fxvadntamd64.cat..M.........T.} .fxdevcon32.exe......V.....T+. .fxvad.inf_1.....qk.....T+. .fxvad.sys_1.U)..qW.....T+. .fxvadntx86.cat...........T.} .fxdevcon64.exe_1.....^......T+. .fxvad.inf_2.....4......T+. .fxvad.sys_2.`%.........T+. .fxvadntamd64.cat_1..M..|.....T.} .fxdevcon32.exe_1...... .....T+. .fxvad.inf_3......4.....T+. .fxvad.sys_3.a%.........T+. .fxvadntx86.cat_1.....3D.....T+. .fac......G.....T+. .fac_1......K.....T+. .fac_2.....gO.....T+. .fac_3....."S.....T+. .fac_4......V.....T+. .fac_5......Z.....T+. .fac_6.....

                                                                                                C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\holder0.aiph

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):39431555
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:D93DFEE3CB6CE63DA8DE821BF93BFDBA
                                                                                                SHA1:A35882AAFA2D9558B6B083B6E6EA44A9FCED2C71
                                                                                                SHA-256:47A71DE1F1A875CC47513A3607E52F638D76405ADC3337A63B909ADC10AD27BD
                                                                                                SHA-512:D0D3FC1F6A030B19C5553DD35F9C21C87DCA8E5F07D7242E708A2BB1EF28464ABBACDC35810C3542FCF207F0CB65E8F1FC854878DE3113D26BCD1441A68E08D3
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Users\user\AppData\Roaming\FxSound\FxSound_tempd68278d6.settings

                                                                                                Download File
                                                                                                Process:C:\Program Files\FxSound LLC\FxSound\FxSound.exe
                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):199
                                                                                                Entropy (8bit):5.134952086722843
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:vFWWMNHU8LdgCf3q1iXvFjz9sQCQriF0qCH9Rz9sl6c286AlRqbyFjz9sl6c286r:TMVBd/+qFPLemVs+b4VNb7dn
                                                                                                MD5:87D0982F5500919568CD4D775DB57BCF
                                                                                                SHA1:9FB7B681B302A81BCDA7064099BF1CC8F332137D
                                                                                                SHA-256:367993596516DD874F7D3DD89488142033DB7B76E4670C0D7E2F143C92899A0D
                                                                                                SHA-512:5D57866402BD36C1FC54702E5A661601F99A18CA6497D5EC3BACCE2A3F9973115EC400211BB9859B7867355DFF578AE6E205E14C4CD41C0676B2E83F5ABB4C06
                                                                                                Malicious:false
                                                                                                Preview:<?xml version="1.0" encoding="UTF-8"?>....<PROPERTIES>.. <VALUE name="language" val="en-GB"/>.. <VALUE name="output_device_id" val=""/>.. <VALUE name="output_device_name" val=""/>..</PROPERTIES>..

                                                                                                C:\Users\user\AppData\Roaming\FxSound\fxsound.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\FxSound LLC\FxSound\FxSound.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):142
                                                                                                Entropy (8bit):3.7559592629144
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:+/3PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPovhCW6KGDb:+ovJ5t0KKLMQ20Ln7
                                                                                                MD5:D8FA476B7BC232A5621196BC157ADDDA
                                                                                                SHA1:2B3D5AF3F2F0E7D9553128CD3BCF82FE4DC18753
                                                                                                SHA-256:70D3D58BA418B97C77DC77EB94FADBE034ECC08BDB37CB7C4B09568903A749D4
                                                                                                SHA-512:21E8621830BD86E0D90E2D0F26D6A5B1B75B778849CEBA5F334F39E0CC0377A48FA54E4EC5412FD17B0D9EEBC18955BB131230576E0209AC7004432BD715338D
                                                                                                Malicious:false
                                                                                                Preview:..**********************************************************..FxSound logs..Log started: 16 Nov 2023 4:41:56pm....v1.1.20.0..Windows 10..x64..

                                                                                                C:\Windows\INF\c_media.PNF

                                                                                                Download File
                                                                                                Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2108 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB
                                                                                                Category:dropped
                                                                                                Size (bytes):13156
                                                                                                Entropy (8bit):3.6250477571032174
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:cJOzh59k3f3WSkEFRcpXyY3q0xPOQlf88GcNy1/HC3T6gYq2hwyvVATCG5qylmqG:7Qf3woapXQXQ1HNogE3lJSZmXx7p
                                                                                                MD5:60B2EF95F0A811CC6FD2E163338A7294
                                                                                                SHA1:0006F7466FDAA96BA0F306EBA5B8D65312806D1B
                                                                                                SHA-256:F059676DE05CEB7116BCB5DC6C3F390B056BB2798DF3B70A3F76EF34F7DB2EA9
                                                                                                SHA-512:C924E5CC4E55EF5238FFBA082C747D941062FD8D6615805924DC6528D8B7A39BCAD49EFB4176BB3F220C12C80FE65F0B97A8669C5C738D199C923A5CCEBD0B0C
                                                                                                Malicious:false
                                                                                                Preview:.....................!..h.......L..........x ......."......."..,... '......@-..h...............`3......C.:.\.W.i.n.d.o.w.s.....e.n.-.G.B...................................................................................................................................L...h...............X.......................................................................L...........................................D...........................................8.......0.......................................................................................................................D....................... ...............................................................L...................................................d.......................................................................T.......|.......................t...................t...............................................................................................................................................................

                                                                                                C:\Windows\INF\oem4.inf

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\drvinst.exe
                                                                                                File Type:Windows setup INFormation
                                                                                                Category:dropped
                                                                                                Size (bytes):5334
                                                                                                Entropy (8bit):5.628759224235533
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:3q9BSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3qzSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                MD5:328087CAF99B50D988A304BEEEA3FCE8
                                                                                                SHA1:23FFEF913679537BB049008F5E6F8E517BB24192
                                                                                                SHA-256:BA175CFDDD91B87BDDA3F1DF2A70249E1742E846B843381EB0438B70F91A110A
                                                                                                SHA-512:D006E8DE0F9258A3EE75723E458D635586040702C1357630F199CF5740C7E29D87FEFD4B869A897BDD26B67FAD134E6BF35A2C01C3A00ACC8BF20181D7DA1AA3
                                                                                                Malicious:false
                                                                                                Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/17/2021,14.1.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                C:\Windows\INF\setupapi.dev.log

                                                                                                Download File
                                                                                                Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                File Type:Generic INItialization configuration [BeginLog]
                                                                                                Category:dropped
                                                                                                Size (bytes):59240
                                                                                                Entropy (8bit):5.2127293135969825
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:OGdni80C/8g0atRf7yr14ujuNY9AZi3Z/oUtwrIqUQGSE2wozvDBcr0JWirhMjyJ:Own95cdyYloiwdyz2wE9crmhMuTt
                                                                                                MD5:EAF6131DC437A11707F8DC43C6D881A1
                                                                                                SHA1:47021CD23F4F2D70DAE45EBCC0A56E7ED21DE221
                                                                                                SHA-256:A7D7E8D85AD20B19609560007A42478E3003B76EC90BA9339B678F1EC71D9723
                                                                                                SHA-512:43474A954865F70294E18BDC892BC7BCC198AD0CBEE8F60D40F59BA438F198C4727A30F4CA9D5264D11F556BE930A1318F60780CAA27ABA95E59FDF41DD37076
                                                                                                Malicious:false
                                                                                                Preview:[Device Install Log].. OS Version = 10.0.19045.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2023/10/03 09:57:02.288]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2023/10/03 09:57:37.904.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.19041.1806.. inf: Catalog File: prnms009.cat.. ump: Import flags: 0x0000000D.. pol: {Driver package policy check} 09:57:37.920.. pol: {Driver package policy check - exit(0x00000000)} 09:57:37.920.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf:

                                                                                                C:\Windows\Installer\404a02.msi

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {D5DE046A-A59D-4852-B552-7C613C8DBEAF}, Number of Words: 2, Subject: FxSound, Author: FxSound LLC, Name of Creating Application: FxSound, Template: x64;1033, Comments: This installer database contains the logic and data required to install FxSound., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                Category:dropped
                                                                                                Size (bytes):2117632
                                                                                                Entropy (8bit):6.598567603205823
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:VcfYwPMg85nF9Brdgq2+cZfsZXAWlGFAvHZXm1+rN:sY6oruqxAWkFA
                                                                                                MD5:42FA3A7E2E5BC46FBBB6DBC801A7EFEA
                                                                                                SHA1:8B33A5D24120F9B88170CFCF8FDD802DA8882C56
                                                                                                SHA-256:8BE0260EAD9EF1F0D6097CA26A30BBE18A7E59E3BD8160F5465E1107DD1C6648
                                                                                                SHA-512:77574873F7695419F8FBF125B11764DC1F1583F9A3ED8860803AE72AB5C9AA47BD27AF3EE94B29A02D4AF28AE74D26BD90C9A8AC9C9D348F071CF15E011C586A
                                                                                                Malicious:false
                                                                                                Preview:......................>...................!...................................V.......~...............................X...................................................................................................................................................................................................................................................................................................................................................................................................................p...................,...<....................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...8...9......./...0...1...2...3...4...5...6...7.......:...;...=...C...N...>...?...@...A...B...E...D...K...F...G...H...I...J...O...L...M...X...P.......Q...R...S...T...U...........X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                C:\Windows\Installer\404a05.msi

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {D5DE046A-A59D-4852-B552-7C613C8DBEAF}, Number of Words: 2, Subject: FxSound, Author: FxSound LLC, Name of Creating Application: FxSound, Template: x64;1033, Comments: This installer database contains the logic and data required to install FxSound., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                Category:dropped
                                                                                                Size (bytes):2117632
                                                                                                Entropy (8bit):6.598567603205823
                                                                                                Encrypted:false
                                                                                                SSDEEP:49152:VcfYwPMg85nF9Brdgq2+cZfsZXAWlGFAvHZXm1+rN:sY6oruqxAWkFA
                                                                                                MD5:42FA3A7E2E5BC46FBBB6DBC801A7EFEA
                                                                                                SHA1:8B33A5D24120F9B88170CFCF8FDD802DA8882C56
                                                                                                SHA-256:8BE0260EAD9EF1F0D6097CA26A30BBE18A7E59E3BD8160F5465E1107DD1C6648
                                                                                                SHA-512:77574873F7695419F8FBF125B11764DC1F1583F9A3ED8860803AE72AB5C9AA47BD27AF3EE94B29A02D4AF28AE74D26BD90C9A8AC9C9D348F071CF15E011C586A
                                                                                                Malicious:false
                                                                                                Preview:......................>...................!...................................V.......~...............................X...................................................................................................................................................................................................................................................................................................................................................................................................................p...................,...<....................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...8...9......./...0...1...2...3...4...5...6...7.......:...;...=...C...N...>...?...@...A...B...E...D...K...F...G...H...I...J...O...L...M...X...P.......Q...R...S...T...U...........X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                C:\Windows\Installer\MSI4BF6.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):563656
                                                                                                Entropy (8bit):6.432700089523593
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\MSI4D10.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):563656
                                                                                                Entropy (8bit):6.432700089523593
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\MSI4D40.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):563656
                                                                                                Entropy (8bit):6.432700089523593
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\MSI4D7F.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):648136
                                                                                                Entropy (8bit):6.449062813580053
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:kEvIkrf4bxnJAN9Wk9BR3NUBNoACiSsmqJBoQZXm1+g:keIgMyR3iyACyHZXm1+g
                                                                                                MD5:9B4B4EA6509E4DB1E2A8F09A7C6F8F04
                                                                                                SHA1:512880ABE3C9696EDB042599BD199F1D05210AA2
                                                                                                SHA-256:3774C31039CB87ED0327F49A00ABD7B4211AC938A46378B8661CD5D8B3B34F94
                                                                                                SHA-512:63B4788A3AD000C08582F55532DC06BF88BC4111837A63E8157E0F5F668225F46758F9481B6E526A5A813F4F0CC9BE65FB4107D2135C61083274592AF03BA608
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................-......-...W......................-...........-.......-.................................r............Rich....................PE..L......b.........."!... . ...................0............................................@.........................p=.......>..........h................#.......`...`..p....................a.......C..@............0......4;..@....................text............ .................. ..`.rdata..4!...0..."...$..............@..@.data...@"...`.......F..............@....rsrc...h............X..............@..@.reloc...`.......b...^..............@..B........................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\MSI4DBF.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):563656
                                                                                                Entropy (8bit):6.432700089523593
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\MSI4DEF.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):563656
                                                                                                Entropy (8bit):6.432700089523593
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\MSI4E3E.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):648136
                                                                                                Entropy (8bit):6.449062813580053
                                                                                                Encrypted:false
                                                                                                SSDEEP:12288:kEvIkrf4bxnJAN9Wk9BR3NUBNoACiSsmqJBoQZXm1+g:keIgMyR3iyACyHZXm1+g
                                                                                                MD5:9B4B4EA6509E4DB1E2A8F09A7C6F8F04
                                                                                                SHA1:512880ABE3C9696EDB042599BD199F1D05210AA2
                                                                                                SHA-256:3774C31039CB87ED0327F49A00ABD7B4211AC938A46378B8661CD5D8B3B34F94
                                                                                                SHA-512:63B4788A3AD000C08582F55532DC06BF88BC4111837A63E8157E0F5F668225F46758F9481B6E526A5A813F4F0CC9BE65FB4107D2135C61083274592AF03BA608
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................-......-...W......................-...........-.......-.................................r............Rich....................PE..L......b.........."!... . ...................0............................................@.........................p=.......>..........h................#.......`...`..p....................a.......C..@............0......4;..@....................text............ .................. ..`.rdata..4!...0..."...$..............@..@.data...@"...`.......F..............@....rsrc...h............X..............@..@.reloc...`.......b...^..............@..B........................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\MSI536F.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):563656
                                                                                                Entropy (8bit):6.432700089523593
                                                                                                Encrypted:false
                                                                                                SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\MSI54E7.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):51328
                                                                                                Entropy (8bit):4.258089600619086
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:Tg91T7hVHUjxoTwba/cp9fbs1kjPR5vFXAoREdWzgXPE35DvgAXXfABH3sNmKCwq:TAJ00Eh41kj5jXAoREwz1u8d3GEhK9/h
                                                                                                MD5:FCC75F4092AE6A8E27372C43908D5222
                                                                                                SHA1:7D7605917D55BA8EEBFB52C08C767DE6903C7D83
                                                                                                SHA-256:4228F00EB9D3B305D10410372D117F2F43BE758FEFE5D589175A9CBF6C77A680
                                                                                                SHA-512:104DD597DDF884B1B243F297F91F080095FB9FD50F8D97EB11A3D4ED70D2C69B8F40130F398779033B32E3C48161607A7E4038381DC4F0E6E3D3A5B7D76E3001
                                                                                                Malicious:false
                                                                                                Preview:...@IXOS.@.....@8|pW.@.....@.....@.....@.....@.....@......&.{14600665-0165-49E8-8017-D1BD6A290335}..FxSound..fxsound.x64.msi.@.....@.....@.....@......fxsound.exe..&.{D5DE046A-A59D-4852-B552-7C613C8DBEAF}.....@.....@.....@.....@.......@.....@.....@.......@......FxSound......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{215927B7-6543-4106-B941-F33B96B65E3B}%.C:\Program Files\FxSound LLC\FxSound\.@.......@.....@.....@......&.{82E872A6-8D59-4785-92C3-8BBFF79EB0E4}0.C:\Program Files\FxSound LLC\FxSound\FxSound.exe.@.......@.....@.....@......&.{E6F40D13-6200-4931-A7A2-6142F7821778}9.C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe.@.......@.....@.....@......&.{EE536E27-12E6-4F20-A3E7-6A073AED85CB};.C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exe.@.......@.....@.....@......&.{FF4D6223-08FD-4830-A07F-C3307A8FA1B5};.C:\Program Files\FxSound LLC

                                                                                                C:\Windows\Installer\SourceHash{14600665-0165-49E8-8017-D1BD6A290335}

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.202953444695654
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:JSbX72FjXfsXAlfLIlHuRpzhG7777777777777777777777777ZDHFc3lmNpECUL:JwUIwqKVmNplUVF
                                                                                                MD5:88F40D93C202ECE96B982815EE3DB91E
                                                                                                SHA1:9F92210CE6EA15CEC203CE08907386621920C826
                                                                                                SHA-256:5D3C659AF3E5C4FEAB8EFB1892335D5B853E7C356145CA2CC374D5E317388CAA
                                                                                                SHA-512:E6BE31E3E3C1C2D76A362770D85C6269651CA6D59C977F87E8BC9C3768F0A87FC179BB976DED897877B4029E6463D251682B1254A65670FBB2857078A5090F35
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.7439289039084647
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:F8PhauRc06WX4YFT5QwVsjXd0V2AEkrCyAaMpWSkd0VoMpXxdvyFFDnha50bw8pr:oha1oFTy2RCCVT6DEna5chRCU5
                                                                                                MD5:921734618A91955CEFC5C7FD3B080655
                                                                                                SHA1:80C029E25EEB00453FBF6BF90BDB263568F222EA
                                                                                                SHA-256:E3E44C457F6D97DDB08F8CB4DABAEF3A515DA4D44AA3646B3E4E5D7C8C95A402
                                                                                                SHA-512:D6655A9ECF76DC736870FEE32971977C0943CF2624CED25AE143E5B3E2D8261A5477EA88D7F92FF1978EF243B2F946C2DABAC392FF7198DB23581D2A6E7D2203
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Installer\{14600665-0165-49E8-8017-D1BD6A290335}\fxsound.exe

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                Category:dropped
                                                                                                Size (bytes):32038
                                                                                                Entropy (8bit):2.096487496878294
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:MuoSQH7SQKSQ37izg88PE3gGDvfYduXX3XfAw0EYpR9THXXXbLom+vvvvChboTCy:NoREdWzgXPE35DvgAXXfABH3sNmKCwiW
                                                                                                MD5:F6822EF3F0A697D83A3F51D133E180DC
                                                                                                SHA1:AD9451A6195338DF5260150EFE2178CB0072EE2F
                                                                                                SHA-256:E350B7DA8FBD6798191FD591EFDA4D2B947BD2B48F8CFB54AC084D79FBBA14E4
                                                                                                SHA-512:493172B804679D518DC38267CBB45B0A3359BF254532089A28DBCD00EC9E5DB5D94BCE8EC504343E58419F351CABBCBC1C943B28923A5F31AA09DE4D362EE47F
                                                                                                Malicious:false
                                                                                                Preview:............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... ............................'...........................................................'............................................................................................................................................................................................................TTT.===.....###.zzz.zzz.###.....===.TTT.................'''.........ppp.....KKK.........KKK.....ppp.........'''.........'''.........ppp.....LLL.........LLL.....ppp.........'''.................MMM.ppp.....LLL.........LLL.....ppp.KKK.............................rrr.....LLL.........LLL.....rrr.................................mmm.....HHH.........HHH.....mmm.................................###.```.................aaa.###.............................................................................................................|||.|||.......................................................................................

                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):360001
                                                                                                Entropy (8bit):5.362990205217841
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauE:zTtbmkExhMJCIpE1
                                                                                                MD5:5115F0BD566B559042D2796727F64A04
                                                                                                SHA1:1AA5C57E05F8A973736772D6C783569D63FD398D
                                                                                                SHA-256:ABA64524D97B967A66E5526163A0AA4DF9505A67CF0DFB70C8D7BDC96A9ABA1D
                                                                                                SHA-512:3D6C2EEBA3113DDBFBCA37095025B426888EF655A8F32E549850B13F7F19F36E9FE535B2FF48698D3FE0E9BCFADCBB71F304D5E73342924E31F3FF971734B4A0
                                                                                                Malicious:false
                                                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                C:\Windows\SysWOW64\dfx11.ico

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                Category:dropped
                                                                                                Size (bytes):32988
                                                                                                Entropy (8bit):2.0838482936133116
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:ziLVjzfTmM5JJJjY4vCYYYRImnyRRjiacLqzD8:YrTp5JJJjYMCYYYRImnyRRWacLq
                                                                                                MD5:648D3F5E7778CA1F7983B246C264B0C9
                                                                                                SHA1:86E382BE934A39AACC78F4CA3AB82CCF1E5E6E4F
                                                                                                SHA-256:28F31663D6EA3161943737E0235EAC93D8DBDA241C925AD0FD72727F491274A0
                                                                                                SHA-512:3772C9DF9494AFBBC8CACE58E98446B913739395FD1DA005DCE09D3E806C772D6DEDD9C654083C64E3AA0D5450836708C65969B763D129DBB8BE33F213A31FBB
                                                                                                Malicious:false
                                                                                                Preview:......@@.... .(@..F... .... .(...n@........ .(....P........ .(....Y..(...@......... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\SysWOW64\fxsound.ico

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                Category:dropped
                                                                                                Size (bytes):32038
                                                                                                Entropy (8bit):2.096487496878294
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:MuoSQH7SQKSQ37izg88PE3gGDvfYduXX3XfAw0EYpR9THXXXbLom+vvvvChboTCy:NoREdWzgXPE35DvgAXXfABH3sNmKCwiW
                                                                                                MD5:F6822EF3F0A697D83A3F51D133E180DC
                                                                                                SHA1:AD9451A6195338DF5260150EFE2178CB0072EE2F
                                                                                                SHA-256:E350B7DA8FBD6798191FD591EFDA4D2B947BD2B48F8CFB54AC084D79FBBA14E4
                                                                                                SHA-512:493172B804679D518DC38267CBB45B0A3359BF254532089A28DBCD00EC9E5DB5D94BCE8EC504343E58419F351CABBCBC1C943B28923A5F31AA09DE4D362EE47F
                                                                                                Malicious:false
                                                                                                Preview:............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... ............................'...........................................................'............................................................................................................................................................................................................TTT.===.....###.zzz.zzz.###.....===.TTT.................'''.........ppp.....KKK.........KKK.....ppp.........'''.........'''.........ppp.....LLL.........LLL.....ppp.........'''.................MMM.ppp.....LLL.........LLL.....ppp.KKK.............................rrr.....LLL.........LLL.....rrr.................................mmm.....HHH.........HHH.....mmm.................................###.```.................aaa.###.............................................................................................................|||.|||.......................................................................................

                                                                                                C:\Windows\System32\DriverStore\Temp\{3ff6872b-9707-8c41-b67a-99b8257606f4}\SET74AB.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\drvinst.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):10590
                                                                                                Entropy (8bit):7.254430659006022
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:1OgjZ7OPJCbngEw9JPgXkhYCClQBcA5E8qnajEzHbC:18UuLh3Cl+x5E8l4zu
                                                                                                MD5:ACDAAE5D1219E7703285C42F774BE54D
                                                                                                SHA1:47DF82D8C843BF1ADC098A26E9E3E27217B3104D
                                                                                                SHA-256:25C8DAE186155D20F74FEEDEFB4F84161E4215925B8FD0C898F68F3E50EBCD7D
                                                                                                SHA-512:83B663222FB22B1760EA8551D19557F3F2905BFAC205B380B23DD7F2A65A37B851A3C3C345E4A768B76700BB891B97C96A0DBBB58D81358993293AD1EB3E300A
                                                                                                Malicious:false
                                                                                                Preview:0.)Z..*.H........)K0.)G...1.0...`.H.e......0.....+.....7......0...0...+.....7.....7.M&...A.f..B....210319161347Z0...+.....7.....0..?0....#..6yS{.I..^o.Q{.A.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0.... Kt=..].....&...m.ng..,.....Q...|1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... Kt=..].....&...m.ng..,.....Q...|0... ..\...{...*p$..B.F.C8..C.p....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..\...{...*p$..B.F.C8..C.p....0.....w7=-{x|<....8....O.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s......C0..?0....+.....7......0.....S.u.

                                                                                                C:\Windows\System32\DriverStore\Temp\{3ff6872b-9707-8c41-b67a-99b8257606f4}\SET74CC.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\drvinst.exe
                                                                                                File Type:Windows setup INFormation
                                                                                                Category:dropped
                                                                                                Size (bytes):5334
                                                                                                Entropy (8bit):5.628759224235533
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:3q9BSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3qzSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                MD5:328087CAF99B50D988A304BEEEA3FCE8
                                                                                                SHA1:23FFEF913679537BB049008F5E6F8E517BB24192
                                                                                                SHA-256:BA175CFDDD91B87BDDA3F1DF2A70249E1742E846B843381EB0438B70F91A110A
                                                                                                SHA-512:D006E8DE0F9258A3EE75723E458D635586040702C1357630F199CF5740C7E29D87FEFD4B869A897BDD26B67FAD134E6BF35A2C01C3A00ACC8BF20181D7DA1AA3
                                                                                                Malicious:false
                                                                                                Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/17/2021,14.1.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                C:\Windows\System32\DriverStore\Temp\{3ff6872b-9707-8c41-b67a-99b8257606f4}\SET74DC.tmp

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\drvinst.exe
                                                                                                File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):326656
                                                                                                Entropy (8bit):2.91036654915667
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:3Ft4aLqpAogNTiqwu2CvcCjikibqqqqqqqqqqqqqqqqqqqaFgNj////////////l:T45A/N8Cfjik6scccoFtr
                                                                                                MD5:EAF913C1DE47C2421669B662EDAA5A6A
                                                                                                SHA1:53524526E1898A90FA98AE02E662B9C0E6DC2848
                                                                                                SHA-256:425629B6309000013E8CD1A9B827BEE365D21C9F743873AADD0C3BC96A999D2A
                                                                                                SHA-512:BB674FEB73751172A1ACE65AAB89C5EBF952A07F7AF0F3EC1DADF357FF693230CF08910AE273E8335EEC35E5827DA6405272D05C161987DF679199935AF21A76
                                                                                                Malicious:false
                                                                                                Antivirus:
                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................X.......X.R.....X.......Rich....................PE..d....@R`.........."......6..........0..........@............................. ......cM....`A....................................................<........|...@...........$..........8)..8...........................p)............... ...............................text...)........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@.......(..............@..HPAGE....J'...P...(...,.............. ..`INIT.................T.............. ..b.rsrc....|.......~...X..............@..B.reloc..............................@..B........................................................................................................................................................................................

                                                                                                C:\Windows\System32\catroot2\dberr.txt

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\drvinst.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:modified
                                                                                                Size (bytes):3475
                                                                                                Entropy (8bit):5.366437877512871
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:QO00eO00erMwUgWUg0B1kE3ZhpJp8ZpkRepk34pWpKY:QO00eO00erMwmkB1kAN
                                                                                                MD5:7498D9BC5DE4D57F359EC260EF754E96
                                                                                                SHA1:68FA97CB11D6D7B7BA9CC35533F837A3DD289CF3
                                                                                                SHA-256:BB7CB5F2EE933B1A90819127240091BB1194D8D1A68676768C12073DEE2802B0
                                                                                                SHA-512:C4AD2CB3BA5B2E4024F9CD3E5D39787979F625D7DEF31B25951B90E243FA155E89D9F891FE01A4EE7EA82C69804EBD4032C49E25D1E7F4994D69D978B6F2EFA3
                                                                                                Malicious:false
                                                                                                Preview:CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta

                                                                                                C:\Windows\Temp\~DF0857418BF7D08EF3.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.7439289039084647
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:F8PhauRc06WX4YFT5QwVsjXd0V2AEkrCyAaMpWSkd0VoMpXxdvyFFDnha50bw8pr:oha1oFTy2RCCVT6DEna5chRCU5
                                                                                                MD5:921734618A91955CEFC5C7FD3B080655
                                                                                                SHA1:80C029E25EEB00453FBF6BF90BDB263568F222EA
                                                                                                SHA-256:E3E44C457F6D97DDB08F8CB4DABAEF3A515DA4D44AA3646B3E4E5D7C8C95A402
                                                                                                SHA-512:D6655A9ECF76DC736870FEE32971977C0943CF2624CED25AE143E5B3E2D8261A5477EA88D7F92FF1978EF243B2F946C2DABAC392FF7198DB23581D2A6E7D2203
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF1C84EF5B3280C170.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):1.3831985654688133
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:zPyuWpthPIFX4dT53bwVsjXd0V2AEkrCyAaMpWSkd0VoMpXxdvyFFDnha50bw8pr:DyjlI+T5P2RCCVT6DEna5chRCU5
                                                                                                MD5:36E0D13BC2D67505A84385C3EE5665B9
                                                                                                SHA1:8A0BE33D023642C7FA483BFF3F35F848EF92C5EE
                                                                                                SHA-256:F87E9530AC3B01EF6CA55D87F8F4F3423DA22430CDA1FB6C12DE1C2475FFC435
                                                                                                SHA-512:4DB495F71323285E1D64FC168BA86C4FF7174558E4F547919B378AAF1298DAACFE63E80EF20B440AB96E49C8AEC031FE1AD7397A09ACC89A8D87BE1922C254B1
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF290EDE45EC4D945E.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF2F2895A7B6CFCA8A.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):1.3831985654688133
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:zPyuWpthPIFX4dT53bwVsjXd0V2AEkrCyAaMpWSkd0VoMpXxdvyFFDnha50bw8pr:DyjlI+T5P2RCCVT6DEna5chRCU5
                                                                                                MD5:36E0D13BC2D67505A84385C3EE5665B9
                                                                                                SHA1:8A0BE33D023642C7FA483BFF3F35F848EF92C5EE
                                                                                                SHA-256:F87E9530AC3B01EF6CA55D87F8F4F3423DA22430CDA1FB6C12DE1C2475FFC435
                                                                                                SHA-512:4DB495F71323285E1D64FC168BA86C4FF7174558E4F547919B378AAF1298DAACFE63E80EF20B440AB96E49C8AEC031FE1AD7397A09ACC89A8D87BE1922C254B1
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF5728140EA2C7E4B5.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):1.3831985654688133
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:zPyuWpthPIFX4dT53bwVsjXd0V2AEkrCyAaMpWSkd0VoMpXxdvyFFDnha50bw8pr:DyjlI+T5P2RCCVT6DEna5chRCU5
                                                                                                MD5:36E0D13BC2D67505A84385C3EE5665B9
                                                                                                SHA1:8A0BE33D023642C7FA483BFF3F35F848EF92C5EE
                                                                                                SHA-256:F87E9530AC3B01EF6CA55D87F8F4F3423DA22430CDA1FB6C12DE1C2475FFC435
                                                                                                SHA-512:4DB495F71323285E1D64FC168BA86C4FF7174558E4F547919B378AAF1298DAACFE63E80EF20B440AB96E49C8AEC031FE1AD7397A09ACC89A8D87BE1922C254B1
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DF98419660BF9698F8.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                Category:dropped
                                                                                                Size (bytes):20480
                                                                                                Entropy (8bit):1.7439289039084647
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:F8PhauRc06WX4YFT5QwVsjXd0V2AEkrCyAaMpWSkd0VoMpXxdvyFFDnha50bw8pr:oha1oFTy2RCCVT6DEna5chRCU5
                                                                                                MD5:921734618A91955CEFC5C7FD3B080655
                                                                                                SHA1:80C029E25EEB00453FBF6BF90BDB263568F222EA
                                                                                                SHA-256:E3E44C457F6D97DDB08F8CB4DABAEF3A515DA4D44AA3646B3E4E5D7C8C95A402
                                                                                                SHA-512:D6655A9ECF76DC736870FEE32971977C0943CF2624CED25AE143E5B3E2D8261A5477EA88D7F92FF1978EF243B2F946C2DABAC392FF7198DB23581D2A6E7D2203
                                                                                                Malicious:false
                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFB10A21757FFD0075.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):73728
                                                                                                Entropy (8bit):0.2040396962928848
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:1b42u9d0V2AEkrCyAsSkd0Vxd0V2AEkrCyAaMpWSkd0VoMpXxdvyFFDnha50bw8r:1HRCULRCCVT6DEna5cI
                                                                                                MD5:091A078AEE72CB2563E579FD99087E07
                                                                                                SHA1:81B85927E82D2BAE97CEC6F49D039B5D58BE3B68
                                                                                                SHA-256:18A43BD87040F309725A2532B3BA23A546D3030D8A495A4166B8366084D7628E
                                                                                                SHA-512:BB711518C0FAEB65D09653B60655540CC299025CA751EAC20EFA3C1401624E923AFAA6A6EBA269380CE52F752A2F7A027FF5DCEC6007077EA36998EF4E3CFF64
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFBFB0377FD8239246.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):32768
                                                                                                Entropy (8bit):0.09949761863524546
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:xPLG7iVCnLG7iVrKOzPLHKOccUtKm05wqpmrggX/qUXtl6Vky6lhJlw:50i8n0itFzDHFc3lmNpECU9rdw
                                                                                                MD5:C78A3DADB9078FA503230CC7CF4026C0
                                                                                                SHA1:C0746492841A530A7BE84111130D09704DC70BEA
                                                                                                SHA-256:1BE8F6C9CF44FA8638979DB141739C24244E96BC069EB09FF755E0690D78BF28
                                                                                                SHA-512:16B62DA427418959D12D9F55DB1E9E5ED5913985FD6A8F198E4574E250184503491D57819E9A1675C2B9C9F433E853F110AFD0B3D23C91DAAF9CD1005C65AB79
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFC1987B37E807CFFE.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFF07923DCC229CDA1.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFFD8B0217620714ED.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                C:\Windows\Temp\~DFFF457B161BD62039.TMP

                                                                                                Download File
                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):512
                                                                                                Entropy (8bit):0.0
                                                                                                Encrypted:false
                                                                                                SSDEEP:3::
                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                Malicious:false
                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                Entropy (8bit):7.917799875281958
                                                                                                TrID:
                                                                                                • Win32 Executable (generic) a (10002005/4) 98.81%
                                                                                                • Windows ActiveX control (116523/4) 1.15%
                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                File name:fxsound_setup.exe
                                                                                                File size:46'914'960 bytes
                                                                                                MD5:9ea725e3e3bc82249957cc00b74c4882
                                                                                                SHA1:3291c62ff7f044dabe2809317df09ae451384cd1
                                                                                                SHA256:3541df625affa384feacf3cd3d64c47d2372eab9a2055d57dde08afe7f85862c
                                                                                                SHA512:a9530ec03f952e38f51cb2af65ebc72d577322b63031ce6279085116ac413574ccfd839774195d50cd0909525e1ec403b40d4d5738b1ef2b5ec3af916d339234
                                                                                                SSDEEP:786432:+LehHAuWfgcKbjylyM5fZFKlG4GjIKNnSTAk5jDSUfzTm8/t4zdahXZBHHAIK:+KOuG1KEyM5fZdxjIKNnEZDFLf/SJ+XO
                                                                                                TLSH:B6A71231368AC537C57A01B01A2CDABB556CBE760B7154CB73C82D2F6AB49C21736E27
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w._.3.1.3.1.3.1...2.>.1...4...1...7.2.1.S.5. .1.S.2.+.1.Q.4.0.1.S.4.V.1...5.).1...0.0.1...6.2.1.3.0...1.W.8.~.1.W...2.1.3...2.1

                                                                                                File Icon

                                                                                                Icon Hash:45927168a2920045

                                                                                                Static PE Info

                                                                                                General

                                                                                                Entrypoint:0x5b51a4
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:true
                                                                                                Imagebase:0x400000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                Time Stamp:0x62E7A72C [Mon Aug 1 10:13:00 2022 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:6
                                                                                                OS Version Minor:0
                                                                                                File Version Major:6
                                                                                                File Version Minor:0
                                                                                                Subsystem Version Major:6
                                                                                                Subsystem Version Minor:0
                                                                                                Import Hash:d23703a6f12b30c40e0b3bc256b113cd

                                                                                                Authenticode Signature

                                                                                                Signature Valid:true
                                                                                                Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                Signature Validation Error:The operation completed successfully
                                                                                                Error Number:0
                                                                                                Not Before, Not After
                                                                                                • 09/05/2023 02:00:00 09/05/2024 01:59:59
                                                                                                Subject Chain
                                                                                                • CN="FxSound, LLC", O="FxSound, LLC", L=Mill Valley, S=California, C=US, SERIALNUMBER=201721910237, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US
                                                                                                Version:3
                                                                                                Thumbprint MD5:904606D5FE879BF037251B7E13C1CAE7
                                                                                                Thumbprint SHA-1:913A9CB96D6560245DEC2055995CEF6441EA4B9F
                                                                                                Thumbprint SHA-256:5EEDD80D7AA6E117DE4C5FAE1EA018DEA0C96F735635D2FE457A8CE7FDECED5F
                                                                                                Serial:05CB73BD02C1F64ED47434A5D279074D

                                                                                                Entrypoint Preview

                                                                                                Instruction
                                                                                                call 00007F65DCC1D8EFh
                                                                                                jmp 00007F65DCC1D12Fh
                                                                                                mov ecx, dword ptr [ebp-0Ch]
                                                                                                mov dword ptr fs:[00000000h], ecx
                                                                                                pop ecx
                                                                                                pop edi
                                                                                                pop edi
                                                                                                pop esi
                                                                                                pop ebx
                                                                                                mov esp, ebp
                                                                                                pop ebp
                                                                                                push ecx
                                                                                                ret
                                                                                                mov ecx, dword ptr [ebp-10h]
                                                                                                xor ecx, ebp
                                                                                                call 00007F65DCC1C783h
                                                                                                jmp 00007F65DCC1D292h
                                                                                                push eax
                                                                                                push dword ptr fs:[00000000h]
                                                                                                lea eax, dword ptr [esp+0Ch]
                                                                                                sub esp, dword ptr [esp+0Ch]
                                                                                                push ebx
                                                                                                push esi
                                                                                                push edi
                                                                                                mov dword ptr [eax], ebp
                                                                                                mov ebp, eax
                                                                                                mov eax, dword ptr [006C1024h]
                                                                                                xor eax, ebp
                                                                                                push eax
                                                                                                push dword ptr [ebp-04h]
                                                                                                mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                mov dword ptr fs:[00000000h], eax
                                                                                                ret
                                                                                                push eax
                                                                                                push dword ptr fs:[00000000h]
                                                                                                lea eax, dword ptr [esp+0Ch]
                                                                                                sub esp, dword ptr [esp+0Ch]
                                                                                                push ebx
                                                                                                push esi
                                                                                                push edi
                                                                                                mov dword ptr [eax], ebp
                                                                                                mov ebp, eax
                                                                                                mov eax, dword ptr [006C1024h]
                                                                                                xor eax, ebp
                                                                                                push eax
                                                                                                mov dword ptr [ebp-10h], eax
                                                                                                push dword ptr [ebp-04h]
                                                                                                mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                mov dword ptr fs:[00000000h], eax
                                                                                                ret
                                                                                                push eax
                                                                                                push dword ptr fs:[00000000h]
                                                                                                lea eax, dword ptr [esp+0Ch]
                                                                                                sub esp, dword ptr [esp+0Ch]
                                                                                                push ebx
                                                                                                push esi
                                                                                                push edi
                                                                                                mov dword ptr [eax], ebp
                                                                                                mov ebp, eax
                                                                                                mov eax, dword ptr [006C1024h]
                                                                                                xor eax, ebp
                                                                                                push eax
                                                                                                mov dword ptr [ebp-10h], esp
                                                                                                push dword ptr [ebp-04h]
                                                                                                mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                lea eax, dword ptr [ebp-0Ch]
                                                                                                mov dword ptr fs:[00000000h], eax

                                                                                                Data Directories

                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x2bf5ec0x28.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x2ca0000x29368.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x2cbb3f80x2998
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x2f40000x26810.reloc
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x267c580x70.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x267d000x18.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x23afa80x40.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x2390000x2cc.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2bc9980x260.rdata
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                Sections

                                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x10000x237b1f0x237c00unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .rdata0x2390000x8762c0x87800False0.31338827548431736data4.6063411973791215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .data0x2c10000x8d240x6c00False0.14344618055555555PGP symmetric key encrypted data - Plaintext or unencrypted data salted & iterated -2.9234755461718365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                .rsrc0x2ca0000x293680x29400False0.13069957386363637data4.907014416952871IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .reloc0x2f40000x268100x26a00False0.4470507180420712data6.513793248957895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                Resources

                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                IMAGE_FILE0x2cac700x6ISO-8859 text, with no line terminatorsEnglishUnited States2.1666666666666665
                                                                                                IMAGE_FILE0x2cac780x6ISO-8859 text, with no line terminatorsEnglishUnited States2.1666666666666665
                                                                                                RTF_FILE0x2cac800xa1Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033EnglishUnited States0.906832298136646
                                                                                                RTF_FILE0x2cad240x2e9Rich Text Format data, version 1, ANSI, code page 1252EnglishUnited States0.5503355704697986
                                                                                                RT_BITMAP0x2cb0100x13eDevice independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 5 important colorsEnglishUnited States0.25471698113207547
                                                                                                RT_BITMAP0x2cb1500x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.03017241379310345
                                                                                                RT_BITMAP0x2cb9780x48a8Device independent bitmap graphic, 290 x 16 x 32, image size 0EnglishUnited States0.11881720430107527
                                                                                                RT_BITMAP0x2d02200xa6aDevice independent bitmap graphic, 320 x 16 x 4, image size 2562, resolution 2834 x 2834 px/mEnglishUnited States0.21680420105026257
                                                                                                RT_BITMAP0x2d0c8c0x152Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 10 important colorsEnglishUnited States0.5295857988165681
                                                                                                RT_BITMAP0x2d0de00x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.4875478927203065
                                                                                                RT_ICON0x2d16080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.2579787234042553
                                                                                                RT_ICON0x2d1a700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.11890243902439024
                                                                                                RT_ICON0x2d2b180x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.07811203319502075
                                                                                                RT_ICON0x2d50c00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2834 x 2834 px/mEnglishUnited States0.059931506849315065
                                                                                                RT_ICON0x2d92e80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.3262411347517731
                                                                                                RT_MENU0x2d97500x5cdataEnglishUnited States0.8478260869565217
                                                                                                RT_MENU0x2d97ac0x2adataEnglishUnited States1.0714285714285714
                                                                                                RT_DIALOG0x2d97d80xacdataEnglishUnited States0.7151162790697675
                                                                                                RT_DIALOG0x2d98840x2a6dataEnglishUnited States0.5132743362831859
                                                                                                RT_DIALOG0x2d9b2c0x3b4dataEnglishUnited States0.43248945147679324
                                                                                                RT_DIALOG0x2d9ee00xbcdataEnglishUnited States0.7180851063829787
                                                                                                RT_DIALOG0x2d9f9c0x204dataEnglishUnited States0.560077519379845
                                                                                                RT_DIALOG0x2da1a00x282dataEnglishUnited States0.48598130841121495
                                                                                                RT_DIALOG0x2da4240xccdataEnglishUnited States0.6911764705882353
                                                                                                RT_DIALOG0x2da4f00x146dataEnglishUnited States0.5736196319018405
                                                                                                RT_DIALOG0x2da6380x226dataEnglishUnited States0.4690909090909091
                                                                                                RT_DIALOG0x2da8600x388dataEnglishUnited States0.45464601769911506
                                                                                                RT_DIALOG0x2dabe80x1b4dataEnglishUnited States0.5458715596330275
                                                                                                RT_DIALOG0x2dad9c0x136dataEnglishUnited States0.6064516129032258
                                                                                                RT_DIALOG0x2daed40x4cdataEnglishUnited States0.8289473684210527
                                                                                                RT_STRING0x2daf200x45cdataEnglishUnited States0.3844086021505376
                                                                                                RT_STRING0x2db37c0x344dataEnglishUnited States0.37320574162679426
                                                                                                RT_STRING0x2db6c00x2f8dataEnglishUnited States0.4039473684210526
                                                                                                RT_STRING0x2db9b80x598dataEnglishUnited States0.2807262569832402
                                                                                                RT_STRING0x2dbf500x3aaStarOffice Gallery theme i, 1627418368 objects, 1st nEnglishUnited States0.4211087420042644
                                                                                                RT_STRING0x2dc2fc0x5c0dataEnglishUnited States0.3498641304347826
                                                                                                RT_STRING0x2dc8bc0x568dataEnglishUnited States0.32875722543352603
                                                                                                RT_STRING0x2dce240x164dataEnglishUnited States0.5421348314606742
                                                                                                RT_STRING0x2dcf880x520dataEnglishUnited States0.39176829268292684
                                                                                                RT_STRING0x2dd4a80x1a0dataEnglishUnited States0.45913461538461536
                                                                                                RT_STRING0x2dd6480x18adataEnglishUnited States0.5228426395939086
                                                                                                RT_STRING0x2dd7d40x216Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.46254681647940077
                                                                                                RT_STRING0x2dd9ec0x624dataEnglishUnited States0.3575063613231552
                                                                                                RT_STRING0x2de0100x660dataEnglishUnited States0.3474264705882353
                                                                                                RT_STRING0x2de6700x2e2dataEnglishUnited States0.4037940379403794
                                                                                                RT_GROUP_ICON0x2de9540x3edataEnglishUnited States0.7903225806451613
                                                                                                RT_VERSION0x2de9940x2e8dataEnglishUnited States0.4543010752688172
                                                                                                RT_HTML0x2dec7c0x3835ASCII text, with very long lines (443), with CRLF line terminatorsEnglishUnited States0.08298005420807561
                                                                                                RT_HTML0x2e24b40x1316ASCII text, with CRLF line terminatorsEnglishUnited States0.18399508800654932
                                                                                                RT_HTML0x2e37cc0x52bHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.36281179138321995
                                                                                                RT_HTML0x2e3cf80x6acdHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10679931238798873
                                                                                                RT_HTML0x2ea7c80x6a2HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3486454652532391
                                                                                                RT_HTML0x2eae6c0x104aHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.2170263788968825
                                                                                                RT_HTML0x2ebeb80x15b1HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.17612101566720692
                                                                                                RT_HTML0x2ed46c0x205cexported SGML document, ASCII text, with very long lines (659), with CRLF line terminatorsEnglishUnited States0.13604538870111058
                                                                                                RT_HTML0x2ef4c80x368dHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10834228428213391
                                                                                                RT_MANIFEST0x2f2b580x80fXML 1.0 document, ASCII text, with CRLF, LF line terminatorsEnglishUnited States0.40814348036839554

                                                                                                Imports

                                                                                                DLLImport
                                                                                                KERNEL32.dllCreateFileW, CloseHandle, WriteFile, DeleteFileW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, CreateEventExW, WaitForSingleObject, SetEvent, RemoveDirectoryW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, MoveFileW, GetLastError, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetCurrentThreadId, RaiseException, SetLastError, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpW, CreateEventW, FindClose, FindFirstFileW, GetFullPathNameW, InitializeCriticalSection, lstrcpynW, CreateThread, GetProcAddress, LoadLibraryExW, GetCurrentProcess, Sleep, WideCharToMultiByte, GetDiskFreeSpaceExW, DecodePointer, GetExitCodeThread, GetCurrentProcessId, FreeLibrary, GetSystemDirectoryW, lstrlenW, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, GetModuleHandleW, LoadLibraryW, GetDriveTypeW, CompareStringW, FindNextFileW, GetLogicalDriveStringsW, GetFileSize, GetFileAttributesW, GetShortPathNameW, SetFileAttributesW, GetFileTime, CopyFileW, ReadFile, SetFilePointer, SystemTimeToFileTime, MultiByteToWideChar, GetSystemInfo, WaitForMultipleObjects, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, SetUnhandledExceptionFilter, FileTimeToSystemTime, GetEnvironmentVariableW, GetSystemTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, CreateProcessW, GetExitCodeProcess, GetWindowsDirectoryW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetEnvironmentStringsW, LocalFree, InitializeCriticalSectionEx, LoadLibraryA, GetModuleFileNameA, GetCurrentThread, GetConsoleOutputCP, FlushFileBuffers, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, IsWow64Process, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, OutputDebugStringW, GetTickCount, GetCommandLineW, SetCurrentDirectoryW, SetEndOfFile, EnumResourceLanguagesW, GetSystemDefaultLangID, GetUserDefaultLangID, GetLocalTime, ResetEvent, GlobalFree, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, CreateNamedPipeW, ConnectNamedPipe, TerminateThread, LocalAlloc, CompareFileTime, CopyFileExW, OpenEventW, PeekNamedPipe, WaitForSingleObjectEx, QueryPerformanceCounter, QueryPerformanceFrequency, EncodePointer, LCMapStringEx, CompareStringEx, GetCPInfo, GetSystemTimeAsFileTime, IsDebuggerPresent, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, ExitProcess, GetFileType, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, ReadConsoleW, WriteConsoleW

                                                                                                Possible Origin

                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                EnglishUnited States

                                                                                                Network Behavior

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Nov 16, 2023 15:34:04.863605022 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:04.863646030 CET4434971245.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:04.863766909 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:04.883506060 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:04.883524895 CET4434971245.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:05.236989975 CET4434971245.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:05.237304926 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.373337984 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.373374939 CET4434971245.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:05.373759031 CET4434971245.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:05.375215054 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.381645918 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.429260969 CET4434971245.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:05.586312056 CET4434971245.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:05.586381912 CET4434971245.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:05.586447954 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.586447954 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.586524963 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.586536884 CET4434971245.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:05.586736917 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.586736917 CET49712443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.767584085 CET49713443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.767608881 CET4434971345.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:05.768234015 CET49713443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.768234015 CET49713443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:05.768270016 CET4434971345.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:06.117985964 CET4434971345.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:06.118102074 CET49713443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:06.122416019 CET49713443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:06.122427940 CET4434971345.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:06.122724056 CET4434971345.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:06.122797966 CET49713443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:06.123240948 CET49713443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:06.169258118 CET4434971345.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:06.485439062 CET4434971345.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:06.485557079 CET49713443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:06.485578060 CET4434971345.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:06.485629082 CET49713443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:06.485790014 CET49713443192.168.2.1145.79.74.123
                                                                                                Nov 16, 2023 15:34:06.485831022 CET4434971345.79.74.123192.168.2.11
                                                                                                Nov 16, 2023 15:34:06.485882998 CET49713443192.168.2.1145.79.74.123

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Nov 16, 2023 15:34:04.608315945 CET6015453192.168.2.111.1.1.1
                                                                                                Nov 16, 2023 15:34:04.853310108 CET53601541.1.1.1192.168.2.11
                                                                                                Nov 16, 2023 15:34:05.608823061 CET5510153192.168.2.111.1.1.1
                                                                                                Nov 16, 2023 15:34:05.766297102 CET53551011.1.1.1192.168.2.11

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Nov 16, 2023 15:34:04.608315945 CET192.168.2.111.1.1.10x6b82Standard query (0)download.fxsound.comA (IP address)IN (0x0001)false
                                                                                                Nov 16, 2023 15:34:05.608823061 CET192.168.2.111.1.1.10xa649Standard query (0)drive.fxsound.comA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Nov 16, 2023 15:34:04.853310108 CET1.1.1.1192.168.2.110x6b82No error (0)download.fxsound.com45.79.74.123A (IP address)IN (0x0001)false
                                                                                                Nov 16, 2023 15:34:05.766297102 CET1.1.1.1192.168.2.110xa649No error (0)drive.fxsound.com45.79.74.123A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • download.fxsound.com
                                                                                                • drive.fxsound.com

                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                0192.168.2.114971245.79.74.123443C:\Program Files\FxSound LLC\FxSound\updater.exe
                                                                                                TimestampkBytes transferredDirectionData
                                                                                                2023-11-16 14:34:05 UTC0OUTGET /updates HTTP/1.1
                                                                                                Accept: */*
                                                                                                User-Agent: AdvancedInstaller
                                                                                                Host: download.fxsound.com
                                                                                                Connection: Keep-Alive
                                                                                                Cache-Control: no-cache
                                                                                                2023-11-16 14:34:05 UTC0INHTTP/1.1 301 Moved Permanently
                                                                                                Date: Thu, 16 Nov 2023 14:34:05 GMT
                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                X-Robots-Tag: noindex
                                                                                                Location: https://drive.fxsound.com/cs/sgMPaBYtQvliu88/downloads3.fxsound.com/fxsound/1.1.20.0/updates.txt/download
                                                                                                Cache-Control: no-cache, no-store, must-revalidate
                                                                                                Pragma: no-cache
                                                                                                Expires: 0
                                                                                                Content-Length: 0
                                                                                                Connection: close
                                                                                                Content-Type: text/html; charset=UTF-8


                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                1192.168.2.114971345.79.74.123443C:\Program Files\FxSound LLC\FxSound\updater.exe
                                                                                                TimestampkBytes transferredDirectionData
                                                                                                2023-11-16 14:34:06 UTC0OUTGET /cs/sgMPaBYtQvliu88/downloads3.fxsound.com/fxsound/1.1.20.0/updates.txt/download HTTP/1.1
                                                                                                Accept: */*
                                                                                                User-Agent: AdvancedInstaller
                                                                                                Connection: Keep-Alive
                                                                                                Cache-Control: no-cache
                                                                                                Host: drive.fxsound.com
                                                                                                2023-11-16 14:34:06 UTC0INHTTP/1.1 200 OK
                                                                                                Date: Thu, 16 Nov 2023 14:34:06 GMT
                                                                                                Server: Apache/2.4.41 (Ubuntu)
                                                                                                Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                X-Content-Type-Options: nosniff
                                                                                                X-XSS-Protection: 0
                                                                                                X-Robots-Tag: none
                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                X-Download-Options: noopen
                                                                                                X-Permitted-Cross-Domain-Policies: none
                                                                                                Set-Cookie: ocfcwscwqbns=9cm2jjlj4aqfvc2culmn943jn4; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                Expires: 0
                                                                                                Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
                                                                                                Pragma: public
                                                                                                Set-Cookie: oc_sessionPassphrase=A%2FuKi%2BxlfYXsy8phVcMjmAaNJOeqj9ck8u5%2BU%2Fvp3YgOlOe98pRee9ct0ILE0E3jJtc2LrIvMgBCj%2BMCbjaQBOrlO9etRQatci7fuBvN%2B54xwIKBulDq4J6MFgGy0hHF; path=/; secure; HttpOnly; SameSite=Strict
                                                                                                Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *
                                                                                                Content-Disposition: attachment; filename*=UTF-8''updates.txt; filename="updates.txt"
                                                                                                Content-Transfer-Encoding: binary
                                                                                                Content-Length: 497
                                                                                                Vary: Accept-Encoding
                                                                                                Connection: close
                                                                                                Content-Type: text/plain;charset=UTF-8
                                                                                                2023-11-16 14:34:06 UTC1INData Raw: 3b 61 69 75 3b 0d 0a 0d 0a 5b 55 70 64 61 74 65 5d 0d 0a 4e 61 6d 65 20 3d 20 46 78 53 6f 75 6e 64 0d 0a 50 72 6f 64 75 63 74 56 65 72 73 69 6f 6e 20 3d 20 31 2e 31 2e 32 30 2e 30 0d 0a 55 52 4c 20 3d 20 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 2e 66 78 73 6f 75 6e 64 2e 63 6f 6d 2f 66 78 73 6f 75 6e 64 6c 61 74 65 73 74 0d 0a 55 52 4c 31 20 3d 20 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 33 2e 66 78 73 6f 75 6e 64 2e 63 6f 6d 2f 66 78 73 6f 75 6e 64 2f 32 2f 66 78 73 6f 75 6e 64 5f 73 65 74 75 70 2e 65 78 65 0d 0a 53 69 7a 65 20 3d 20 34 36 39 31 34 39 36 30 0d 0a 53 48 41 32 35 36 20 3d 20 33 35 34 31 44 46 36 32 35 41 46 46 41 33 38 34 46 45 41 43 46 33 43 44 33 44 36 34 43 34 37 44 32 33 37 32 45 41 42 39 41 32 30 35 35 44 35 37 44 44
                                                                                                Data Ascii: ;aiu;[Update]Name = FxSoundProductVersion = 1.1.20.0URL = https://download.fxsound.com/fxsoundlatestURL1 = https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exeSize = 46914960SHA256 = 3541DF625AFFA384FEACF3CD3D64C47D2372EAB9A2055D57DD


                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:15:33:41
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                Imagebase:0x7c0000
                                                                                                File size:46'914'960 bytes
                                                                                                MD5 hash:9EA725E3E3BC82249957CC00B74C4882
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:2
                                                                                                Start time:15:33:43
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                Imagebase:0x7ff7c50b0000
                                                                                                File size:69'632 bytes
                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:3
                                                                                                Start time:15:33:44
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 6BF8E8F0E65A9BE676F944F6B1AD6904 C
                                                                                                Imagebase:0x180000
                                                                                                File size:59'904 bytes
                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:4
                                                                                                Start time:15:33:44
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.x64.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\fxsound_setup.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1700145085 " AI_EUIMSI="
                                                                                                Imagebase:0x180000
                                                                                                File size:59'904 bytes
                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:5
                                                                                                Start time:15:33:45
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 50F48E14FB205B68BFB05310562FC39D
                                                                                                Imagebase:0x180000
                                                                                                File size:59'904 bytes
                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:7
                                                                                                Start time:15:33:51
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove *DFX12
                                                                                                Imagebase:0x7ff766810000
                                                                                                File size:269'720 bytes
                                                                                                MD5 hash:87EAD9C6CD7486421E3142B2A6480F8E
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Antivirus matches:
                                                                                                • Detection: 0%, ReversingLabs
                                                                                                • Detection: 0%, Virustotal, Browse
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:8
                                                                                                Start time:15:33:51
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff68cce0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:9
                                                                                                Start time:15:33:51
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" check
                                                                                                Imagebase:0xd50000
                                                                                                File size:66'968 bytes
                                                                                                MD5 hash:EFE3CF96899C9D9CC25815F88E9466E2
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Antivirus matches:
                                                                                                • Detection: 0%, ReversingLabs
                                                                                                • Detection: 0%, Virustotal, Browse
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:10
                                                                                                Start time:15:33:51
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff68cce0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:11
                                                                                                Start time:15:33:53
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" install "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.inf
                                                                                                Imagebase:0x7ff766810000
                                                                                                File size:269'720 bytes
                                                                                                MD5 hash:87EAD9C6CD7486421E3142B2A6480F8E
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:12
                                                                                                Start time:15:33:53
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff68cce0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:13
                                                                                                Start time:15:33:54
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                                                                Imagebase:0x7ff68dea0000
                                                                                                File size:55'320 bytes
                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:14
                                                                                                Start time:15:33:54
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\System32\drvinst.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{b9e6171e-db51-354e-8520-b3defe7fbf71}\fxvad.inf" "9" "4143399a7" "0000000000000158" "WinSta0\Default" "000000000000016C" "208" "c:\program files\fxsound llc\fxsound\drivers\win10\x64"
                                                                                                Imagebase:0x7ff71c3e0000
                                                                                                File size:337'920 bytes
                                                                                                MD5 hash:294990C88B9D1FE0A54A1FA8BF4324D9
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:16
                                                                                                Start time:15:33:59
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\System32\drvinst.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:ed86ca115cc2c934:DFX_Device:14.1.0.0:root\fxvad," "4143399a7" "0000000000000184"
                                                                                                Imagebase:0x7ff71c3e0000
                                                                                                File size:337'920 bytes
                                                                                                MD5 hash:294990C88B9D1FE0A54A1FA8BF4324D9
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:moderate
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:17
                                                                                                Start time:15:34:01
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /f
                                                                                                Imagebase:0x300000
                                                                                                File size:187'904 bytes
                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:18
                                                                                                Start time:15:34:01
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                Imagebase:0x7ff68cce0000
                                                                                                File size:862'208 bytes
                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:19
                                                                                                Start time:15:34:02
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Program Files\FxSound LLC\FxSound\FxSound.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Program Files\FxSound LLC\FxSound\\FxSound.exe" @
                                                                                                Imagebase:0x7ff71ec80000
                                                                                                File size:4'595'096 bytes
                                                                                                MD5 hash:0A1E1E6B90FE62B9011393501BEF58D7
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Antivirus matches:
                                                                                                • Detection: 0%, ReversingLabs
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:20
                                                                                                Start time:15:34:02
                                                                                                Start date:16/11/2023
                                                                                                Path:C:\Program Files\FxSound LLC\FxSound\updater.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files\FxSound LLC\FxSound\updater.exe" /silent
                                                                                                Imagebase:0x460000
                                                                                                File size:1'057'176 bytes
                                                                                                MD5 hash:BC7B29CD513AEC979CEFBF30E6D68A01
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Antivirus matches:
                                                                                                • Detection: 0%, ReversingLabs
                                                                                                Has exited:true

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:6.2%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:15.1%
                                                                                                  Total number of Nodes:1020
                                                                                                  Total number of Limit Nodes:29
                                                                                                  execution_graph 50821 92c810 50832 92bf60 50821->50832 50824 92c83a 50841 92c8e0 50824->50841 50833 7c7160 44 API calls 50832->50833 50834 92bf78 50833->50834 50835 92bf90 50834->50835 50930 7c78a0 50834->50930 50838 92bfb1 50835->50838 50934 92e2d0 44 API calls std::ios_base::_Ios_base_dtor 50835->50934 50840 92bfd2 50838->50840 50935 7c8580 44 API calls 2 library calls 50838->50935 50840->50824 50918 7c7160 50840->50918 50842 92ccc1 50841->50842 50843 92c92a 50841->50843 50960 97469a 50842->50960 50844 7c7160 44 API calls 50843->50844 50846 92c950 50844->50846 50848 92cb3d 50846->50848 50871 92c95f std::ios_base::_Ios_base_dtor 50846->50871 50847 92c84a 50881 92ccf0 50847->50881 50849 7c7050 44 API calls 50848->50849 50850 92ca87 50849->50850 50943 7c8d60 50850->50943 50853 7c7050 44 API calls 50853->50871 50855 7c7160 44 API calls 50855->50871 50859 92caca 50860 7c78a0 44 API calls 50859->50860 50862 92cad6 50860->50862 50861 7c8e00 44 API calls 50861->50871 50863 7c78a0 44 API calls 50862->50863 50864 92cae2 50863->50864 50865 7c7050 44 API calls 50864->50865 50880 92cb19 std::ios_base::_Ios_base_dtor 50864->50880 50867 92caf5 50865->50867 50866 7c78a0 44 API calls 50866->50871 50869 7c7050 44 API calls 50867->50869 50868 92cc66 50872 7c78a0 44 API calls 50868->50872 50869->50880 50870 92cce1 50873 979b1f std::_Throw_Cpp_error 44 API calls 50870->50873 50871->50850 50871->50853 50871->50855 50871->50861 50871->50866 50871->50870 50967 7f10e0 44 API calls 50871->50967 50872->50842 50875 92cce6 50873->50875 50874 7c7160 44 API calls 50874->50880 50877 7c8e00 44 API calls 50877->50880 50878 7c7050 44 API calls 50878->50880 50879 7c78a0 44 API calls 50879->50880 50880->50868 50880->50870 50880->50874 50880->50877 50880->50878 50880->50879 50968 7f10e0 44 API calls 50880->50968 50884 92cd31 50881->50884 50886 92cd38 50881->50886 50882 97469a _ValidateLocalCookies 5 API calls 50883 92c851 50882->50883 50891 92ced0 50883->50891 50884->50882 50885 92ce01 50885->50884 51004 97ec1e 54 API calls 50885->51004 51005 92e4a0 45 API calls std::locale::_Locimp::_Locimp 50885->51005 50886->50885 50886->50886 50888 7c7160 44 API calls 50886->50888 51003 7fa570 44 API calls 50886->51003 50888->50886 50892 92d7da 50891->50892 50912 92cf30 std::ios_base::_Ios_base_dtor __set_se_translator 50891->50912 50893 97469a _ValidateLocalCookies 5 API calls 50892->50893 50894 92c85c 50893->50894 50895 9746d9 std::_Facet_Register 2 API calls 50895->50912 50901 92e190 45 API calls 50901->50912 50902 7c78a0 44 API calls 50902->50912 50903 92d80e 50904 979b1f std::_Throw_Cpp_error 44 API calls 50903->50904 50905 92d813 50904->50905 50906 7c7160 44 API calls 50906->50912 50911 7c8e00 44 API calls 50911->50912 50912->50892 50912->50895 50912->50901 50912->50902 50912->50903 50912->50906 50912->50911 50916 92d519 50912->50916 51006 92e800 50912->51006 51038 8d07e0 44 API calls _ValidateLocalCookies 50912->51038 51039 7cde00 44 API calls 50912->51039 51040 92bbf0 52 API calls __Init_thread_footer 50912->51040 51041 8d5fc0 44 API calls 5 library calls 50912->51041 51043 8defa0 44 API calls 5 library calls 50912->51043 51044 92ed10 44 API calls std::locale::_Locimp::_Locimp 50912->51044 51045 92e5d0 44 API calls 3 library calls 50912->51045 51046 92ebe0 50912->51046 51051 7f2170 44 API calls std::ios_base::_Ios_base_dtor 50912->51051 50913 7c7050 44 API calls 50913->50916 50915 7c78a0 44 API calls 50915->50916 50916->50912 50916->50913 50916->50915 51042 92c670 67 API calls 3 library calls 50916->51042 50921 7c71ad 50918->50921 50923 7c7171 std::locale::_Locimp::_Locimp 50918->50923 50919 7c7261 51083 7c7150 44 API calls 3 library calls 50919->51083 50921->50919 50924 7c7750 44 API calls 50921->50924 50922 7c7266 50925 7c7160 44 API calls 50922->50925 50923->50824 50927 7c71f6 std::locale::_Locimp::_Locimp 50924->50927 50926 7c72d2 50925->50926 50926->50824 50928 7c7245 std::ios_base::_Ios_base_dtor 50927->50928 50929 979b1f std::_Throw_Cpp_error 44 API calls 50927->50929 50928->50824 50929->50919 50931 7c78ee std::ios_base::_Ios_base_dtor 50930->50931 50933 7c78cd 50930->50933 50931->50834 50933->50834 50933->50930 50933->50931 50936 979b1f 50933->50936 50934->50838 50935->50838 50941 979a5b 44 API calls __cftof 50936->50941 50938 979b2e 50942 979b3c 11 API calls __set_se_translator 50938->50942 50940 979b3b 50941->50938 50942->50940 50944 7c8da0 50943->50944 50944->50944 50945 7c8df9 50944->50945 50946 7c8dc0 50944->50946 50973 7c7150 44 API calls 3 library calls 50945->50973 50969 7c6e80 50946->50969 50949 7c8dfe 50950 7c8dd7 50951 7c8e00 50950->50951 50952 7c8e40 50951->50952 50952->50952 50953 7c7050 44 API calls 50952->50953 50954 7c8e5b 50953->50954 50955 7c7050 50954->50955 50956 7c7097 50955->50956 50959 7c7063 std::locale::_Locimp::_Locimp 50955->50959 51001 7c6f20 44 API calls 3 library calls 50956->51001 50958 7c70a8 50958->50859 50959->50859 50961 9746a3 IsProcessorFeaturePresent 50960->50961 50962 9746a2 50960->50962 50964 974d0a 50961->50964 50962->50847 51002 974ccd SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 50964->51002 50966 974ded 50966->50847 50967->50871 50968->50880 50970 7c6ed6 std::locale::_Locimp::_Locimp 50969->50970 50971 7c6eaf 50969->50971 50970->50950 50974 7c7750 50971->50974 50973->50949 50975 7c775b 50974->50975 50981 7c7796 50974->50981 50976 7c7764 50975->50976 50977 7c7786 50975->50977 50979 7c776b 50976->50979 50976->50981 50980 7c778a 50977->50980 50977->50981 50983 9746d9 std::_Facet_Register 2 API calls 50979->50983 50989 9746d9 50980->50989 50981->50970 50996 7c7730 44 API calls 2 library calls 50981->50996 50982 7c7771 50985 979b1f std::_Throw_Cpp_error 44 API calls 50982->50985 50988 7c777a 50982->50988 50983->50982 50987 7c77a5 50985->50987 50988->50970 50990 9746de std::locale::_Locimp::_Locimp 50989->50990 50991 7c7790 50990->50991 50993 9746fa std::_Facet_Register 50990->50993 50997 989cf3 EnterCriticalSection std::_Facet_Register 50990->50997 50991->50970 50998 97641a 50993->50998 50995 975360 50996->50982 50997->50990 50999 976434 50998->50999 51000 976461 RaiseException 50998->51000 50999->51000 51000->50995 51001->50958 51002->50966 51003->50886 51004->50885 51005->50885 51007 92e9a5 51006->51007 51008 92e84d 51006->51008 51062 7c6a90 44 API calls std::_Throw_Cpp_error 51007->51062 51009 92e9a0 51008->51009 51014 92e898 51008->51014 51015 92e8bf 51008->51015 51061 7c7730 44 API calls 2 library calls 51009->51061 51011 92e946 51013 979b1f std::_Throw_Cpp_error 44 API calls 51011->51013 51037 92e96b std::ios_base::_Ios_base_dtor 51011->51037 51016 92e9af 51013->51016 51014->51009 51017 92e8a3 51014->51017 51019 9746d9 std::_Facet_Register 2 API calls 51015->51019 51022 92e8a9 51015->51022 51063 92e2d0 44 API calls std::ios_base::_Ios_base_dtor 51016->51063 51020 9746d9 std::_Facet_Register 2 API calls 51017->51020 51019->51022 51020->51022 51021 92e9bb 51064 7e5dc0 44 API calls 2 library calls 51021->51064 51022->51011 51024 92ebe0 44 API calls 51022->51024 51026 92e8f8 51024->51026 51025 92e9c9 51027 97641a std::_Throw_Cpp_error RaiseException 51025->51027 51028 92e913 51026->51028 51029 92e909 51026->51029 51030 92e9d2 51027->51030 51058 92eb10 44 API calls std::_Facet_Register 51028->51058 51052 92ea80 51029->51052 51033 92e90e 51033->51037 51060 92e2d0 44 API calls std::ios_base::_Ios_base_dtor 51033->51060 51034 92e91a 51059 92eb10 44 API calls std::_Facet_Register 51034->51059 51037->50912 51038->50912 51039->50912 51040->50912 51041->50912 51042->50916 51043->50912 51044->50912 51045->50912 51047 9746d9 std::_Facet_Register 2 API calls 51046->51047 51048 92ec29 51047->51048 51066 92ee10 51048->51066 51051->50912 51053 92eadb 51052->51053 51056 92eac6 51052->51056 51065 92e2d0 44 API calls std::ios_base::_Ios_base_dtor 51053->51065 51054 92ebe0 44 API calls 51054->51056 51056->51053 51056->51054 51057 92eaef 51057->51033 51058->51034 51059->51033 51060->51011 51061->51007 51063->51021 51064->51025 51065->51057 51067 92ee52 51066->51067 51077 92ec57 51066->51077 51068 9746d9 std::_Facet_Register 2 API calls 51067->51068 51069 92ee74 51068->51069 51078 7c6610 51069->51078 51071 92ee8a 51072 7c6610 44 API calls 51071->51072 51073 92ee9a 51072->51073 51074 92ee10 44 API calls 51073->51074 51075 92eeee 51074->51075 51076 92ee10 44 API calls 51075->51076 51076->51077 51077->50912 51079 7c6637 51078->51079 51080 7c663e 51079->51080 51081 7c7750 44 API calls 51079->51081 51080->51071 51082 7c6670 std::locale::_Locimp::_Locimp 51081->51082 51082->51071 51083->50922 51084 7d83d1 51085 7d8457 51084->51085 51086 7d84cb 51085->51086 51087 7d847c GetWindowLongW CallWindowProcW 51085->51087 51088 7d8466 CallWindowProcW 51085->51088 51087->51086 51089 7d84b0 GetWindowLongW 51087->51089 51088->51086 51089->51086 51090 7d84bd SetWindowLongW 51089->51090 51090->51086 51091 7c9b90 51092 7c9b9c 51091->51092 51093 7c9bd4 51091->51093 51092->51093 51095 7c9980 51092->51095 51096 7c998d 51095->51096 51097 97641a std::_Throw_Cpp_error RaiseException 51096->51097 51098 7c999a RtlAllocateHeap 51097->51098 51098->51093 51099 97109a 51100 971089 51099->51100 51100->51099 51102 971b8b 51100->51102 51128 9718e9 51102->51128 51104 971b9b 51105 971bf8 51104->51105 51114 971c1c 51104->51114 51137 971b29 6 API calls 3 library calls 51105->51137 51107 971c03 RaiseException 51108 971df1 51107->51108 51108->51100 51109 971c94 LoadLibraryExA 51110 971ca7 GetLastError 51109->51110 51111 971cf5 51109->51111 51116 971cd0 51110->51116 51117 971cba 51110->51117 51113 971d07 51111->51113 51115 971d00 FreeLibrary 51111->51115 51112 971d65 GetProcAddress 51119 971d75 GetLastError 51112->51119 51123 971dc3 51112->51123 51113->51112 51113->51123 51114->51109 51114->51111 51114->51113 51114->51123 51115->51113 51138 971b29 6 API calls 3 library calls 51116->51138 51117->51111 51117->51116 51121 971d88 51119->51121 51120 971cdb RaiseException 51120->51108 51121->51123 51139 971b29 6 API calls 3 library calls 51121->51139 51140 971b29 6 API calls 3 library calls 51123->51140 51125 971da9 RaiseException 51126 9718e9 DloadAcquireSectionWriteAccess 6 API calls 51125->51126 51127 971dc0 51126->51127 51127->51123 51129 9718f5 51128->51129 51130 97191b 51128->51130 51141 971992 GetModuleHandleW GetProcAddress GetProcAddress DloadAcquireSectionWriteAccess 51129->51141 51130->51104 51132 971916 51143 97191c GetModuleHandleW GetProcAddress GetProcAddress 51132->51143 51133 9718fa 51133->51132 51142 971abb VirtualQuery GetSystemInfo VirtualProtect DloadProtectSection 51133->51142 51136 971b64 51136->51104 51137->51107 51138->51120 51139->51125 51140->51108 51141->51133 51142->51132 51143->51136 51144 8da060 51188 8d8790 44 API calls 51144->51188 51146 8da0a8 51189 7f10e0 44 API calls 51146->51189 51148 8da0bd 51149 7c8e00 44 API calls 51148->51149 51150 8da0d0 51149->51150 51151 7c78a0 44 API calls 51150->51151 51152 8da0df 51151->51152 51155 8da302 51152->51155 51156 8da113 std::ios_base::_Ios_base_dtor __set_se_translator 51152->51156 51153 8da183 51154 8da1a7 51153->51154 51157 8da190 51153->51157 51190 8e30c0 51154->51190 51158 979b1f std::_Throw_Cpp_error 44 API calls 51155->51158 51156->51153 51220 7d8020 56 API calls 51156->51220 51221 8e47e0 89 API calls 4 library calls 51157->51221 51162 8da307 51158->51162 51160 8da1b5 51163 7c7160 44 API calls 51160->51163 51166 979b1f std::_Throw_Cpp_error 44 API calls 51162->51166 51167 8da1f4 51163->51167 51164 8da15e 51173 7c7050 44 API calls 51164->51173 51169 8da30c 51166->51169 51222 8d8790 44 API calls 51167->51222 51168 8da1a4 51168->51154 51171 7c7160 44 API calls 51169->51171 51174 8da37c 51171->51174 51172 8da205 51223 8e0fc0 59 API calls 5 library calls 51172->51223 51173->51153 51224 9762f5 51174->51224 51177 8da38f 51237 8e47e0 89 API calls 4 library calls 51177->51237 51179 8da39e 51180 8da2a1 std::ios_base::_Ios_base_dtor 51181 7c78a0 44 API calls 51180->51181 51183 8da2cb 51181->51183 51182 8da21c std::ios_base::_Ios_base_dtor 51182->51162 51182->51180 51184 7c78a0 44 API calls 51183->51184 51185 8da2da 51184->51185 51186 97469a _ValidateLocalCookies 5 API calls 51185->51186 51187 8da2f8 51186->51187 51188->51146 51189->51148 51191 7c7750 44 API calls 51190->51191 51192 8e3169 __set_se_translator 51191->51192 51193 8e319a LoadStringW 51192->51193 51194 8e31c9 51193->51194 51197 8e3207 __set_se_translator 51193->51197 51195 7c7160 44 API calls 51194->51195 51201 8e31fe 51195->51201 51196 8e325c LoadStringW 51196->51197 51198 8e3273 51196->51198 51197->51196 51238 8e3460 45 API calls 2 library calls 51197->51238 51200 7c7160 44 API calls 51198->51200 51200->51201 51202 7c78a0 44 API calls 51201->51202 51205 8e32bd std::ios_base::_Ios_base_dtor 51201->51205 51202->51205 51203 8e335f std::ios_base::_Ios_base_dtor 51206 97469a _ValidateLocalCookies 5 API calls 51203->51206 51204 8e339e 51207 979b1f std::_Throw_Cpp_error 44 API calls 51204->51207 51205->51203 51205->51204 51208 8e3397 51206->51208 51209 8e33a3 51207->51209 51208->51160 51210 8e344e 51209->51210 51211 8e33e9 SysFreeString 51209->51211 51212 8e3431 SysAllocStringLen 51209->51212 51213 7c9980 2 API calls 51210->51213 51218 97469a _ValidateLocalCookies 5 API calls 51211->51218 51212->51211 51214 8e3444 51212->51214 51215 8e3458 51213->51215 51216 7c9980 2 API calls 51214->51216 51216->51210 51219 8e342d 51218->51219 51219->51160 51220->51164 51221->51168 51222->51172 51223->51182 51239 976303 51224->51239 51226 9762fa 51226->51177 51253 98dd2e EnterCriticalSection __set_se_translator 51226->51253 51228 97e1b0 51233 97e1bb 51228->51233 51254 98dd73 44 API calls 6 library calls 51228->51254 51230 97e1c5 IsProcessorFeaturePresent 51231 97e1d1 51230->51231 51255 979913 8 API calls 2 library calls 51231->51255 51233->51230 51236 97e1e4 51233->51236 51235 97e1ee 51256 97fec8 44 API calls __set_se_translator 51236->51256 51237->51179 51238->51197 51240 97630f GetLastError 51239->51240 51241 97630c 51239->51241 51257 9794ed 6 API calls ___vcrt_InitializeCriticalSectionEx 51240->51257 51241->51226 51243 976324 51244 976389 SetLastError 51243->51244 51252 976343 51243->51252 51258 979528 51243->51258 51244->51226 51246 97633d __Getctype 51247 976365 51246->51247 51248 979528 ___vcrt_FlsSetValue 7 API calls 51246->51248 51246->51252 51249 979528 ___vcrt_FlsSetValue 7 API calls 51247->51249 51250 976379 51247->51250 51248->51247 51249->51250 51265 97e536 51250->51265 51252->51244 51253->51228 51254->51233 51255->51236 51256->51235 51257->51243 51268 97938c 51258->51268 51261 979551 FlsSetValue 51263 979563 51261->51263 51262 97955d TlsSetValue 51262->51263 51263->51246 51277 98ca2d 51265->51277 51269 9793a9 51268->51269 51273 9793ad 51268->51273 51269->51261 51269->51262 51270 979415 GetProcAddress 51270->51269 51272 979423 51270->51272 51272->51269 51273->51269 51273->51270 51274 979406 51273->51274 51276 97942c LoadLibraryExW GetLastError LoadLibraryExW ___vcrt_InitializeCriticalSectionEx 51273->51276 51274->51270 51275 97940e FreeLibrary 51274->51275 51275->51270 51276->51273 51278 98ca38 RtlFreeHeap 51277->51278 51279 97e54e 51277->51279 51278->51279 51280 98ca4d GetLastError 51278->51280 51279->51252 51281 98ca5a __dosmaperr 51280->51281 51283 979c2f 13 API calls __dosmaperr 51281->51283 51283->51279 51284 7d0db0 51285 7d0df7 std::ios_base::_Ios_base_dtor 51284->51285 51286 7d0de7 51284->51286 51286->51285 51287 979b1f std::_Throw_Cpp_error 44 API calls 51286->51287 51288 7d0e2c 51287->51288 51291 7d11e0 44 API calls std::ios_base::_Ios_base_dtor 51288->51291 51290 7d0e6c std::ios_base::_Ios_base_dtor 51291->51290 51292 7d0473 51311 7cfeb0 51292->51311 51294 7d0478 51295 7c6610 44 API calls 51294->51295 51296 7d0490 51295->51296 51297 7c78a0 44 API calls 51296->51297 51298 7d04ae 51296->51298 51297->51298 51299 7c78a0 44 API calls 51298->51299 51301 7d04c9 51298->51301 51299->51301 51303 7d0568 51301->51303 51304 7d0504 std::ios_base::_Ios_base_dtor 51301->51304 51306 979b1f std::_Throw_Cpp_error 44 API calls 51303->51306 51346 7d0570 51304->51346 51305 7c78a0 44 API calls 51307 7d054a 51305->51307 51308 7d056d 51306->51308 51309 97469a _ValidateLocalCookies 5 API calls 51307->51309 51310 7d0564 51309->51310 51312 7cff09 51311->51312 51313 7cff7f 51311->51313 51394 974ba2 EnterCriticalSection 51312->51394 51315 7cff8f GetTempPathW 51313->51315 51337 7d0064 std::ios_base::_Ios_base_dtor 51313->51337 51318 7cffa9 51315->51318 51315->51337 51317 7c6610 44 API calls 51319 7d0097 51317->51319 51320 7d00c4 51318->51320 51321 7cffb6 51318->51321 51324 97469a _ValidateLocalCookies 5 API calls 51319->51324 51401 974def SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess IsProcessorFeaturePresent 51320->51401 51328 7c7160 44 API calls 51321->51328 51325 7d00c0 51324->51325 51325->51294 51326 7d00c9 51329 979b1f std::_Throw_Cpp_error 44 API calls 51326->51329 51327 7cff6e 51399 974b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 51327->51399 51331 7d0016 51328->51331 51332 7d00ce 51329->51332 51400 8cd830 54 API calls _ValidateLocalCookies 51331->51400 51335 7cfeb0 63 API calls 51332->51335 51334 7d002e 51334->51326 51334->51337 51336 7d0114 51335->51336 51338 7c6610 44 API calls 51336->51338 51337->51317 51339 7d012b 51338->51339 51340 7c78a0 44 API calls 51339->51340 51341 7d014c 51340->51341 51342 7c78a0 44 API calls 51341->51342 51343 7d0173 51342->51343 51344 97469a _ValidateLocalCookies 5 API calls 51343->51344 51345 7d018d 51344->51345 51345->51294 51347 7d05d5 51346->51347 51348 7d05d7 GetTempFileNameW 51346->51348 51347->51348 51349 7d061e 51348->51349 51367 7d05ec std::ios_base::_Ios_base_dtor 51348->51367 51351 7c7160 44 API calls 51349->51351 51350 97469a _ValidateLocalCookies 5 API calls 51352 7d0532 51350->51352 51353 7d0680 51351->51353 51352->51305 51354 7d0a18 51353->51354 51355 7d0688 51353->51355 51357 7c6610 44 API calls 51354->51357 51356 7c6610 44 API calls 51355->51356 51358 7d06b3 51356->51358 51359 7d0a43 51357->51359 51403 8cd900 51358->51403 51361 8cd900 54 API calls 51359->51361 51363 7d0a52 51361->51363 51364 8cdeb0 44 API calls 51363->51364 51366 7d0a64 51364->51366 51366->51367 51369 7d0af6 51366->51369 51367->51350 51368 7d06d8 std::ios_base::_Ios_base_dtor 51370 7d0af1 51368->51370 51372 7c7160 44 API calls 51368->51372 51371 979b1f std::_Throw_Cpp_error 44 API calls 51369->51371 51373 979b1f std::_Throw_Cpp_error 44 API calls 51370->51373 51374 7d0afb 51371->51374 51376 7d078c std::locale::_Locimp::_Locimp 51372->51376 51373->51369 51441 8cc720 51376->51441 51377 7d082d MoveFileW 51379 7c78a0 44 API calls 51377->51379 51378 7d080f 51378->51377 51380 7d084c 51379->51380 51381 7d094e 51380->51381 51382 7d0854 51380->51382 51381->51370 51383 7d09de std::ios_base::_Ios_base_dtor 51381->51383 51384 7d0570 54 API calls 51382->51384 51386 7c78a0 44 API calls 51383->51386 51385 7d0871 DeleteFileW 51384->51385 51387 7c78a0 44 API calls 51385->51387 51386->51367 51388 7d08da 51387->51388 51389 7d0914 std::ios_base::_Ios_base_dtor 51388->51389 51392 7d0aec 51388->51392 51390 7c78a0 44 API calls 51389->51390 51391 7d0949 51390->51391 51391->51367 51393 979b1f std::_Throw_Cpp_error 44 API calls 51392->51393 51393->51370 51395 974bb6 51394->51395 51396 7cff13 51395->51396 51402 974c2a SleepConditionVariableCS WaitForSingleObjectEx EnterCriticalSection 51395->51402 51396->51313 51398 974a5a 44 API calls 51396->51398 51398->51327 51399->51313 51400->51334 51401->51326 51402->51395 51449 8cf1a0 51403->51449 51405 8cd97b 51406 8cda94 51405->51406 51407 8cd986 51405->51407 51410 8cf1a0 54 API calls 51406->51410 51408 8cdc2d 51407->51408 51409 8cd9af 51407->51409 51455 7c6d30 44 API calls 51408->51455 51411 7c7160 44 API calls 51409->51411 51412 8cdabd 51410->51412 51414 8cd9d3 51411->51414 51417 8cdc37 51412->51417 51418 8cdb01 51412->51418 51435 8cda7e std::ios_base::_Ios_base_dtor 51412->51435 51454 7f10e0 44 API calls 51414->51454 51415 8cdc32 51419 979b1f std::_Throw_Cpp_error 44 API calls 51415->51419 51456 7c6d30 44 API calls 51417->51456 51423 7c7160 44 API calls 51418->51423 51419->51417 51420 8cdbef std::ios_base::_Ios_base_dtor 51421 97469a _ValidateLocalCookies 5 API calls 51420->51421 51426 7d06c2 51421->51426 51422 8cd9eb 51427 8cda02 51422->51427 51430 7c78a0 44 API calls 51422->51430 51428 8cdb25 51423->51428 51425 8cdc3c 51429 979b1f std::_Throw_Cpp_error 44 API calls 51425->51429 51436 8cdeb0 51426->51436 51432 7c78a0 44 API calls 51427->51432 51431 7c78a0 44 API calls 51428->51431 51434 8cdc41 51429->51434 51430->51427 51431->51435 51433 8cda3c 51432->51433 51433->51415 51433->51435 51435->51420 51435->51425 51438 8cdf2c 51436->51438 51437 8ce09f std::ios_base::_Ios_base_dtor 51437->51368 51438->51437 51439 979b1f std::_Throw_Cpp_error 44 API calls 51438->51439 51440 8ce0df 51439->51440 51442 8cc766 51441->51442 51443 8cc72e 51441->51443 51458 7d1b80 51442->51458 51443->51442 51472 7cde00 44 API calls 51443->51472 51445 8cc79d 51446 7c7050 44 API calls 51445->51446 51447 8cc7b5 51446->51447 51447->51378 51450 8cf1c0 ___vcrt_InitializeCriticalSectionEx 51449->51450 51451 8cf1ad 51449->51451 51450->51405 51451->51450 51457 98021e 54 API calls 2 library calls 51451->51457 51453 8cf1d6 51453->51405 51454->51422 51457->51453 51459 7d1bb4 51458->51459 51460 7d1b90 51458->51460 51461 7d1c8a 51459->51461 51462 7d1bc6 51459->51462 51460->51445 51473 7c7150 44 API calls 3 library calls 51461->51473 51465 7c7750 44 API calls 51462->51465 51464 7d1bf8 std::locale::_Locimp::_Locimp 51466 979b1f std::_Throw_Cpp_error 44 API calls 51464->51466 51471 7d1c4a std::ios_base::_Ios_base_dtor std::locale::_Locimp::_Locimp 51464->51471 51465->51464 51467 7d1c94 51466->51467 51468 7d1ca8 51467->51468 51474 7d1ce0 44 API calls 4 library calls 51467->51474 51468->51445 51470 7d1cd4 51470->51445 51471->51445 51472->51442 51473->51464 51474->51470 51475 7f18b0 51476 7f191b 51475->51476 51478 7f18e5 std::ios_base::_Ios_base_dtor 51475->51478 51477 7c78a0 44 API calls 51477->51478 51478->51476 51478->51477 51479 974c78 51480 9746d9 std::_Facet_Register 2 API calls 51479->51480 51481 974cad 51480->51481 51482 919020 51483 919065 51482->51483 51484 91904f 51482->51484 51510 7c9cc0 51483->51510 51487 919172 51489 7c9980 2 API calls 51487->51489 51488 919074 51525 7c8d40 74 API calls 51488->51525 51490 91917c 51489->51490 51492 7c9cc0 53 API calls 51490->51492 51505 9191b5 ___crtCompareStringW 51492->51505 51493 919369 51494 7c9980 2 API calls 51493->51494 51495 919373 51494->51495 51496 7c9980 2 API calls 51495->51496 51497 91937d 51496->51497 51498 7c9790 44 API calls 51498->51505 51499 919108 51500 919099 51500->51499 51501 91910c 51500->51501 51526 919380 92 API calls 6 library calls 51501->51526 51503 919118 51503->51499 51504 7c9cc0 53 API calls 51504->51505 51505->51493 51505->51495 51505->51498 51505->51504 51507 919302 51505->51507 51508 919312 51505->51508 51527 7d4010 51505->51527 51507->51508 51532 7e11a0 51507->51532 51511 7c9d4c 51510->51511 51512 7c9cf8 51510->51512 51515 974ba2 4 API calls 51511->51515 51524 7c9dd7 51511->51524 51513 974ba2 4 API calls 51512->51513 51514 7c9d02 51513->51514 51514->51511 51517 7c9d0e GetProcessHeap 51514->51517 51516 7c9d66 51515->51516 51516->51524 51540 974a5a 44 API calls 51516->51540 51538 974a5a 44 API calls 51517->51538 51520 7c9d3b 51539 974b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 51520->51539 51521 7c9dc6 51541 974b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 51521->51541 51524->51487 51524->51488 51525->51500 51526->51503 51528 7d4038 51527->51528 51529 7d4091 51527->51529 51528->51505 51530 7c9980 2 API calls 51529->51530 51531 7d409b 51530->51531 51533 7e11b6 51532->51533 51534 7e1203 51532->51534 51537 7e11c6 51533->51537 51542 7c9800 45 API calls 4 library calls 51533->51542 51534->51508 51536 7e11fb 51536->51508 51537->51508 51538->51520 51539->51511 51540->51521 51541->51524 51542->51536 51543 978400 51544 97841e 51543->51544 51562 9783c0 5 API calls _ValidateLocalCookies 51544->51562 51546 9784cd 51547 97849e 51547->51546 51549 9783c0 _ValidateLocalCookies 5 API calls 51547->51549 51548 97843c ___except_validate_context_record 51548->51546 51548->51547 51554 9784da __IsNonwritableInCurrentImage 51548->51554 51549->51546 51550 9796e0 RtlUnwind 51551 978527 51550->51551 51552 9783c0 _ValidateLocalCookies 5 API calls 51551->51552 51553 97854d 51552->51553 51555 979717 ___vcrt_initialize_locks 7 API calls 51553->51555 51554->51550 51556 978563 51555->51556 51557 978567 51556->51557 51558 9763cc 9 API calls 51556->51558 51559 97856f 51558->51559 51560 97857a 51559->51560 51561 979753 ___vcrt_uninitialize_locks DeleteCriticalSection 51559->51561 51561->51557 51563 8c2af0 51564 8c2d57 51563->51564 51565 8c2b3c 51563->51565 51566 97469a _ValidateLocalCookies 5 API calls 51564->51566 51567 7c9cc0 53 API calls 51565->51567 51568 8c2dd9 51566->51568 51569 8c2b66 51567->51569 51570 8c2ddd 51569->51570 51571 8c2b70 51569->51571 51572 7c9980 2 API calls 51570->51572 51574 8c2b8b 51571->51574 51577 8c2b99 51571->51577 51573 8c2de7 51572->51573 51639 7c92a0 51574->51639 51577->51577 51651 7c9800 45 API calls 4 library calls 51577->51651 51578 8c2b97 51579 7c78a0 44 API calls 51578->51579 51580 8c2bc9 CreateFileW 51579->51580 51581 8c2c19 51580->51581 51582 8c2bfb CloseHandle 51580->51582 51590 7fd370 66 API calls 51581->51590 51582->51564 51584 8c2c22 51591 8c2df0 51584->51591 51586 8c2c35 WriteFile 51587 8c2c65 51586->51587 51588 8c2c9d CloseHandle 51587->51588 51589 8c2cab 51587->51589 51588->51589 51589->51564 51590->51584 51592 7c9cc0 53 API calls 51591->51592 51593 8c2e2a 51592->51593 51594 8c2eae 51593->51594 51595 8c2e30 51593->51595 51596 7c9980 2 API calls 51594->51596 51598 8c2e5e 51595->51598 51599 8c2e7b 51595->51599 51597 8c2eb8 51596->51597 51652 8db170 51597->51652 51682 8c4bd0 74 API calls 51598->51682 51683 8c4bd0 74 API calls 51599->51683 51603 8c2e76 51603->51586 51604 8c2f80 51607 8c2fa0 GetModuleHandleW 51604->51607 51605 8c2f10 51605->51604 51655 8c3420 51605->51655 51609 8c2fd4 51607->51609 51613 8c3009 51607->51613 51608 8c2f39 51610 7e11a0 45 API calls 51608->51610 51611 974ba2 4 API calls 51609->51611 51612 8c2f46 MoveFileW 51610->51612 51614 8c2fde 51611->51614 51617 8db170 10 API calls 51612->51617 51616 974ba2 4 API calls 51613->51616 51618 8c3061 51613->51618 51614->51613 51619 8c2fea GetProcAddress 51614->51619 51620 8c3036 51616->51620 51621 8c2f78 51617->51621 51625 974ba2 4 API calls 51618->51625 51632 8c30b9 51618->51632 51684 974b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 51619->51684 51620->51618 51623 8c3042 GetProcAddress 51620->51623 51621->51604 51624 8c3301 51621->51624 51685 974b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 51623->51685 51679 97ff04 51624->51679 51628 8c308e 51625->51628 51631 8c309a GetProcAddress 51628->51631 51628->51632 51686 974b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 51631->51686 51634 8c3295 51632->51634 51687 897a10 GetSystemDirectoryW 51632->51687 51712 8c4850 11 API calls 51634->51712 51636 8c32a1 51637 97469a _ValidateLocalCookies 5 API calls 51636->51637 51638 8c32f9 51637->51638 51638->51586 51992 7c90a0 7 API calls 51639->51992 51641 7c92b0 51642 7c92b6 FindResourceW 51641->51642 51643 7c9332 51641->51643 51642->51643 51644 7c92cd 51642->51644 51643->51578 51993 7c9160 LoadResource LockResource SizeofResource 51644->51993 51646 7c92d7 51646->51643 51647 7c92fe 51646->51647 51994 7c9790 44 API calls 51646->51994 51995 97e127 44 API calls 3 library calls 51647->51995 51650 7c930e 51650->51578 51651->51578 51713 8db1b0 51652->51713 51656 8c3460 51655->51656 51657 7c9cc0 53 API calls 51656->51657 51659 8c3478 51657->51659 51658 8c356d 51660 7c9980 2 API calls 51658->51660 51659->51658 51666 8db170 10 API calls 51659->51666 51671 8c34ea 51659->51671 51674 7c9cc0 53 API calls 51659->51674 51732 7c8d40 74 API calls 51659->51732 51661 8c3577 FreeLibrary EnterCriticalSection 51660->51661 51662 8c35e6 51661->51662 51665 8c360c std::ios_base::_Ios_base_dtor 51661->51665 51663 8c35ec DestroyWindow 51662->51663 51667 8c35fc 51662->51667 51663->51667 51668 8c365d 51665->51668 51670 97e536 __freea 13 API calls 51665->51670 51676 8c3673 std::ios_base::_Ios_base_dtor 51665->51676 51666->51659 51667->51665 51669 97e536 __freea 13 API calls 51667->51669 51672 97e536 __freea 13 API calls 51668->51672 51668->51676 51669->51665 51670->51668 51678 8c3508 51671->51678 51733 7c9800 45 API calls 4 library calls 51671->51733 51672->51676 51674->51659 51726 8c59b0 51676->51726 51678->51608 51735 97fcec 51679->51735 51682->51603 51683->51603 51684->51613 51685->51618 51686->51632 51688 897a5f 51687->51688 51710 897b1b 51687->51710 51690 7c9cc0 53 API calls 51688->51690 51688->51710 51689 97469a _ValidateLocalCookies 5 API calls 51691 897b6b 51689->51691 51692 897a6f 51690->51692 51691->51632 51693 897a79 51692->51693 51694 897b73 51692->51694 51697 897aa3 51693->51697 51698 897a95 51693->51698 51695 7c9980 2 API calls 51694->51695 51696 897b7d 51695->51696 51699 9746d9 std::_Facet_Register 2 API calls 51696->51699 51837 7c9800 45 API calls 4 library calls 51697->51837 51700 7c92a0 52 API calls 51698->51700 51701 897cd2 51699->51701 51702 897aa1 51700->51702 51918 7dd690 44 API calls 3 library calls 51701->51918 51838 7e0880 51702->51838 51704 897d1a 51704->51632 51707 897ae2 51708 7e0880 117 API calls 51707->51708 51709 897b09 51708->51709 51709->51710 51711 897b1f LoadLibraryExW 51709->51711 51710->51689 51711->51710 51712->51636 51714 8db1f4 51713->51714 51724 8db1ec 51713->51724 51716 8db2e1 51714->51716 51720 8db224 __set_se_translator 51714->51720 51714->51724 51715 97469a _ValidateLocalCookies 5 API calls 51717 8db198 51715->51717 51718 7c9980 2 API calls 51716->51718 51717->51605 51719 8db2eb 51718->51719 51721 8db242 FindFirstFileW 51720->51721 51720->51724 51722 8db28e GetLastError 51721->51722 51723 8db271 51721->51723 51722->51723 51723->51724 51725 8db2ab FindClose 51723->51725 51724->51715 51725->51724 51727 8c36f7 51726->51727 51728 8c59e1 51726->51728 51727->51608 51728->51726 51731 8c59f7 std::ios_base::_Ios_base_dtor 51728->51731 51734 7d8590 RaiseException 51728->51734 51729 8c5a3c DeleteCriticalSection 51729->51727 51731->51729 51732->51659 51733->51678 51734->51728 51736 97fd2b 51735->51736 51737 97fd19 51735->51737 51747 97fb95 51736->51747 51760 97fdb4 GetModuleHandleW 51737->51760 51740 97fd1e 51740->51736 51761 97fe19 GetModuleHandleExW 51740->51761 51741 97fd62 51742 8c330b 51741->51742 51753 97fd83 51741->51753 51745 97fd7d 51748 97fba1 __set_se_translator 51747->51748 51767 9880d3 EnterCriticalSection 51748->51767 51750 97fbab 51768 97fc01 51750->51768 51752 97fbb8 __set_se_translator 51752->51741 51831 97fdf7 51753->51831 51756 97fda1 51758 97fe19 __set_se_translator 3 API calls 51756->51758 51757 97fd91 GetCurrentProcess TerminateProcess 51757->51756 51759 97fda9 ExitProcess 51758->51759 51760->51740 51762 97fe79 51761->51762 51763 97fe58 GetProcAddress 51761->51763 51765 97fe7f FreeLibrary 51762->51765 51766 97fd2a 51762->51766 51763->51762 51764 97fe6c 51763->51764 51764->51762 51765->51766 51766->51736 51767->51750 51771 97fc0d __set_se_translator 51768->51771 51769 97fca2 51769->51752 51770 97fc74 51772 97fc91 51770->51772 51780 98aa1f 51770->51780 51771->51769 51771->51770 51776 98a77b 51771->51776 51775 98aa1f __set_se_translator 44 API calls 51772->51775 51775->51769 51777 98a787 __EH_prolog3 51776->51777 51784 98a4d3 51777->51784 51779 98a7ae std::locale::_Init 51779->51770 51781 98aa2d 51780->51781 51782 98aa46 51780->51782 51781->51782 51795 7c1990 51781->51795 51782->51772 51785 98a4df __set_se_translator 51784->51785 51790 9880d3 EnterCriticalSection 51785->51790 51787 98a4ed 51791 98a68b 51787->51791 51789 98a4fa __set_se_translator 51789->51779 51790->51787 51792 98a6aa 51791->51792 51793 98a6a2 51791->51793 51792->51793 51794 98ca2d ___free_lconv_mon 13 API calls 51792->51794 51793->51789 51794->51793 51796 7c19cd 51795->51796 51803 7c6520 51796->51803 51798 7c1a67 51813 974a5a 44 API calls 51798->51813 51800 7c1a8d 51801 97469a _ValidateLocalCookies 5 API calls 51800->51801 51802 7c1aa5 51801->51802 51802->51781 51804 7c6581 51803->51804 51810 7c65d5 51803->51810 51805 7c6589 51804->51805 51806 7c6606 51804->51806 51814 7c6b70 51805->51814 51829 7c6a90 44 API calls std::_Throw_Cpp_error 51806->51829 51810->51798 51811 7c6610 44 API calls 51812 7c658f 51811->51812 51812->51810 51812->51811 51813->51800 51815 7c6bbf 51814->51815 51816 7c6b7b 51814->51816 51830 7c7730 44 API calls 2 library calls 51815->51830 51817 7c6b88 51816->51817 51820 7c6baa 51816->51820 51817->51815 51819 7c6b8f 51817->51819 51823 9746d9 std::_Facet_Register 2 API calls 51819->51823 51821 7c6bba 51820->51821 51824 9746d9 std::_Facet_Register 2 API calls 51820->51824 51821->51812 51822 7c6b95 51825 979b1f std::_Throw_Cpp_error 44 API calls 51822->51825 51828 7c6b9e 51822->51828 51823->51822 51826 7c6bb4 51824->51826 51827 7c6bc9 51825->51827 51826->51812 51828->51812 51830->51822 51836 98e93f 6 API calls __set_se_translator 51831->51836 51833 97fdfc 51834 97fe01 GetPEB 51833->51834 51835 97fd8d 51833->51835 51834->51835 51835->51756 51835->51757 51836->51833 51837->51702 51840 7e08a6 ___crtCompareStringW 51838->51840 51847 7e0911 std::locale::_Locimp::_Locimp 51838->51847 51839 7c9980 2 API calls 51841 7e095c 51839->51841 51840->51847 51852 7e08f0 __set_se_translator 51840->51852 51919 7c9790 44 API calls 51840->51919 51842 7e09cb 51841->51842 51844 7e09be FindClose 51841->51844 51922 7c95d0 RtlAllocateHeap RaiseException 51842->51922 51844->51842 51846 7e093f 51846->51707 51847->51839 51847->51846 51849 7e09e7 51851 7c9cc0 53 API calls 51849->51851 51850 7e092d 51921 979b0f 44 API calls __cftof 51850->51921 51856 7e09f9 51851->51856 51852->51847 51920 979c2f 13 API calls __dosmaperr 51852->51920 51854 7e0dac 51855 7c9980 2 API calls 51854->51855 51865 7e0db6 51855->51865 51856->51854 51857 7e0a21 51856->51857 51859 7e0a2f 51856->51859 51858 7c92a0 52 API calls 51857->51858 51861 7e0a2d 51858->51861 51859->51859 51923 7c9800 45 API calls 4 library calls 51859->51923 51863 7e0c9c 51861->51863 51866 7e0a76 PathIsUNCW 51861->51866 51867 7e0bc5 FindFirstFileW 51861->51867 51862 7e102f 51864 7c9980 2 API calls 51862->51864 51863->51707 51868 7e106a 51864->51868 51865->51862 51870 7e0e13 51865->51870 51871 7e0e94 51865->51871 51982 7e12c0 45 API calls 51865->51982 51872 7e0a8b 51866->51872 51873 7e0b55 51866->51873 51867->51863 51869 7e0bdd GetFullPathNameW 51867->51869 51875 7e0bf6 51869->51875 51917 7e0d31 ___crtCompareStringW 51869->51917 51870->51707 51983 7e1210 54 API calls 51871->51983 51924 7d40b0 54 API calls 4 library calls 51872->51924 51975 7d40b0 54 API calls 4 library calls 51873->51975 51878 7e0c11 GetFullPathNameW 51875->51878 51977 7c9790 44 API calls 51875->51977 51885 7e0c2a ___crtCompareStringW 51878->51885 51879 7c9980 2 API calls 51879->51854 51881 7e0e9f 51883 7e0880 109 API calls 51881->51883 51884 7e0eb1 51883->51884 51884->51862 51887 7e0ee2 PathIsUNCW 51884->51887 51888 7e0cd6 51885->51888 51898 7e0c5e 51885->51898 51885->51917 51886 7e0a93 51886->51867 51925 7d44a0 51886->51925 51889 7e0ef7 51887->51889 51890 7e0fc0 51887->51890 51901 7e0ce8 _wcsrchr 51888->51901 51978 7c9680 44 API calls 4 library calls 51888->51978 51984 7d40b0 54 API calls 4 library calls 51889->51984 51985 7d40b0 54 API calls 4 library calls 51890->51985 51895 7e0b0e 51900 7e11a0 45 API calls 51895->51900 51897 7e0c94 SetLastError 51897->51863 51898->51897 51899 7e0c87 FindClose 51898->51899 51899->51897 51903 7e0b21 51900->51903 51902 7e0d08 _wcsrchr 51901->51902 51979 7c9680 44 API calls 4 library calls 51901->51979 51906 7e0d1b 51902->51906 51907 7e0d35 51902->51907 51903->51867 51905 7e0b46 51903->51905 51976 7e1070 45 API calls 3 library calls 51905->51976 51909 7e0d83 51906->51909 51906->51917 51980 7c9680 44 API calls 4 library calls 51906->51980 51907->51917 51981 7c9680 44 API calls 4 library calls 51907->51981 51908 7e0eff 51908->51862 51910 7d44a0 101 API calls 51908->51910 51909->51863 51912 7e0f7a 51910->51912 51911 7e0f8d 51911->51862 51986 7e1070 45 API calls 3 library calls 51911->51986 51916 7e11a0 45 API calls 51912->51916 51916->51911 51917->51879 51917->51909 51918->51704 51919->51852 51920->51850 51921->51847 51922->51849 51923->51861 51924->51886 51926 7d4630 51925->51926 51929 7d44f7 51925->51929 51927 7c9980 2 API calls 51926->51927 51928 7d463a 51927->51928 51932 7c9980 2 API calls 51928->51932 51930 7d4519 51929->51930 51931 7c9cc0 53 API calls 51929->51931 51937 7d455b 51929->51937 51930->51895 51931->51937 51933 7d4649 51932->51933 51934 7c9980 2 API calls 51933->51934 51935 7d4653 51934->51935 51936 7d469a 51935->51936 51949 7d471d std::locale::_Locimp::_Locimp 51935->51949 51938 7d46ff GetWindowLongW 51936->51938 51939 7d46a1 51936->51939 51937->51928 51937->51933 51940 7d4583 51937->51940 51947 7d470c 51938->51947 51941 7d48e7 NtdllDefWindowProc_W 51939->51941 51944 7d46c2 GetWindowLongW 51939->51944 51940->51933 51951 7d45c3 __set_se_translator 51940->51951 51942 7d493d 51941->51942 51943 97469a _ValidateLocalCookies 5 API calls 51942->51943 51946 7d4965 51943->51946 51944->51941 51945 7d46d8 GetWindowLongW SetWindowLongW NtdllDefWindowProc_W 51944->51945 51945->51942 51946->51895 51947->51941 51948 7d45df std::locale::_Locimp::_Locimp 51948->51895 51950 7d4910 51949->51950 51953 7d479b SetWindowTextW 51949->51953 51950->51942 51958 97e536 __freea 13 API calls 51950->51958 51951->51948 51987 979c2f 13 API calls __dosmaperr 51951->51987 51956 7d47b7 51953->51956 51957 7d47bd 51953->51957 51954 7d4601 51988 979b0f 44 API calls __cftof 51954->51988 51956->51957 51959 7d484b 51957->51959 51960 7d47d3 GlobalAlloc 51957->51960 51958->51942 51959->51950 51991 7d4bc0 81 API calls 6 library calls 51959->51991 51960->51959 51962 7d47e3 GlobalLock 51960->51962 51967 7d47f8 __set_se_translator 51962->51967 51963 7d487e 51964 7d48f7 51963->51964 51970 7d4897 SetWindowLongW 51963->51970 51964->51950 51966 7d481b 51990 979b0f 44 API calls __cftof 51966->51990 51969 7d47fd std::locale::_Locimp::_Locimp 51967->51969 51989 979c2f 13 API calls __dosmaperr 51967->51989 51971 7d4831 GlobalUnlock 51969->51971 51973 7d48ab 51970->51973 51971->51959 51972 7d48da 51972->51947 51973->51972 51974 97e536 __freea 13 API calls 51973->51974 51974->51972 51975->51903 51976->51867 51977->51878 51978->51901 51979->51902 51980->51917 51981->51917 51982->51871 51983->51881 51984->51908 51985->51911 51986->51862 51987->51954 51988->51948 51989->51966 51990->51969 51991->51963 51992->51641 51993->51646 51994->51647 51995->51650 51996 8c0a10 51997 8c0a87 51996->51997 51998 8c0a47 51996->51998 51999 974ba2 4 API calls 51998->51999 52000 8c0a51 51999->52000 52000->51997 52004 974a5a 44 API calls 52000->52004 52002 8c0a73 52005 974b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 52002->52005 52004->52002 52005->51997 52006 8cff10 52007 8cff48 52006->52007 52008 8cff5b 52006->52008 52012 97469a _ValidateLocalCookies 5 API calls 52007->52012 52014 8bfb90 56 API calls 4 library calls 52008->52014 52010 8cff65 52011 7c78a0 44 API calls 52010->52011 52011->52007 52013 8cffaa 52012->52013 52014->52010 52015 8e5370 52024 8e4f80 52015->52024 52018 8e542e GetLastError 52022 8e53da 52018->52022 52019 8e53ca 52021 8e53e1 GetFileVersionInfoW 52019->52021 52019->52022 52020 8e5440 DeleteFileW 52023 8e5447 52020->52023 52021->52018 52021->52022 52022->52020 52022->52023 52039 8e0240 52024->52039 52027 8e4fc6 SHGetFolderPathW 52029 8e4fe4 __set_se_translator 52027->52029 52028 8e518a 52030 97469a _ValidateLocalCookies 5 API calls 52028->52030 52029->52028 52032 8e505a GetTempPathW 52029->52032 52031 8e51b9 GetFileVersionInfoSizeW 52030->52031 52031->52018 52031->52019 52046 976bd0 52032->52046 52035 8e50a6 52036 8e5112 Wow64DisableWow64FsRedirection CopyFileW 52035->52036 52037 8e5160 52036->52037 52037->52028 52038 8e5178 Wow64RevertWow64FsRedirection 52037->52038 52038->52028 52048 8e0370 52039->52048 52042 974ba2 4 API calls 52044 8e0290 __set_se_translator 52042->52044 52043 8e0317 52043->52027 52043->52028 52044->52043 52054 974b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 52044->52054 52047 8e5082 GetTempFileNameW 52046->52047 52047->52035 52049 8e03a7 52048->52049 52053 8e0269 52048->52053 52050 974ba2 4 API calls 52049->52050 52051 8e03b1 52050->52051 52051->52053 52055 974b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 52051->52055 52053->52042 52053->52043 52054->52043 52055->52053 52056 7faea0 52057 7faeb3 std::ios_base::_Ios_base_dtor 52056->52057 52062 9762bd 52057->52062 52060 7faec9 SetUnhandledExceptionFilter 52061 7faedb 52060->52061 52063 9762f5 __set_se_translator 55 API calls 52062->52063 52064 9762c6 52063->52064 52065 9762f5 __set_se_translator 55 API calls 52064->52065 52066 7faebd 52065->52066 52066->52060 52066->52061

                                                                                                  Executed Functions

                                                                                                  Function 009181C0 Relevance: 30.3, APIs: 14, Strings: 3, Instructions: 526registryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 195 9181c0-918252 GetUserNameW 196 918254-91825d GetLastError 195->196 197 91829e-9182dc GetEnvironmentVariableW 195->197 196->197 198 91825f-918267 196->198 199 918322-91832c 197->199 200 9182de-9182e3 197->200 203 918269-91827d 198->203 204 91827f-918287 call 7cde00 198->204 201 918337-91833d 199->201 202 91832e-918335 199->202 205 9182e5-9182f9 200->205 206 9182fb-918305 call 7cde00 200->206 208 918340-918369 201->208 202->208 209 91828c-91829c GetUserNameW 203->209 204->209 211 91830a-91831c GetEnvironmentVariableW 205->211 206->211 212 918378-9183ad call 7c7050 * 2 208->212 213 91836b-918373 call 7c7160 208->213 209->197 211->199 219 9183e1-9183fe 212->219 220 9183af-9183c1 212->220 213->212 221 918400-918412 219->221 222 91842e-91845e call 97469a 219->222 223 9183c3-9183d1 220->223 224 9183d7-9183de call 9746a8 220->224 226 918424-91842b call 9746a8 221->226 227 918414-918422 221->227 223->224 229 91845f-9184de call 979b1f call 918910 call 8d88d0 call 7c78a0 223->229 224->219 226->222 227->226 227->229 242 9184e0-918501 call 8c6c10 229->242 243 918509-91850f 229->243 247 918506 242->247 245 918511 243->245 246 918513-918548 RegDeleteValueW call 7c78a0 * 2 243->246 245->246 252 918554-9185db call 7c7160 call 8d88d0 246->252 253 91854a-91854d RegCloseKey 246->253 247->243 258 9185dd-9185ef 252->258 259 91860f-918626 252->259 253->252 260 9185f1-9185ff 258->260 261 918605-91860c call 9746a8 258->261 262 918628-918649 call 8c6c10 259->262 263 91864e-9186b3 call 918ad0 call 8d88d0 RegQueryInfoKeyW 259->263 260->261 264 918904 call 979b1f 260->264 261->259 262->263 275 9186b5-9186df call 7c78a0 * 2 263->275 276 9186fa-918724 call 7c78a0 * 2 263->276 271 918909-91890f call 979b1f 264->271 286 9186e1-9186e4 RegCloseKey 275->286 287 9186ee-9186f8 275->287 288 918733-918741 276->288 289 918726-918729 RegCloseKey 276->289 286->287 290 91874f-918782 call 7c78a0 * 3 287->290 291 918743 288->291 292 918745-918749 RegDeleteKeyW 288->292 289->288 299 918784-918787 RegCloseKey 290->299 300 91878e-9187f6 call 7c7160 call 8d88d0 290->300 291->292 292->290 299->300 305 9187f8-91880a 300->305 306 91882a-918846 300->306 309 918820-918827 call 9746a8 305->309 310 91880c-91881a 305->310 307 918880-918884 306->307 308 918848-91887a call 8c6c10 306->308 313 918886 307->313 314 918888-9188a6 RegDeleteValueW call 7c78a0 307->314 308->307 309->306 310->271 310->309 313->314 318 9188ab-9188c9 call 7c78a0 314->318 321 9188d8-918903 call 97469a 318->321 322 9188cb-9188ce RegCloseKey 318->322 322->321
                                                                                                  APIs
                                                                                                  • GetUserNameW.ADVAPI32(00000000,?), ref: 0091824E
                                                                                                  • GetLastError.KERNEL32 ref: 00918254
                                                                                                  • GetUserNameW.ADVAPI32(00000000,?), ref: 0091829C
                                                                                                  • GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000), ref: 009182D2
                                                                                                  • GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000,00000000,00000000), ref: 0091831C
                                                                                                  • RegDeleteValueW.KERNEL32(?,?,00000000,80000001,00000001,00000000,FF5677B6,00000000,?), ref: 00918515
                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,FF5677B6,00000000,?), ref: 0091854B
                                                                                                  • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 009186A0
                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,FF5677B6,00000000), ref: 009186E2
                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,FF5677B6,00000000), ref: 00918727
                                                                                                  • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 00918749
                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,FF5677B6,00000000), ref: 00918785
                                                                                                  • RegDeleteValueW.KERNEL32(?,?,00000000,80000001,00000001,00000000,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000031,?,00000000,80000001,00000001,00000000,FF5677B6,00000000), ref: 0091888A
                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,00000000,80000001,00000001,00000000,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000031,?,00000000,80000001,00000001,00000000,FF5677B6,00000000), ref: 009188CC
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Close$Delete$EnvironmentNameUserValueVariable$ErrorInfoLastQuery
                                                                                                  • String ID: Software$Software\Microsoft\Windows\CurrentVersion\RunOnce$UserDomain
                                                                                                  • API String ID: 1615433478-4079418357
                                                                                                  • Opcode ID: cc1a0b5cdad5e426fb62e98a4c8c7df3cec1d1cfa3af7dd64b037ff801b6fbd6
                                                                                                  • Instruction ID: 729522017d4c4344d49d531ce5b7196b16921a4c751103fa6861e2dca0f924f4
                                                                                                  • Opcode Fuzzy Hash: cc1a0b5cdad5e426fb62e98a4c8c7df3cec1d1cfa3af7dd64b037ff801b6fbd6
                                                                                                  • Instruction Fuzzy Hash: 22224670A00249DBDF14DFA4C899BEEBBB4BF04314F24415CE405A7291DB746A89DFA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008F4CA0 Relevance: 27.5, APIs: 11, Strings: 4, Instructions: 1259COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • GetTickCount.KERNEL32 ref: 008F4D24
                                                                                                  • __Xtime_get_ticks.LIBCPMT ref: 008F4D2C
                                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008F4D76
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008F4F64
                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?), ref: 008F517A
                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,?,?), ref: 008F5187
                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?), ref: 008F51A7
                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?), ref: 008F51D2
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footerProcess$Token$CloseCountCurrentHandleHeapInformationOpenTickUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                                                  • String ID: /uninstall$VersionString$\/:*?"<>|$\\?\
                                                                                                  • API String ID: 3363527671-654522458
                                                                                                  • Opcode ID: 623b071a855dd12e688c9ba5d721f408e3e008e8eb88529b04c1b091dedf2f4e
                                                                                                  • Instruction ID: b6ffe3a2ed93d2b2610a601b32d004407d8704d80813167d5e2943c5a387cf8c
                                                                                                  • Opcode Fuzzy Hash: 623b071a855dd12e688c9ba5d721f408e3e008e8eb88529b04c1b091dedf2f4e
                                                                                                  • Instruction Fuzzy Hash: 3CB2BD71A00A09DFDB14DFB8C848BAEBBB4FF44324F148259E615EB291DB74AD45CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DCF90 Relevance: 16.6, APIs: 11, Instructions: 117memoryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1461 8dcf90-8dcfed GetCurrentProcess OpenProcessToken 1463 8dcffc-8dd01d GetTokenInformation 1461->1463 1464 8dcfef-8dcff7 GetLastError 1461->1464 1466 8dd01f-8dd028 GetLastError 1463->1466 1467 8dd04b-8dd04f 1463->1467 1465 8dd0ba-8dd0cd 1464->1465 1470 8dd0dd-8dd0f9 call 97469a 1465->1470 1471 8dd0cf-8dd0d6 FindCloseChangeNotification 1465->1471 1468 8dd09e GetLastError 1466->1468 1472 8dd02a-8dd049 call 8dda90 GetTokenInformation 1466->1472 1467->1468 1469 8dd051-8dd080 AllocateAndInitializeSid 1467->1469 1474 8dd0a4 1468->1474 1469->1474 1475 8dd082-8dd09c EqualSid FreeSid 1469->1475 1471->1470 1472->1467 1472->1468 1478 8dd0a6-8dd0b3 call 974f55 1474->1478 1475->1478 1478->1465
                                                                                                  APIs
                                                                                                  • GetCurrentProcess.KERNEL32 ref: 008DCFD8
                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 008DCFE5
                                                                                                  • GetLastError.KERNEL32 ref: 008DCFEF
                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,000000FF), ref: 008DD019
                                                                                                  • GetLastError.KERNEL32 ref: 008DD01F
                                                                                                  • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),000000FF,000000FF,000000FF,000000FF), ref: 008DD045
                                                                                                  • AllocateAndInitializeSid.ADVAPI32(00000000,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 008DD078
                                                                                                  • EqualSid.ADVAPI32(00000000,?), ref: 008DD087
                                                                                                  • FreeSid.ADVAPI32(?), ref: 008DD096
                                                                                                  • FindCloseChangeNotification.KERNEL32(00000000), ref: 008DD0D0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Token$ErrorInformationLastProcess$AllocateChangeCloseCurrentEqualFindFreeInitializeNotificationOpen
                                                                                                  • String ID:
                                                                                                  • API String ID: 2037597787-0
                                                                                                  • Opcode ID: 9d23970bd80cfb3fc8cce5e3349f66bf4e905ca9d9988cc136765332271b00d5
                                                                                                  • Instruction ID: 7357ab2f404386d66356dd0fb05b4b291f67e56d0fbf2c2db32ea72e646a6ded
                                                                                                  • Opcode Fuzzy Hash: 9d23970bd80cfb3fc8cce5e3349f66bf4e905ca9d9988cc136765332271b00d5
                                                                                                  • Instruction Fuzzy Hash: 36414571904219ABDF10DFA4CC48BEEBBB8FF08314F14411AE911B62A0DB799A05DBA5
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00900640 Relevance: 15.8, APIs: 10, Instructions: 792COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footer$HeapProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 275895251-0
                                                                                                  • Opcode ID: 2d17bd656f23a72cadbf33199c30dfef2ad42736550fc82f45626c7995724770
                                                                                                  • Instruction ID: e5516515e75817f68517de1afc60fd77b32754ca952f1451230618957d48c18f
                                                                                                  • Opcode Fuzzy Hash: 2d17bd656f23a72cadbf33199c30dfef2ad42736550fc82f45626c7995724770
                                                                                                  • Instruction Fuzzy Hash: C972AF30A01649DFDB14CFA8C888BAEBBF5BF85314F148299E455AB2D1DB74AD44CF90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DE740 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryW.KERNEL32(ComCtl32.dll,FF5677B6,?,00000000,00000000), ref: 008DE77E
                                                                                                  • GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 008DE7A1
                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 008DE81F
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                  • String ID: ComCtl32.dll$LoadIconMetric
                                                                                                  • API String ID: 145871493-764666640
                                                                                                  • Opcode ID: 4d6a2abbaac0c4ed5fcc20e2dac3f27359573471e8d84a4c6662980a32ca2a57
                                                                                                  • Instruction ID: 8f6cbaa8bdd2171e7b26928064d45dbfb0d20ab683a761d6f8422db96e83b8bd
                                                                                                  • Opcode Fuzzy Hash: 4d6a2abbaac0c4ed5fcc20e2dac3f27359573471e8d84a4c6662980a32ca2a57
                                                                                                  • Instruction Fuzzy Hash: 37316FB1A04259ABDF10DFA9CC44BAEBFF8FB48750F00422AF915E7280DB758940CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00897A10 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00897A51
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                    • Part of subcall function 007C92A0: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,007C9418,-00000010,?,00000000), ref: 007C92C3
                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000000,009D0D6D,000000FF), ref: 00897B24
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footer$DirectoryFindHeapLibraryLoadProcessResourceSystem
                                                                                                  • String ID: UxTheme.dll
                                                                                                  • API String ID: 2586271605-352951104
                                                                                                  • Opcode ID: fa2b3c7c2a95c3b60d390c6b9d05596e94a62d07f9bfd1eff1e115ec99496f7d
                                                                                                  • Instruction ID: f795fba342dba3035a16bd3c03f358ac968ddf3a101d671f9accce7d70cbce9b
                                                                                                  • Opcode Fuzzy Hash: fa2b3c7c2a95c3b60d390c6b9d05596e94a62d07f9bfd1eff1e115ec99496f7d
                                                                                                  • Instruction Fuzzy Hash: D2A1ACB0505645EFEB14DF68C818B9ABBF0FF04318F24865DD4199B681D7BAA618CFD0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00974245 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000008,00000000,009035FE,?,?,?,?,?,?), ref: 0097424A
                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?), ref: 00974251
                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 00974297
                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?), ref: 0097429E
                                                                                                    • Part of subcall function 009740E3: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,0097428D,?,?,?,?,?,?,?), ref: 00974107
                                                                                                    • Part of subcall function 009740E3: HeapAlloc.KERNEL32(00000000,?,0097428D,?,?,?,?,?,?,?), ref: 0097410E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Heap$Process$Alloc$Free
                                                                                                  • String ID:
                                                                                                  • API String ID: 1864747095-0
                                                                                                  • Opcode ID: c596af4276cd5d573c08db6fefbe0162d5aadc2a01b220a29f9410bb3e5bab76
                                                                                                  • Instruction ID: fd72b72cbc5e23188f0e093c2a4b3a351dd2cf19d4e52c51882a32cc5c99a62c
                                                                                                  • Opcode Fuzzy Hash: c596af4276cd5d573c08db6fefbe0162d5aadc2a01b220a29f9410bb3e5bab76
                                                                                                  • Instruction Fuzzy Hash: 05F0B433A1C61297C7202BB87C0DB7E396CAFC1B91715C428F569C6242DF30C801EB61
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DB1B0 Relevance: 4.6, APIs: 3, Instructions: 93fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FindFirstFileW.KERNEL32(?,00000000,00000000,?,00000000), ref: 008DB24D
                                                                                                  • FindClose.KERNEL32(00000000), ref: 008DB2AC
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1673784098-0
                                                                                                  • Opcode ID: 2fd2daffba54a35f31dec201623a8a5908c9511f5c36fa65d8e814bc5955a807
                                                                                                  • Instruction ID: 5f7e1cdfc3d6b2911ea172d694c2bbe6430c4adeb5ee4a5fe56bd05d26ff5179
                                                                                                  • Opcode Fuzzy Hash: 2fd2daffba54a35f31dec201623a8a5908c9511f5c36fa65d8e814bc5955a807
                                                                                                  • Instruction Fuzzy Hash: 5F31CF72904218DBDB24EF59C849BAEB7B4FF45324F21826EE819E7380D7319D44CB84
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 009198C0 Relevance: 3.1, APIs: 2, Instructions: 86filepipeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateNamedPipeW.KERNEL32(?,00000003,00000006,000000FF,00007F90,00007F90,00001388,00000000,?,FF5677B6,FF5677B6,?,?,?,?,00000000), ref: 00919949
                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000,?,FF5677B6,FF5677B6,?,?,?,?,00000000,009E83A5), ref: 0091996A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Create$FileNamedPipe
                                                                                                  • String ID:
                                                                                                  • API String ID: 1328467360-0
                                                                                                  • Opcode ID: 4e3908e9810cd19523790a96ec8aa110bc37c9515b5cce2438c0f3358b74525c
                                                                                                  • Instruction ID: 6ae3b8d25a46d79fc38f5e8a6deec975dcc4447aaebed137d350e1ba0ad4a2f8
                                                                                                  • Opcode Fuzzy Hash: 4e3908e9810cd19523790a96ec8aa110bc37c9515b5cce2438c0f3358b74525c
                                                                                                  • Instruction Fuzzy Hash: A131FB31A48749BFE731CF54CC05B9ABFA8EB01720F10866EF9659B6D0D775A940CB44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007FAEA0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • __set_se_translator.LIBVCRUNTIME ref: 007FAEB8
                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(008DA060), ref: 007FAECE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterUnhandled__set_se_translator
                                                                                                  • String ID:
                                                                                                  • API String ID: 2480343447-0
                                                                                                  • Opcode ID: 130237d06da31987433b030783be4c39f4e3c769eac3b4149600113e50ca64bb
                                                                                                  • Instruction ID: 0a83c48b01d690a81ebf5c382fad1ac81896e32b33d4f2c8ba5ba69db9905516
                                                                                                  • Opcode Fuzzy Hash: 130237d06da31987433b030783be4c39f4e3c769eac3b4149600113e50ca64bb
                                                                                                  • Instruction Fuzzy Hash: 95E02633A042106EC7109790DC0AF1B3F94FBD7714F088055F20D93352C3748802D362
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0091F0D0 Relevance: .2, Instructions: 154COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footer$HeapProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 275895251-0
                                                                                                  • Opcode ID: 43be0c17945cc26462be1bebbe7d7725904f9d21ad5b1e9e46f41b8ab867c21f
                                                                                                  • Instruction ID: 3ae43b1dc95c8d083c015c64e3bd67269138bb626da9fc100eb548f4ac29f58e
                                                                                                  • Opcode Fuzzy Hash: 43be0c17945cc26462be1bebbe7d7725904f9d21ad5b1e9e46f41b8ab867c21f
                                                                                                  • Instruction Fuzzy Hash: 0E6147B0500748CFE720CF68C51878ABFE0FF04318F148A5DD59A9B792D7B9A649DB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008EFE70 Relevance: 39.1, APIs: 12, Strings: 10, Instructions: 599libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?,SystemFolder,0000000C,?,?,?), ref: 008F0075
                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 008F0170
                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000104,WindowsFolder,0000000D,?,?,?), ref: 008F0270
                                                                                                  • GetWindowsDirectoryW.KERNEL32(?,00000104,WindowsVolume,0000000D,?,?,?), ref: 008F0355
                                                                                                  • GetTempPathW.KERNEL32(00000104,?,WindowsVolume,0000000D,?,?,?), ref: 008F03CB
                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104,WindowsVolume,0000000D,?,?,?), ref: 008F0454
                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,?,WindowsVolume,0000000D,?,?,?), ref: 008F0532
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008F05A6
                                                                                                  • LoadLibraryW.KERNEL32(shfolder.dll,?,?,?), ref: 008F05BC
                                                                                                  • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 008F05EE
                                                                                                  • SHGetPathFromIDListW.SHELL32(?,?), ref: 008F065C
                                                                                                  • SHGetMalloc.SHELL32(00000000), ref: 008F0675
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DirectoryPath$FolderWindows$AddressAllocateFileFromHeapInit_thread_footerLibraryListLoadLocationMallocModuleNameProcSpecialSystemTemp
                                                                                                  • String ID: ProgramFiles64Folder$ProgramW6432$SETUPEXEDIR$SHGetFolderPathW$System32Folder$SystemFolder$TempFolder$WindowsFolder$WindowsVolume$shfolder.dll
                                                                                                  • API String ID: 3671250-2142986682
                                                                                                  • Opcode ID: 1c8e5622b2010625713802c47ca7fd6c34e286d1be4a5bc9d118f588ce9dc1d2
                                                                                                  • Instruction ID: e925993d368a7b24e8e4b0f78a58393bc0553d0078b751209885905ce65fb1f1
                                                                                                  • Opcode Fuzzy Hash: 1c8e5622b2010625713802c47ca7fd6c34e286d1be4a5bc9d118f588ce9dc1d2
                                                                                                  • Instruction Fuzzy Hash: 6722CE70600209DFDB24DF64CC49BBAB3B5FF55314F5442A8E606DB2A2EB359A81CF90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008C2DF0 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 327libraryloaderfileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 325 8c2df0-8c2e2e call 7c9cc0 328 8c2eae-8c2f2f call 7c9980 call 8c3310 call 8db170 call 7c94e0 325->328 329 8c2e30-8c2e5c 325->329 346 8c2f80-8c2fd2 call 8c4d40 GetModuleHandleW 328->346 347 8c2f31-8c2f5a call 8c3420 call 7e11a0 328->347 334 8c2e5e-8c2e79 call 8c4bd0 329->334 335 8c2e7b-8c2e96 call 8c4bd0 329->335 342 8c2e99-8c2eab 334->342 335->342 352 8c300c-8c3013 346->352 353 8c2fd4-8c2fe8 call 974ba2 346->353 362 8c2f5c-8c2f5f 347->362 363 8c2f64-8c2f7a MoveFileW call 8db170 347->363 356 8c301c-8c302a 352->356 357 8c3015 352->357 353->352 368 8c2fea-8c3009 GetProcAddress call 974b58 353->368 359 8c302c-8c3040 call 974ba2 356->359 360 8c3064-8c306b 356->360 357->356 359->360 376 8c3042-8c3061 GetProcAddress call 974b58 359->376 366 8c306d 360->366 367 8c3074-8c3082 360->367 362->363 363->346 377 8c3301-8c3306 call 97ff04 363->377 366->367 371 8c30bc-8c30c3 367->371 372 8c3084-8c3098 call 974ba2 367->372 368->352 374 8c30cc-8c3277 371->374 375 8c30c5 371->375 372->371 387 8c309a-8c30b9 GetProcAddress call 974b58 372->387 381 8c3281-8c3293 call 897a10 374->381 375->374 376->360 384 8c330b 377->384 391 8c3295-8c32b5 call 8c4850 381->391 387->371 394 8c32bf-8c32d4 391->394 395 8c32b7-8c32ba 391->395 396 8c32de-8c3300 call 97469a 394->396 397 8c32d6-8c32d9 394->397 395->394 397->396
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 008C2F6A
                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,?), ref: 008C2FAC
                                                                                                  • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 008C2FF4
                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDllDirectory), ref: 008C304C
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008C305C
                                                                                                  • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 008C30A4
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008C3004
                                                                                                    • Part of subcall function 00974B58: EnterCriticalSection.KERNEL32(00A87FD8,FF5677B6,?,007C9DD7,00A88C04,009F7520), ref: 00974B62
                                                                                                    • Part of subcall function 00974B58: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9DD7,00A88C04,009F7520), ref: 00974B95
                                                                                                    • Part of subcall function 00974B58: RtlWakeAllConditionVariable.NTDLL ref: 00974C0C
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008C30B4
                                                                                                    • Part of subcall function 00897A10: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00897A51
                                                                                                  Strings
                                                                                                  • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try rd "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls, xrefs: 008C2E67, 008C2E6F
                                                                                                  • kernel32, xrefs: 008C2FA7
                                                                                                  • SetDefaultDllDirectories, xrefs: 008C309E
                                                                                                  • kernel32.dll, xrefs: 008C31AF
                                                                                                  • SetDllDirectory, xrefs: 008C3046
                                                                                                  • SetSearchPathMode, xrefs: 008C2FEE
                                                                                                  • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try del "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls, xrefs: 008C2E62
                                                                                                  • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1del "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r ", xrefs: 008C2E87
                                                                                                  • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1rd "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r ", xrefs: 008C2E80, 008C2E8F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footer$AddressProc$CriticalSection$ConditionDirectoryEnterFileHandleHeapLeaveModuleMoveProcessSystemVariableWake
                                                                                                  • String ID: @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try del "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try rd "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1rd "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r "$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1del "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r "$SetDefaultDllDirectories$SetDllDirectory$SetSearchPathMode$kernel32$kernel32.dll
                                                                                                  • API String ID: 3437638698-3455668873
                                                                                                  • Opcode ID: 4482e415d8c82b90e84e779edda8e33ebf046fd57264fa4d744ea63d1df3dfcc
                                                                                                  • Instruction ID: c6ac8000e68243a673abb821b8058f523486fd2d38fd690c5272df9b01bb53b2
                                                                                                  • Opcode Fuzzy Hash: 4482e415d8c82b90e84e779edda8e33ebf046fd57264fa4d744ea63d1df3dfcc
                                                                                                  • Instruction Fuzzy Hash: C5E15EB0900289DFDF20DF58C859BDEBBB4FF05314F14815CE819AB291D7709A89CB51
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008F6470 Relevance: 25.3, APIs: 3, Strings: 11, Instructions: 773COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 780 8f6470-8f64b0 call 919820 call 7c9cc0 785 8f6847-8f688d call 7c9980 780->785 786 8f64b6-8f64d2 780->786 792 8f688f-8f6898 call 7c9cc0 785->792 793 8f68f3-8f6905 785->793 790 8f64df-8f64e6 call 7c9800 786->790 791 8f64d4-8f64dd call 7c92a0 786->791 799 8f64eb-8f651e call 974f55 790->799 791->799 800 8f689a-8f68e9 call 7e0880 call 8da3c0 call 90cf60 792->800 801 8f6906-8f6971 call 7c9980 call 90be40 792->801 807 8f655e-8f6567 call 7c9cc0 799->807 808 8f6520-8f6523 799->808 800->793 839 8f68eb-8f68ee 800->839 820 8f6b7f-8f6b85 801->820 821 8f6977-8f6983 call 7c9cc0 801->821 807->785 819 8f656d-8f6587 call 7fd5a0 807->819 808->807 809 8f6525-8f6538 WideCharToMultiByte 808->809 809->807 813 8f653a-8f6558 call 974f5a WideCharToMultiByte 809->813 813->807 848 8f6589-8f658d call 8c5310 819->848 849 8f6592-8f659f call 7c9cc0 819->849 823 8f6b88-8f6b90 820->823 836 8f6989-8f699d 821->836 837 8f6e97-8f6e9c call 7c9980 821->837 827 8f6dab-8f6db2 823->827 828 8f6b96-8f6b9b 823->828 834 8f6e6a-8f6e6d call 9025a0 827->834 835 8f6db8-8f6dc1 call 7c9cc0 827->835 828->827 832 8f6ba1-8f6bca call 8fb6b0 call 7c9cc0 828->832 832->837 873 8f6bd0-8f6bea call 7fd5a0 832->873 847 8f6e72-8f6e96 call 97469a 834->847 851 8f6dc7-8f6dff call 7e0880 call 9030d0 835->851 852 8f6eb5-8f6ebf call 7c9980 835->852 853 8f699f-8f69a5 836->853 854 8f69d1 836->854 850 8f6ea1-8f6ea6 call 7c9980 837->850 839->793 848->849 849->785 868 8f65a5-8f65b9 849->868 867 8f6eab-8f6eb0 call 7c9980 850->867 896 8f6e1f-8f6e41 call 90cf60 851->896 897 8f6e01-8f6e03 851->897 862 8f69a7-8f69b3 call 7c92a0 853->862 863 8f69b5-8f69ba 853->863 866 8f69d3-8f69d8 call 7c9800 854->866 879 8f69dd-8f6a13 call 8de510 call 902f70 call 902990 862->879 872 8f69c0-8f69c9 863->872 866->879 867->852 884 8f65bb-8f65c1 868->884 885 8f65d1-8f65d5 call 8c4b40 868->885 872->872 878 8f69cb-8f69cf 872->878 899 8f6bec-8f6bf0 call 8c5310 873->899 900 8f6bf5-8f6c01 873->900 878->866 916 8f6a15-8f6a20 call 902940 879->916 917 8f6a63-8f6a81 call 902b40 879->917 884->885 889 8f65c3-8f65cf call 7c92a0 884->889 898 8f65da-8f6619 call 8d0490 call 9198c0 885->898 889->898 914 8f6e4b-8f6e60 896->914 915 8f6e43-8f6e46 896->915 905 8f6e06-8f6e0f 897->905 933 8f661b-8f661e 898->933 934 8f6623-8f6637 898->934 899->900 902 8f6c0c-8f6c25 900->902 903 8f6c03-8f6c09 call 97e536 900->903 924 8f6c27 902->924 925 8f6c80-8f6c87 902->925 903->902 905->905 911 8f6e11-8f6e1a call 7e0880 905->911 911->896 914->834 922 8f6e62-8f6e65 914->922 915->914 916->917 939 8f6a22-8f6a29 916->939 935 8f6a87-8f6a90 call 7c9cc0 917->935 936 8f6b52-8f6b66 917->936 922->834 932 8f6c30-8f6c42 call 8f11d0 924->932 930 8f6ced 925->930 931 8f6c89-8f6c92 call 7c9cc0 925->931 940 8f6cf0-8f6d04 930->940 931->850 958 8f6c98-8f6ce1 call 7e0880 call 8da3c0 call 90cf60 931->958 961 8f6c58-8f6c5a 932->961 962 8f6c44-8f6c56 call 8f11d0 932->962 933->934 937 8f6639-8f663c 934->937 938 8f6641-8f6652 934->938 935->837 963 8f6a96-8f6abd call 7e0880 call 7c9cc0 935->963 951 8f6b68-8f6b6b 936->951 952 8f6b70-8f6b74 936->952 937->938 944 8f665c-8f668b call 974f55 938->944 945 8f6654-8f6657 938->945 946 8f6a30-8f6a36 939->946 947 8f6d0e-8f6d10 940->947 948 8f6d06-8f6d09 940->948 973 8f668d-8f6690 944->973 974 8f6695-8f6699 944->974 945->944 956 8f6a38-8f6a3b 946->956 957 8f6a56-8f6a58 946->957 959 8f6da8 947->959 960 8f6d16-8f6d36 call 902b40 947->960 948->947 951->952 952->847 953 8f6b7a-8f6b7d 952->953 953->823 965 8f6a3d-8f6a45 956->965 966 8f6a52-8f6a54 956->966 969 8f6a5b-8f6a5d 957->969 958->940 1017 8f6ce3-8f6ceb 958->1017 959->827 960->847 985 8f6d3c-8f6d45 call 7c9cc0 960->985 970 8f6c5c-8f6c5e 961->970 971 8f6c64-8f6c7a 961->971 962->961 963->837 1011 8f6ac3-8f6aeb call 7c8d40 963->1011 965->957 975 8f6a47-8f6a50 965->975 966->969 969->917 969->936 970->971 972 8f6c60-8f6c62 970->972 971->932 986 8f6c7c 971->986 972->971 979 8f6c7e 972->979 973->974 982 8f669b-8f66af call 901c20 call 7c9cc0 974->982 983 8f66f3-8f675d SetEvent call 919ea0 974->983 975->946 975->966 979->925 982->785 1008 8f66b5 982->1008 1001 8f67e8-8f6801 call 919dc0 983->1001 1002 8f6763-8f6774 call 901c20 call 7c9cc0 983->1002 985->867 999 8f6d4b-8f6d95 call 7e0880 call 8da3c0 call 90cf60 985->999 986->925 999->847 1045 8f6d9b-8f6da3 999->1045 1013 8f6806-8f6818 1001->1013 1002->785 1024 8f677a-8f67c0 call 8fd520 call 919b50 1002->1024 1021 8f66ba-8f66ee call 9038e0 call 8fd520 SetEvent 1008->1021 1035 8f6aed-8f6aef 1011->1035 1036 8f6b0b-8f6b1c 1011->1036 1015 8f681a-8f681d 1013->1015 1016 8f6822-8f6844 call 9199c0 1013->1016 1015->1016 1017->940 1021->1013 1054 8f67ca-8f67de 1024->1054 1055 8f67c2-8f67c5 1024->1055 1038 8f6af2-8f6afb 1035->1038 1040 8f6b1e-8f6b21 1036->1040 1041 8f6b26-8f6b48 call 90cf60 1036->1041 1038->1038 1046 8f6afd-8f6b06 call 7e0880 1038->1046 1040->1041 1041->936 1053 8f6b4a-8f6b4d 1041->1053 1045->847 1046->1036 1053->936 1054->1001 1056 8f67e0-8f67e3 1054->1056 1055->1054 1056->1001
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 008F652E
                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 008F6558
                                                                                                    • Part of subcall function 007C92A0: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,007C9418,-00000010,?,00000000), ref: 007C92C3
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharInit_thread_footerMultiWide$FindHeapProcessResource
                                                                                                  • String ID: %hu$A valid language was received from commnad line. This is:$AI_BOOTSTRAPPERLANGS$Advinst_Extract_$Code returned to Windows by setup:$Language of a related product is:$Language selected programatically for UI:$Language used for UI:$Languages of setup:$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$Software\Caphyon\Advanced Installer\
                                                                                                  • API String ID: 1419962739-297406034
                                                                                                  • Opcode ID: 3ff56c4fb86baf2a43030ffa9ce10c1617bcab1290c8a7e91ec66d8f2a17321e
                                                                                                  • Instruction ID: a32cbbb21ed9834561647574cf99fea3581ccd84ebc809ac2dfd4de29b4da2a6
                                                                                                  • Opcode Fuzzy Hash: 3ff56c4fb86baf2a43030ffa9ce10c1617bcab1290c8a7e91ec66d8f2a17321e
                                                                                                  • Instruction Fuzzy Hash: CD52A071A00249DBDB14DBB8C859BBEB7B4FF45324F14826CEA15EB291EB349D04CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008F6130 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 648threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetActiveWindow.USER32 ref: 008F6300
                                                                                                  • SetLastError.KERNEL32(0000000E), ref: 008F631D
                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008F6335
                                                                                                  • EnterCriticalSection.KERNEL32(00A8957C), ref: 008F6352
                                                                                                  • LeaveCriticalSection.KERNEL32(00A8957C), ref: 008F6375
                                                                                                  • DialogBoxParamW.USER32(000007D0,00000000,00836090,00000000), ref: 008F6392
                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 008F652E
                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 008F6558
                                                                                                  • SetEvent.KERNEL32(?), ref: 008F6749
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • SetEvent.KERNEL32(?,?,00000000,?,00000001), ref: 008F66E8
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharCriticalEventInit_thread_footerMultiSectionWide$ActiveCurrentDialogEnterErrorHeapLastLeaveParamProcessThreadWindow
                                                                                                  • String ID: v$Advinst_Extract_$Code returned to Windows by setup:
                                                                                                  • API String ID: 3831383508-2472245143
                                                                                                  • Opcode ID: 364c23748c60f9c9f1b914d93856162589cb75b05bcbc85f11c87b0ae06ac706
                                                                                                  • Instruction ID: dc5918cfa68e7ad292274b0615f1df0682e6b6d4dd8df2d1f6d27061564b1a87
                                                                                                  • Opcode Fuzzy Hash: 364c23748c60f9c9f1b914d93856162589cb75b05bcbc85f11c87b0ae06ac706
                                                                                                  • Instruction Fuzzy Hash: A1429C71900249DFDB00DFB8C848BAEBBB4FF55314F14826DE515EB292EB749A44CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00903590 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 179threadCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1414 903590-9035c1 1415 903786-903797 1414->1415 1416 9035c7-9035e1 GetActiveWindow 1414->1416 1417 9035e3-9035e5 call 8fc1b0 1416->1417 1418 9035ef-9035f7 1416->1418 1422 9035ea KiUserCallbackDispatcher 1417->1422 1420 903612-903621 call 974347 1418->1420 1421 9035f9-903603 call 974245 1418->1421 1427 903627-90368c GetCurrentThreadId EnterCriticalSection CreateDialogParamW 1420->1427 1428 9037af-9037b6 call 7d8590 1420->1428 1421->1420 1429 903605-90360d SetLastError 1421->1429 1422->1418 1431 903692-9036a9 GetCurrentThreadId 1427->1431 1433 9037bb-9037c5 call 7c9980 1428->1433 1429->1431 1436 9036ab-9036b2 1431->1436 1437 90370e 1431->1437 1440 9036b4-9036c0 call 7e11a0 call 8e5480 1436->1440 1441 9036c5-903702 call 8de990 call 7c8d40 1436->1441 1438 903711-903739 SetWindowTextW GetDlgItem SetWindowTextW 1437->1438 1438->1415 1442 90373b-903744 call 7c9cc0 1438->1442 1440->1441 1441->1438 1453 903704-90370c 1441->1453 1442->1433 1451 903746-903768 call 7c92a0 1442->1451 1458 90379a-9037ad GetDlgItem SetWindowTextW 1451->1458 1459 90376a-90377c 1451->1459 1453->1438 1458->1459 1459->1415 1460 90377e-903781 1459->1460 1460->1415
                                                                                                  APIs
                                                                                                  • GetActiveWindow.USER32 ref: 009035CA
                                                                                                  • SetLastError.KERNEL32(0000000E,?,?,?,?,?,?), ref: 00903607
                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00903692
                                                                                                  • SetWindowTextW.USER32(?,?), ref: 0090371C
                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00903726
                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00903732
                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 0090379F
                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 009037A7
                                                                                                    • Part of subcall function 008FC1B0: GetDlgItem.USER32(?,00000002), ref: 008FC1D0
                                                                                                    • Part of subcall function 008FC1B0: GetWindowRect.USER32(00000000,?), ref: 008FC1E6
                                                                                                    • Part of subcall function 008FC1B0: ShowWindow.USER32(00000000,00000000,?,?,?,?,?,?,?,009035EA,?,?,?,?,?,?), ref: 008FC1FF
                                                                                                    • Part of subcall function 008FC1B0: InvalidateRect.USER32(00000000,00000000,00000001,?,?,?,?,?,?,?,009035EA,?,?), ref: 008FC20A
                                                                                                    • Part of subcall function 008FC1B0: GetDlgItem.USER32(?,000003E9), ref: 008FC21C
                                                                                                    • Part of subcall function 008FC1B0: GetWindowRect.USER32(00000000,?), ref: 008FC232
                                                                                                    • Part of subcall function 008FC1B0: SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000206,?,?,?,?,?,?,?,009035EA), ref: 008FC275
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Item$RectText$ActiveCurrentErrorInvalidateLastShowThread
                                                                                                  • String ID: v
                                                                                                  • API String ID: 127311041-3261393531
                                                                                                  • Opcode ID: 915cc6e49b851df5381d14404193cc09177591c84ad5260012def8b7cc2c12d9
                                                                                                  • Instruction ID: 85a2e1a5e75b09a56a4827a7087b18efbdc3d88d146eefe017de2c30e5753203
                                                                                                  • Opcode Fuzzy Hash: 915cc6e49b851df5381d14404193cc09177591c84ad5260012def8b7cc2c12d9
                                                                                                  • Instruction Fuzzy Hash: A261CDB1901604EFDB11DF68CD49B5ABBB8FF04320F14C659E9299B2E1DB74AA04CF91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00973FD7 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1707 973fd7-973fe2 1708 973fe4-973ff0 DecodePointer 1707->1708 1709 973ff1-974008 LoadLibraryExA 1707->1709 1710 974082 1709->1710 1711 97400a-97401f call 974087 1709->1711 1712 974084-974086 1710->1712 1711->1710 1715 974021-974036 call 974087 1711->1715 1715->1710 1718 974038-97404d call 974087 1715->1718 1718->1710 1721 97404f-974064 call 974087 1718->1721 1721->1710 1724 974066-974080 DecodePointer 1721->1724 1724->1712
                                                                                                  APIs
                                                                                                  • DecodePointer.KERNEL32(?,?,?,00974376,00A87F88,?,00000000,?,0090361C,?,00000000,00000000,?,?), ref: 00973FE9
                                                                                                  • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,00974376,00A87F88,?,00000000,?,0090361C,?,00000000,00000000), ref: 00973FFE
                                                                                                  • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0097407A
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DecodePointer$LibraryLoad
                                                                                                  • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                                                                  • API String ID: 1423960858-1745123996
                                                                                                  • Opcode ID: 675bee87834ca9a8414ff9c539a9f58b2375c4f6eee7251393967ed87cebf7bc
                                                                                                  • Instruction ID: 99c01f4eb63051bc720cdf2a5204c7bb0d3c74a45354bf30bc1752e27e8ef628
                                                                                                  • Opcode Fuzzy Hash: 675bee87834ca9a8414ff9c539a9f58b2375c4f6eee7251393967ed87cebf7bc
                                                                                                  • Instruction Fuzzy Hash: 1B01C07268A2047ACB11A7249E07FEA3B5C5F41748F148094FF0D67293DBB28E48D38B
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008C3420 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 253COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1725 8c3420-8c347c call 8c3310 call 7c9cc0 1730 8c356d-8c35e4 call 7c9980 FreeLibrary EnterCriticalSection 1725->1730 1731 8c3482 1725->1731 1735 8c362e-8c364f 1730->1735 1736 8c35e6-8c35ea 1730->1736 1733 8c3485-8c34b5 call 7c8d40 call 8db170 1731->1733 1761 8c34ea-8c34fa 1733->1761 1762 8c34b7-8c34ce 1733->1762 1744 8c368f-8c3697 1735->1744 1745 8c3651-8c3655 1735->1745 1738 8c35fc-8c35fe 1736->1738 1739 8c35ec-8c35f6 DestroyWindow 1736->1739 1738->1735 1742 8c3600-8c3604 1738->1742 1739->1738 1747 8c3615-8c362b call 9746a8 1742->1747 1748 8c3606-8c360f call 97e536 1742->1748 1754 8c3699-8c369c 1744->1754 1755 8c36c3-8c36d1 1744->1755 1749 8c3666-8c366b 1745->1749 1750 8c3657-8c3660 call 97e536 1745->1750 1747->1735 1748->1747 1757 8c367d-8c368c call 9746a8 1749->1757 1758 8c366d-8c3676 call 97e536 1749->1758 1750->1749 1754->1755 1765 8c369e 1754->1765 1759 8c36ed-8c3701 call 8c59b0 1755->1759 1760 8c36d3-8c36d7 1755->1760 1757->1744 1758->1757 1791 8c3709-8c371a 1759->1791 1792 8c3703 1759->1792 1770 8c36d9-8c36e0 1760->1770 1771 8c36e6-8c36eb 1760->1771 1766 8c34fc-8c3500 1761->1766 1767 8c3540-8c354f 1761->1767 1773 8c34d8-8c34e2 call 7c9cc0 1762->1773 1774 8c34d0-8c34d3 1762->1774 1776 8c36a0-8c36a5 1765->1776 1777 8c3532-8c3538 call 7c9800 1766->1777 1778 8c3502-8c3506 1766->1778 1783 8c3559-8c356c 1767->1783 1784 8c3551-8c3554 1767->1784 1770->1771 1771->1759 1771->1760 1773->1730 1796 8c34e8 1773->1796 1774->1773 1785 8c36ad-8c36c1 1776->1785 1786 8c36a7-8c36a9 1776->1786 1795 8c353d 1777->1795 1778->1777 1787 8c3508-8c351e call 7c94e0 1778->1787 1784->1783 1785->1755 1785->1776 1786->1785 1798 8c352b-8c3530 1787->1798 1799 8c3520-8c3528 1787->1799 1792->1791 1795->1767 1796->1733 1798->1795 1799->1798
                                                                                                  APIs
                                                                                                    • Part of subcall function 008C3420: GetModuleFileNameW.KERNEL32(00000000,?,00000104,FF5677B6,00000000,?,009D83F6,000000FF), ref: 008C3368
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • FreeLibrary.KERNEL32(00000001,FF5677B6,?,00000001,?,?,?), ref: 008C35B7
                                                                                                  • EnterCriticalSection.KERNEL32(00A89338), ref: 008C35D2
                                                                                                  • DestroyWindow.USER32(00000000), ref: 008C35F0
                                                                                                  • LeaveCriticalSection.KERNEL32(00A89338), ref: 008C3639
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalInit_thread_footerSection$DestroyEnterFileFreeHeapLeaveLibraryModuleNameProcessWindow
                                                                                                  • String ID: v$%s%lu$.local
                                                                                                  • API String ID: 3496055493-1141559199
                                                                                                  • Opcode ID: 186509a7bb842c64627d85d04dd6ba6af73317e91d0736e95688044e78e09937
                                                                                                  • Instruction ID: 7e3876d03e2d53edb62ef3e21eef62c98d5d868f8f7977aa7c04864ab9cf1892
                                                                                                  • Opcode Fuzzy Hash: 186509a7bb842c64627d85d04dd6ba6af73317e91d0736e95688044e78e09937
                                                                                                  • Instruction Fuzzy Hash: D7918771A016059BDB20DFA8D848F6ABBF4FF44314F14866DE816EB391DB74EA01CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E4F80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 173fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1801 8e4f80-8e4fc0 call 8e0240 1804 8e4fc6-8e4fe2 SHGetFolderPathW 1801->1804 1805 8e5193-8e519b call 8e5220 1801->1805 1806 8e4fee-8e4ffd 1804->1806 1807 8e4fe4-8e4fec 1804->1807 1813 8e519f 1805->1813 1809 8e4fff 1806->1809 1810 8e5012-8e5023 call 8c0860 1806->1810 1807->1806 1807->1807 1812 8e5000-8e5008 1809->1812 1819 8e5047-8e50a4 call 976bd0 GetTempPathW call 976bd0 GetTempFileNameW 1810->1819 1820 8e5025 1810->1820 1812->1812 1815 8e500a-8e500c 1812->1815 1816 8e51a1-8e51bc call 97469a 1813->1816 1815->1805 1815->1810 1828 8e50af-8e50be 1819->1828 1829 8e50a6-8e50ac call 974f55 1819->1829 1823 8e5030-8e503c 1820->1823 1823->1805 1825 8e5042-8e5045 1823->1825 1825->1819 1825->1823 1831 8e50ca-8e50f4 call 974f5a 1828->1831 1832 8e50c0-8e50c8 1828->1832 1829->1828 1836 8e50f6-8e50ff 1831->1836 1837 8e5112-8e515e Wow64DisableWow64FsRedirection CopyFileW 1831->1837 1832->1831 1832->1832 1840 8e5101-8e5110 1836->1840 1838 8e5168-8e5176 1837->1838 1839 8e5160-8e5163 call 8e5220 1837->1839 1838->1813 1842 8e5178-8e5188 Wow64RevertWow64FsRedirection 1838->1842 1839->1838 1840->1837 1840->1840 1842->1816 1843 8e518a-8e5191 1842->1843 1843->1816
                                                                                                  APIs
                                                                                                    • Part of subcall function 008E0240: __Init_thread_footer.LIBCMT ref: 008E0312
                                                                                                  • SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,FF5677B6,00000000,00000000,?), ref: 008E4FD5
                                                                                                  • GetTempPathW.KERNEL32(00000104,?), ref: 008E5069
                                                                                                  • GetTempFileNameW.KERNEL32(?,shim_clone,00000000,?), ref: 008E509A
                                                                                                  • Wow64DisableWow64FsRedirection.KERNEL32(?), ref: 008E512D
                                                                                                  • CopyFileW.KERNEL32(?,?,00000000), ref: 008E514F
                                                                                                  • Wow64RevertWow64FsRedirection.KERNEL32(?), ref: 008E517E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Wow64$FilePathRedirectionTemp$CopyDisableFolderInit_thread_footerNameRevert
                                                                                                  • String ID: shim_clone
                                                                                                  • API String ID: 4264308349-3944563459
                                                                                                  • Opcode ID: 42254877032d8e4f210f9125702d3d97a0a23d779af3fd4add2ca3b39e935340
                                                                                                  • Instruction ID: 82d112351c715a31c3e6975a3a51853aeddf7b98b7e8ddaf1f53809735701b0a
                                                                                                  • Opcode Fuzzy Hash: 42254877032d8e4f210f9125702d3d97a0a23d779af3fd4add2ca3b39e935340
                                                                                                  • Instruction Fuzzy Hash: 9B514574A406589EDF24DF65CC05BAAB3F9FF85700F0080A9F809D7281EB709E81CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008F4E40 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 290COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 008F4CA0: GetTickCount.KERNEL32 ref: 008F4D24
                                                                                                    • Part of subcall function 008F4CA0: __Xtime_get_ticks.LIBCPMT ref: 008F4D2C
                                                                                                    • Part of subcall function 008F4CA0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008F4D76
                                                                                                    • Part of subcall function 009181C0: GetUserNameW.ADVAPI32(00000000,?), ref: 0091824E
                                                                                                    • Part of subcall function 009181C0: GetLastError.KERNEL32 ref: 00918254
                                                                                                    • Part of subcall function 009181C0: GetUserNameW.ADVAPI32(00000000,?), ref: 0091829C
                                                                                                    • Part of subcall function 009181C0: GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000), ref: 009182D2
                                                                                                    • Part of subcall function 009181C0: GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000,00000000,00000000), ref: 0091831C
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008F4F64
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: EnvironmentNameUserVariable$CountErrorInit_thread_footerLastTickUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                                                  • String ID: \/:*?"<>|
                                                                                                  • API String ID: 2099558200-3830478854
                                                                                                  • Opcode ID: 7b3de83968996bf8445e2a07827c3c5d229fc6a646735e9c6c2ea93a8dd9cd72
                                                                                                  • Instruction ID: 1de9a0ba975df8e17da6386af9b9a08e0c1fed17801da16292607ad9d7823218
                                                                                                  • Opcode Fuzzy Hash: 7b3de83968996bf8445e2a07827c3c5d229fc6a646735e9c6c2ea93a8dd9cd72
                                                                                                  • Instruction Fuzzy Hash: E9C1AD71D00648CFDB14DFA8C849BEEBBB0FF44314F18416DE605AB292EB75AA45CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008D88D0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 212registrylibraryloaderCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2190 8d88d0-8d8992 call 7c6610 call 8d8ff0 2195 8d8994-8d89be call 7c78a0 2190->2195 2196 8d89c1-8d89d2 call 7c78a0 2190->2196 2195->2196 2201 8d89d8-8d89de 2196->2201 2202 8d8a91-8d8aaf 2196->2202 2205 8d89e0 2201->2205 2206 8d89e2-8d89e8 2201->2206 2203 8d8ab1 2202->2203 2204 8d8ab3-8d8ac2 2202->2204 2203->2204 2207 8d8ac4-8d8ac7 2204->2207 2208 8d8b07-8d8b13 RegOpenKeyExW 2204->2208 2205->2206 2209 8d89ea-8d8a04 call 7c6bd0 2206->2209 2210 8d8a06-8d8a18 call 7c6610 2206->2210 2212 8d8ac9-8d8ad6 GetModuleHandleW 2207->2212 2213 8d8b01-8d8b05 2207->2213 2214 8d8b19-8d8b1e 2208->2214 2222 8d8a1d-8d8a3f call 7c8d60 2209->2222 2210->2222 2217 8d8ad8-8d8ae8 GetProcAddress 2212->2217 2218 8d8b4a 2212->2218 2213->2208 2213->2218 2219 8d8b4d-8d8b73 call 97469a 2214->2219 2220 8d8b20-8d8b24 2214->2220 2217->2218 2224 8d8aea-8d8aff 2217->2224 2218->2219 2225 8d8b26-8d8b2d RegCloseKey 2220->2225 2226 8d8b33-8d8b48 2220->2226 2231 8d8a41 2222->2231 2232 8d8a43-8d8a65 call 7c7050 call 7c78a0 2222->2232 2224->2214 2225->2226 2226->2219 2231->2232 2237 8d8a78-8d8a81 2232->2237 2238 8d8a67-8d8a75 call 7c78a0 2232->2238 2237->2202 2240 8d8a83-8d8a8c call 7c78a0 2237->2240 2238->2237 2240->2202
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNEL32(Advapi32.dll,?,FF5677B6), ref: 008D8ACE
                                                                                                  • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 008D8ADE
                                                                                                  • RegOpenKeyExW.KERNEL32(?,?,00000000,000000FF,00000000,?,FF5677B6), ref: 008D8B13
                                                                                                  • RegCloseKey.ADVAPI32(00000000), ref: 008D8B27
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressCloseHandleModuleOpenProc
                                                                                                  • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                  • API String ID: 823179699-3913318428
                                                                                                  • Opcode ID: af095eff1105946eff85c41ffd60744d4c12b8a9ec93dbcfbde25f2ad6355f50
                                                                                                  • Instruction ID: a6e03c2819ba5b0d9e3fb118c242c570489bd74838dfccbf81a8473ab7117667
                                                                                                  • Opcode Fuzzy Hash: af095eff1105946eff85c41ffd60744d4c12b8a9ec93dbcfbde25f2ad6355f50
                                                                                                  • Instruction Fuzzy Hash: A79126B0904308DBDB14CFA8C959B9EBBF4FF48314F14865EE415AB381DB74A904CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0091D430 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2243 91d430-91d47b call 8dda90 2246 91d487-91d495 2243->2246 2247 91d47d-91d482 2243->2247 2249 91d4a0-91d4c1 2246->2249 2248 91d631-91d65b call 974f55 2247->2248 2251 91d4c3-91d4c9 2249->2251 2252 91d4cb-91d4e2 SetFilePointer 2249->2252 2251->2252 2254 91d4f2-91d507 ReadFile 2252->2254 2255 91d4e4-91d4ec GetLastError 2252->2255 2256 91d62c 2254->2256 2257 91d50d-91d514 2254->2257 2255->2254 2255->2256 2256->2248 2257->2256 2258 91d51a-91d52b 2257->2258 2258->2249 2259 91d531-91d53d 2258->2259 2260 91d540-91d544 2259->2260 2261 91d551-91d555 2260->2261 2262 91d546-91d54f 2260->2262 2263 91d557-91d55d 2261->2263 2264 91d578-91d57a 2261->2264 2262->2260 2262->2261 2263->2264 2266 91d55f-91d562 2263->2266 2265 91d57d-91d57f 2264->2265 2269 91d581-91d584 2265->2269 2270 91d594-91d596 2265->2270 2267 91d574-91d576 2266->2267 2268 91d564-91d56a 2266->2268 2267->2265 2268->2264 2271 91d56c-91d572 2268->2271 2269->2259 2272 91d586-91d58f 2269->2272 2273 91d5a6-91d5cc SetFilePointer 2270->2273 2274 91d598-91d5a1 2270->2274 2271->2264 2271->2267 2272->2249 2273->2256 2275 91d5ce-91d5e3 ReadFile 2273->2275 2274->2249 2275->2256 2276 91d5e5-91d5e9 2275->2276 2276->2256 2277 91d5eb-91d5f5 2276->2277 2278 91d5f7-91d5fd 2277->2278 2279 91d60f-91d614 2277->2279 2278->2279 2280 91d5ff-91d607 2278->2280 2279->2248 2280->2279 2281 91d609-91d60d 2280->2281 2281->2279 2282 91d616-91d62a 2281->2282 2282->2248
                                                                                                  APIs
                                                                                                  • SetFilePointer.KERNEL32(009E902D,-00000400,?,00000002,00000400,FF5677B6,?,?,?), ref: 0091D4D6
                                                                                                  • GetLastError.KERNEL32(?,?), ref: 0091D4E4
                                                                                                  • ReadFile.KERNEL32(009E902D,00000000,00000400,?,00000000,?,?), ref: 0091D4FF
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$ErrorLastPointerRead
                                                                                                  • String ID: ADVINSTSFX
                                                                                                  • API String ID: 64821003-4038163286
                                                                                                  • Opcode ID: 98f00b5d2aec050af26715971655fa31e6100202b6b19279ba9c61d0e337d968
                                                                                                  • Instruction ID: 07fff6a8ba121f48678d277c817bfe02d506845e7a8d65de8b731614beb2177d
                                                                                                  • Opcode Fuzzy Hash: 98f00b5d2aec050af26715971655fa31e6100202b6b19279ba9c61d0e337d968
                                                                                                  • Instruction Fuzzy Hash: 2961B1B1B0121D9BDB00CFA8C884BFEBBBAFF45314F644665E415AB294D734AD81CB60
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D83D1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2283 7d83d1-7d8459 2285 7d84cf-7d84d4 2283->2285 2286 7d845b-7d8464 2283->2286 2289 7d84ff-7d850d 2285->2289 2290 7d84d6-7d84d8 2285->2290 2287 7d847c-7d84ae GetWindowLongW CallWindowProcW 2286->2287 2288 7d8466-7d847a CallWindowProcW 2286->2288 2291 7d84cb 2287->2291 2292 7d84b0-7d84bb GetWindowLongW 2287->2292 2288->2285 2290->2289 2293 7d84da-7d84fc 2290->2293 2291->2285 2292->2291 2294 7d84bd-7d84c5 SetWindowLongW 2292->2294 2294->2291
                                                                                                  APIs
                                                                                                  • CallWindowProcW.USER32(?,?,?,?,00000024), ref: 007D8470
                                                                                                  • GetWindowLongW.USER32(?,000000FC), ref: 007D8485
                                                                                                  • CallWindowProcW.USER32(?,?,00000082,?,00000024), ref: 007D849B
                                                                                                  • GetWindowLongW.USER32(?,000000FC), ref: 007D84B5
                                                                                                  • SetWindowLongW.USER32(?,000000FC,?), ref: 007D84C5
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Long$CallProc
                                                                                                  • String ID: $
                                                                                                  • API String ID: 513923721-3993045852
                                                                                                  • Opcode ID: d104bc1e31b76b11706634a933420a44466f3d5001ab2dc223890794311ecad6
                                                                                                  • Instruction ID: 5f0ea42d827d70454d757fe5fc992615f70c14d4b033b4e7ca6d4f1d920c1fcd
                                                                                                  • Opcode Fuzzy Hash: d104bc1e31b76b11706634a933420a44466f3d5001ab2dc223890794311ecad6
                                                                                                  • Instruction Fuzzy Hash: 1C41F371108740AFC760DF59C884A1BFBF9FF88720F504A2EF59A836A0D775E8458B52
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008C6C10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96registrylibraryloaderCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2296 8c6c10-8c6c47 2297 8c6c49-8c6c4c 2296->2297 2298 8c6cb2-8c6cc9 RegCreateKeyExW 2296->2298 2300 8c6c4e-8c6c5b GetModuleHandleW 2297->2300 2301 8c6ca5-8c6ca9 2297->2301 2299 8c6ccf-8c6cd1 2298->2299 2303 8c6cf4-8c6d05 2299->2303 2304 8c6cd3-8c6cd9 2299->2304 2305 8c6c5d-8c6c73 2300->2305 2306 8c6c76-8c6c84 GetProcAddress 2300->2306 2301->2298 2302 8c6cab-8c6cb0 2301->2302 2302->2299 2307 8c6cdb-8c6ce2 RegCloseKey 2304->2307 2308 8c6ce4-8c6cf1 2304->2308 2306->2302 2309 8c6c86-8c6ca3 2306->2309 2307->2308 2308->2303 2309->2299
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNEL32(Advapi32.dll,FF5677B6,00000000,?,76A8EB20,?,?,0099CB30,000000FF), ref: 008C6C53
                                                                                                  • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 008C6C7C
                                                                                                  • RegCreateKeyExW.KERNEL32(?,0091887A,00000000,00000000,00000000,0099CB30,00000000,00000000,0099CB30,FF5677B6,00000000,?,76A8EB20,?,?,0099CB30), ref: 008C6CC9
                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,76A8EB20,?,?,0099CB30,000000FF), ref: 008C6CDC
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressCloseCreateHandleModuleProc
                                                                                                  • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                  • API String ID: 1765684683-2994018265
                                                                                                  • Opcode ID: 4689c8705bfcbbd9fb1892d3c0539a836c76e20984aba54aa63d4787be6775a2
                                                                                                  • Instruction ID: 5dea8e36c957f470c6ca361d05cfc0538c5b57c3570b9b87fc3d596ee58f1386
                                                                                                  • Opcode Fuzzy Hash: 4689c8705bfcbbd9fb1892d3c0539a836c76e20984aba54aa63d4787be6775a2
                                                                                                  • Instruction Fuzzy Hash: 8B31AE72604209BFEB20CF45DC05FAABBB8FB48750F14813AF915DA280E775E910CB94
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008FC1B0 Relevance: 10.6, APIs: 7, Instructions: 73COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 008FC1D0
                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 008FC1E6
                                                                                                  • ShowWindow.USER32(00000000,00000000,?,?,?,?,?,?,?,009035EA,?,?,?,?,?,?), ref: 008FC1FF
                                                                                                  • InvalidateRect.USER32(00000000,00000000,00000001,?,?,?,?,?,?,?,009035EA,?,?), ref: 008FC20A
                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 008FC21C
                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 008FC232
                                                                                                  • SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000206,?,?,?,?,?,?,?,009035EA), ref: 008FC275
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Rect$Item$InvalidateShow
                                                                                                  • String ID:
                                                                                                  • API String ID: 2147159307-0
                                                                                                  • Opcode ID: cbfb49def45a79e08d4bd3e73e406be04965a6f0b8083035ee64868729424a60
                                                                                                  • Instruction ID: 310420f2b64b3916d5d89a048b8130a91e48029b004d6f3f999aded1d0c7328f
                                                                                                  • Opcode Fuzzy Hash: cbfb49def45a79e08d4bd3e73e406be04965a6f0b8083035ee64868729424a60
                                                                                                  • Instruction Fuzzy Hash: 5E213971608300AFD304DF74DD89A6B7BE9EF8D710F108659F899D6291E730E9828B92
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00900160 Relevance: 9.4, APIs: 6, Instructions: 354fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2316 900160-900195 2317 900437-900448 2316->2317 2318 90019b-9001c0 SetFilePointer 2316->2318 2319 9001c6-9001fa GetLastError call 8de5b0 call 8db2f0 2318->2319 2320 90024a-90026a 2318->2320 2338 9001fc 2319->2338 2339 9001ff-900229 call 8eaf30 2319->2339 2321 900270-90028c ReadFile 2320->2321 2322 90041c 2320->2322 2325 900292-900296 2321->2325 2326 9004f3-900527 GetLastError call 8de5b0 call 8db2f0 2321->2326 2324 90041e-900435 call 974f55 2322->2324 2324->2317 2325->2326 2330 90029c-9002a9 call 7c9cc0 2325->2330 2346 900529 2326->2346 2347 90052c-900555 call 8eaf30 2326->2347 2342 900569-900573 call 7c9980 2330->2342 2343 9002af-9002c8 2330->2343 2338->2339 2348 900233-900249 2339->2348 2349 90022b-90022e 2339->2349 2354 9002da-9002ec call 8ef720 2343->2354 2355 9002ca-9002d3 call 974f55 2343->2355 2346->2347 2356 900557-90055a 2347->2356 2357 90055f-900564 2347->2357 2349->2348 2362 9002f2-900309 ReadFile 2354->2362 2363 9004bc 2354->2363 2355->2354 2356->2357 2357->2324 2365 900449-90047d GetLastError call 8de5b0 call 8db2f0 2362->2365 2366 90030f-900313 2362->2366 2364 9004c1-9004e0 2363->2364 2364->2324 2367 9004e6-9004ee 2364->2367 2380 900482-9004ab call 8eaf30 2365->2380 2381 90047f 2365->2381 2366->2365 2369 900319-900324 2366->2369 2367->2324 2371 900326-90032b 2369->2371 2372 90033f-90035d call 7c9800 2369->2372 2375 900330-900339 2371->2375 2382 9003a2-9003b6 2372->2382 2383 90035f-900366 2372->2383 2375->2375 2378 90033b-90033d 2375->2378 2378->2372 2399 9004b5-9004ba 2380->2399 2400 9004ad-9004b0 2380->2400 2381->2380 2384 9003b8-9003d5 call 7c94e0 2382->2384 2385 9003d9-9003dd 2382->2385 2387 900378-90037a 2383->2387 2388 900368-900372 2383->2388 2384->2385 2392 9003e0-9003ff 2385->2392 2389 900381-900383 2387->2389 2390 90037c-90037f 2387->2390 2388->2342 2388->2387 2389->2392 2395 900385-90038b 2389->2395 2394 90038d-90039b call 97e551 2390->2394 2397 900401-900404 2392->2397 2398 900409-900416 2392->2398 2394->2392 2403 90039d-9003a0 2394->2403 2395->2392 2395->2394 2397->2398 2398->2321 2398->2322 2399->2364 2400->2399 2403->2382
                                                                                                  APIs
                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000000,FF5677B6,?,?,00000002,?,?,?,?,?,?,00000000,009E32F2), ref: 009001B7
                                                                                                  • GetLastError.KERNEL32(?,00000002), ref: 00900449
                                                                                                  • GetLastError.KERNEL32(?,00000002), ref: 009004F3
                                                                                                  • GetLastError.KERNEL32(?,00000002,?,?,?,?,?,?,00000000,009E32F2,000000FF,?,008FF05A,00000010), ref: 009001C6
                                                                                                    • Part of subcall function 008DE5B0: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,FF5677B6,?,00000000), ref: 008DE5FB
                                                                                                    • Part of subcall function 008DE5B0: GetLastError.KERNEL32(?,00000000), ref: 008DE605
                                                                                                  • ReadFile.KERNEL32(?,00000000,00000008,80070057,00000000,?,00000002), ref: 00900288
                                                                                                  • ReadFile.KERNEL32(?,FF5677B6,00000000,00000000,00000000,00000001,?,00000002), ref: 00900305
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$File$Read$FormatMessagePointer
                                                                                                  • String ID:
                                                                                                  • API String ID: 3903527278-0
                                                                                                  • Opcode ID: 8ae25d4a76c51c0ac730075aff6dc9329080451d500972d003fe97a741bcd154
                                                                                                  • Instruction ID: f01aaed2a11386e60bdea8083c4b34d503f7cf3b8912a952d67a2ecfbb7a4465
                                                                                                  • Opcode Fuzzy Hash: 8ae25d4a76c51c0ac730075aff6dc9329080451d500972d003fe97a741bcd154
                                                                                                  • Instruction Fuzzy Hash: 42D17171D00209DFDB00DFA8C885BADBBB9FF45314F148269E915AB3D2EB74A905CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DB720 Relevance: 9.2, APIs: 6, Instructions: 233COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2404 8db720-8db753 call 8db170 2407 8db769-8db7a2 PathIsUNCW call 8db3a0 2404->2407 2408 8db755-8db768 2404->2408 2411 8db7a8-8db7d8 call 7c94e0 2407->2411 2412 8db931-8db99a call 7d8590 CreateFileW 2407->2412 2419 8db7de 2411->2419 2420 8db882-8db89e 2411->2420 2417 8db99c-8db9a8 GetFileSize 2412->2417 2418 8db9b0 2412->2418 2417->2418 2423 8db9aa-8db9ae 2417->2423 2424 8db9b2-8db9c2 2418->2424 2425 8db7e0-8db803 call 7c94e0 call 7e0880 2419->2425 2421 8db8a8-8db8ca call 8c5770 2420->2421 2422 8db8a0-8db8a3 2420->2422 2422->2421 2423->2424 2428 8db9c4-8db9cb CloseHandle 2424->2428 2429 8db9d2-8db9e5 2424->2429 2425->2412 2434 8db809-8db80c 2425->2434 2428->2429 2434->2412 2435 8db812-8db832 call 7e0880 CreateDirectoryW 2434->2435 2438 8db838-8db846 GetLastError 2435->2438 2439 8db8cb-8db8d0 2435->2439 2440 8db8dd-8db8ef call 7e0880 2438->2440 2442 8db84c-8db850 2438->2442 2439->2440 2441 8db8d2-8db8d8 call 8d91b0 2439->2441 2440->2412 2450 8db8f1-8db915 call 7e0880 2440->2450 2441->2440 2442->2440 2444 8db856-8db859 2442->2444 2446 8db85b-8db85e call 8dade0 2444->2446 2447 8db863-8db875 2444->2447 2446->2447 2451 8db87f 2447->2451 2452 8db877-8db87a 2447->2452 2455 8db91f-8db926 2450->2455 2456 8db917-8db91a 2450->2456 2451->2420 2452->2451 2455->2451 2457 8db92c 2455->2457 2456->2455 2457->2425
                                                                                                  APIs
                                                                                                  • PathIsUNCW.SHLWAPI(?,FF5677B6,00000000,?,?), ref: 008DB76B
                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00A14494,00000001,?,?,?,?,?,00000000,009DC395,000000FF,?,0091EC41), ref: 008DB82A
                                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000,009DC395,000000FF,?,0091EC41,00000000,?,00000000), ref: 008DB838
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateDirectoryErrorLastPath
                                                                                                  • String ID:
                                                                                                  • API String ID: 953296794-0
                                                                                                  • Opcode ID: aad078b58b3b71760f22896195575989ae263396125a70776d040b843e5f483d
                                                                                                  • Instruction ID: 72819102b0d5078baf0ee7718e2aa4ed432cfab6d893b6a8b9b27e286fcc2d80
                                                                                                  • Opcode Fuzzy Hash: aad078b58b3b71760f22896195575989ae263396125a70776d040b843e5f483d
                                                                                                  • Instruction Fuzzy Hash: 3181B231904649DFDB14DFA8C889B9DBBB4FF19324F25426AE920E73D0DB749904CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 009037D0 Relevance: 9.1, APIs: 6, Instructions: 69threadsynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_0015EF30,00A20B08,00000000,?), ref: 0090384D
                                                                                                  • GetLastError.KERNEL32 ref: 0090385A
                                                                                                  • WaitForSingleObject.KERNEL32(00000000,FFFFFFFF), ref: 00903883
                                                                                                  • GetExitCodeThread.KERNEL32(00000000,?), ref: 0090389D
                                                                                                  • TerminateThread.KERNEL32(00000000,00000000), ref: 009038B5
                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 009038BE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Thread$CloseCodeCreateErrorExitHandleLastObjectSingleTerminateWait
                                                                                                  • String ID:
                                                                                                  • API String ID: 1566822279-0
                                                                                                  • Opcode ID: 1d8e072b16ac67f339258f113bf7f768c21fa2a3e79c896fcb7e7bf6464a0705
                                                                                                  • Instruction ID: 4b57dd37424fa0a58308491aa70b82a785ce052b46c447912b5340a3815924eb
                                                                                                  • Opcode Fuzzy Hash: 1d8e072b16ac67f339258f113bf7f768c21fa2a3e79c896fcb7e7bf6464a0705
                                                                                                  • Instruction Fuzzy Hash: 0431D771914219EFDF11CFA4DD48BEDBBB8FB08714F108269E810B62D0DB799A04CBA4
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E5480 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 196COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetFileVersionInfoSizeW.KERNELBASE(80004005,009E3C95,FF5677B6,?,?,?,?,?,00000000,009E3C95,000000FF,?,80004005,FF5677B6,?), ref: 008E54E5
                                                                                                  • GetFileVersionInfoW.KERNELBASE(80004005,?,00000000,000000FF,00000000,?,?,?,?,00000000,009E3C95,000000FF,?,80004005,FF5677B6,?), ref: 008E5533
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileInfoVersion$Size
                                                                                                  • String ID: ProductName$\StringFileInfo\%04x%04x\%s$\VarFileInfo\Translation
                                                                                                  • API String ID: 2104008232-2149928195
                                                                                                  • Opcode ID: c4d748da2d0fd8a842e40896168e1bdda85038ae80875d8fd225985057126f09
                                                                                                  • Instruction ID: 3554b00258a63fea6ba88587554c872d1cacb24254cbc50649e001f95b8b3bc9
                                                                                                  • Opcode Fuzzy Hash: c4d748da2d0fd8a842e40896168e1bdda85038ae80875d8fd225985057126f09
                                                                                                  • Instruction Fuzzy Hash: 6861BC71901549DFDB10DFA9C849AAEB7F9FF56318F14826DE811E72A1EB349D00CBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E5370 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 008E4F80: SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,FF5677B6,00000000,00000000,?), ref: 008E4FD5
                                                                                                    • Part of subcall function 008E4F80: GetTempPathW.KERNEL32(00000104,?), ref: 008E5069
                                                                                                    • Part of subcall function 008E4F80: GetTempFileNameW.KERNEL32(?,shim_clone,00000000,?), ref: 008E509A
                                                                                                  • GetFileVersionInfoSizeW.KERNELBASE(?,000000FF,Shlwapi.dll,FF5677B6,00000000,?,?,00000000,009DD9C5,000000FF,Shlwapi.dll,008E5326,?,?,?), ref: 008E53BD
                                                                                                  • GetFileVersionInfoW.KERNELBASE(?,?,?,00000000,00000000,?,?), ref: 008E53E9
                                                                                                  • GetLastError.KERNEL32(?,?), ref: 008E542E
                                                                                                  • DeleteFileW.KERNEL32(?), ref: 008E5441
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$InfoPathTempVersion$DeleteErrorFolderLastNameSize
                                                                                                  • String ID: Shlwapi.dll
                                                                                                  • API String ID: 2355151265-1687636465
                                                                                                  • Opcode ID: 3d11593361bb5dbfc029eeda7f3b0385eac1d1e11282dde394f51a017193113f
                                                                                                  • Instruction ID: 5540776260a131eb09661116b026165523f81f5dac1008596180f02d2ed7d3a1
                                                                                                  • Opcode Fuzzy Hash: 3d11593361bb5dbfc029eeda7f3b0385eac1d1e11282dde394f51a017193113f
                                                                                                  • Instruction Fuzzy Hash: 0E3182B1905259ABDB11CFA6CC44BEEFBB8FF09319F14411AE805E7290DB349941CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0091E990 Relevance: 7.8, APIs: 5, Instructions: 289threadsynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,FF5677B6,?,?,00000000,?,?,?,?,009E941D,000000FF,?,00900E0E), ref: 0091E9D0
                                                                                                  • CreateThread.KERNEL32(00000000,00000000,0091ECE0,?,00000000,?), ref: 0091EA06
                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0091EB0F
                                                                                                  • GetExitCodeThread.KERNEL32(00000000,?), ref: 0091EB1A
                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0091EB3A
                                                                                                    • Part of subcall function 007D8590: RaiseException.KERNEL32(?,?,00000000,00000000,0091ED87,C000008C,00000001), ref: 007D859C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateThread$CloseCodeEventExceptionExitHandleObjectRaiseSingleWait
                                                                                                  • String ID:
                                                                                                  • API String ID: 3595790897-0
                                                                                                  • Opcode ID: f76833794a3aa19c26bcf03aefd8111ffe3b52e0bd83c37565cab10a7785ea8c
                                                                                                  • Instruction ID: 28cced3a9c52706e082458488e7f1db81fc274c49e896ecf0d3f3efb77bf1686
                                                                                                  • Opcode Fuzzy Hash: f76833794a3aa19c26bcf03aefd8111ffe3b52e0bd83c37565cab10a7785ea8c
                                                                                                  • Instruction Fuzzy Hash: 37B17C75A00609DFCB14CF68C884BAABBF5FF49310F244669E916AB3A1D730ED40CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DBFF0 Relevance: 7.6, APIs: 5, Instructions: 64windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • MsgWaitForMultipleObjectsEx.USER32(00000001,00000000,000000FF,000005FF,00000004), ref: 008DC011
                                                                                                  • PeekMessageW.USER32(?,00000000), ref: 008DC057
                                                                                                  • TranslateMessage.USER32(00000000), ref: 008DC062
                                                                                                  • DispatchMessageW.USER32(00000000), ref: 008DC069
                                                                                                  • MsgWaitForMultipleObjectsEx.USER32(00000001,?,000000FF,000005FF,00000004), ref: 008DC07B
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message$MultipleObjectsWait$DispatchPeekTranslate
                                                                                                  • String ID:
                                                                                                  • API String ID: 4084795276-0
                                                                                                  • Opcode ID: caf350b9458391978147633e7925713ca47ad7b792e627aead9e2915a6c860ee
                                                                                                  • Instruction ID: 2edb7a831c6014e1cb70f976ae54f3b8eda3362cfe14507db3582385f897b1ba
                                                                                                  • Opcode Fuzzy Hash: caf350b9458391978147633e7925713ca47ad7b792e627aead9e2915a6c860ee
                                                                                                  • Instruction Fuzzy Hash: F1113671644306AAE210DB55AC81FABB7DCEF88770F600736FA10E21C0E631E9458761
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008FCC60 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 326COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • PathIsUNCW.SHLWAPI(?,FF5677B6,?,00000010,?), ref: 008FCF2A
                                                                                                    • Part of subcall function 008DCF90: GetCurrentProcess.KERNEL32 ref: 008DCFD8
                                                                                                    • Part of subcall function 008DCF90: OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 008DCFE5
                                                                                                    • Part of subcall function 008DCF90: GetLastError.KERNEL32 ref: 008DCFEF
                                                                                                    • Part of subcall function 008DCF90: FindCloseChangeNotification.KERNEL32(00000000), ref: 008DD0D0
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                    • Part of subcall function 007C92A0: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,007C9418,-00000010,?,00000000), ref: 007C92C3
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$FindInit_thread_footer$ChangeCloseCurrentErrorHeapLastNotificationOpenPathResourceToken
                                                                                                  • String ID: Extraction path set to:$[WindowsVolume]$\\?\
                                                                                                  • API String ID: 2914359614-3538578949
                                                                                                  • Opcode ID: 4a49cbadb25b014cd47f9593d6f3c5655cab973a9ee287e46ce5d708558cc202
                                                                                                  • Instruction ID: 742487db6b697fdf8a1f172ba7fb37faae7af836cbd1e940b9ba99b70ca280ec
                                                                                                  • Opcode Fuzzy Hash: 4a49cbadb25b014cd47f9593d6f3c5655cab973a9ee287e46ce5d708558cc202
                                                                                                  • Instruction Fuzzy Hash: 1AC1AF30901649DBDB10DF68C948BAEFBB5FF84314F14826DE611EB292DB749E41CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00919FE0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 257filepipeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ConnectNamedPipe.KERNEL32(?,00000000,FF5677B6,?,000000FF,?,?,00000000,009E863E,000000FF,?,0091A25A,000000FF,?,00000001), ref: 0091A01C
                                                                                                  • GetLastError.KERNEL32(?,?,00000000,009E863E,000000FF,?,0091A25A,000000FF,?,00000001), ref: 0091A026
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • ReadFile.KERNEL32(?,?,00007F90,?,00000000,FF5677B6,?,000000FF,?,?,00000000,009E863E,000000FF,?,0091A25A,000000FF), ref: 0091A073
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footer$ConnectErrorFileHeapLastNamedPipeProcessRead
                                                                                                  • String ID: \\.\pipe\ToServer
                                                                                                  • API String ID: 2973225359-63420281
                                                                                                  • Opcode ID: a140f6b5b36f66b53962b42767c850b006e7693c318fb6128eda9d7a563854ff
                                                                                                  • Instruction ID: 17d5f53d36de90050fcab512f64160ef6ff4c096900fc4f20e720954ae7cffa6
                                                                                                  • Opcode Fuzzy Hash: a140f6b5b36f66b53962b42767c850b006e7693c318fb6128eda9d7a563854ff
                                                                                                  • Instruction Fuzzy Hash: 2991C171A05208EFDB14CF68C808BAAB7A8FF45324F14866DE915DB381DB75AD40CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E30C0 Relevance: 6.3, APIs: 4, Instructions: 292COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadStringW.USER32(?,00000000,?,00000100), ref: 008E31BC
                                                                                                  • LoadStringW.USER32(?,00000000,?,00000001), ref: 008E3264
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LoadString
                                                                                                  • String ID:
                                                                                                  • API String ID: 2948472770-0
                                                                                                  • Opcode ID: 51da9e879b060e0e2552f247453089a9214f864754937b74c13695242e8798ba
                                                                                                  • Instruction ID: b873a843eb490b3098ba60c8f22f55f474f567ca9f19217770126fc11e0b250a
                                                                                                  • Opcode Fuzzy Hash: 51da9e879b060e0e2552f247453089a9214f864754937b74c13695242e8798ba
                                                                                                  • Instruction Fuzzy Hash: 67B16AB1D00248EFDB04CFA9D849BEEBBB5FF49314F10821AE515A7280DB786A44CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008F49A0 Relevance: 6.1, APIs: 4, Instructions: 145fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,FF5677B6,?,00000010,?,008F7D90,?), ref: 008F4A06
                                                                                                  • SetFilePointer.KERNEL32(00000000,?,00000010,00000000), ref: 008F4A4F
                                                                                                  • ReadFile.KERNEL32(00000000,FF5677B6,?,?,00000000,00000078,?), ref: 008F4A91
                                                                                                  • FindCloseChangeNotification.KERNEL32(00000000), ref: 008F4B0A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$ChangeCloseCreateFindNotificationPointerRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 2405668454-0
                                                                                                  • Opcode ID: 379a5d096a01e64d083395c8f7c0e972fed1960b0ca351d4fff3da4a6e30ec4f
                                                                                                  • Instruction ID: ee117b070d9bd2b1ef116f388825814757f2e4808751d8b894b8cd14aca61058
                                                                                                  • Opcode Fuzzy Hash: 379a5d096a01e64d083395c8f7c0e972fed1960b0ca351d4fff3da4a6e30ec4f
                                                                                                  • Instruction Fuzzy Hash: EC517B70A00609ABDB11CBA8CC48BEEFBB8FF45324F14825AE511EB2D2D7749D45CB64
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DB3A0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 344COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • PathIsUNCW.SHLWAPI(?,?), ref: 008DB536
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footer$HeapPathProcess
                                                                                                  • String ID: \\?\$\\?\UNC\
                                                                                                  • API String ID: 806983814-3019864461
                                                                                                  • Opcode ID: cb7cffe6aa2b789d6981200be0314988808a07aa61e40cb0578b24203fc74bff
                                                                                                  • Instruction ID: 18f6d1a44d0dc68d6fecd748e780b80040ee52b7afca1d2bf90718330ad4e3d8
                                                                                                  • Opcode Fuzzy Hash: cb7cffe6aa2b789d6981200be0314988808a07aa61e40cb0578b24203fc74bff
                                                                                                  • Instruction Fuzzy Hash: A1C19F71A00609DBDB00DBA9CC49B9EF7F8FF48314F14826AE511E7391EB789904CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D0570 Relevance: 4.8, APIs: 3, Instructions: 345fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetTempFileNameW.KERNEL32(?,?,00000000,?,FF5677B6), ref: 007D05E2
                                                                                                  • MoveFileW.KERNEL32(?,00000000), ref: 007D0835
                                                                                                  • DeleteFileW.KERNEL32(?), ref: 007D087F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$DeleteMoveNameTemp
                                                                                                  • String ID:
                                                                                                  • API String ID: 788073729-0
                                                                                                  • Opcode ID: fb0c4586b7fc47b776a0983c8e7aa345c786b097875b4446bf8cbd1b0168b6cf
                                                                                                  • Instruction ID: 30dcb6074034c02d7d845c5ee3e66cca09768f4e1ffa5a3b5366932a8d87377a
                                                                                                  • Opcode Fuzzy Hash: fb0c4586b7fc47b776a0983c8e7aa345c786b097875b4446bf8cbd1b0168b6cf
                                                                                                  • Instruction Fuzzy Hash: 9FF18770D15268DADB24DF28CC9CB9DBBB0BF54304F1482DAD409A7291EB786B84CF91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098EA0C Relevance: 4.7, APIs: 3, Instructions: 202COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • __freea.LIBCMT ref: 0098EBBB
                                                                                                    • Part of subcall function 0098CA67: RtlAllocateHeap.NTDLL(00000000,00000000,0098A813,?,0098E9B8,?,00000000,?,0097E5A5,00000000,0098A813,?,?,?,?,0098A60D), ref: 0098CA99
                                                                                                  • __freea.LIBCMT ref: 0098EBD0
                                                                                                  • __freea.LIBCMT ref: 0098EBE0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __freea$AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 2243444508-0
                                                                                                  • Opcode ID: be546fed34d08d85ab0fddc81782139ad32bea9aa6dcc53e65e7a31f26d3b2aa
                                                                                                  • Instruction ID: 04c06cd06938fa776be0e3e379ff72da8d87f81fc1e5ace9e80b8c77ccd215d6
                                                                                                  • Opcode Fuzzy Hash: be546fed34d08d85ab0fddc81782139ad32bea9aa6dcc53e65e7a31f26d3b2aa
                                                                                                  • Instruction Fuzzy Hash: AD51D0B260021AAFEF25AFA6CC91EBB36ADEF84754F154528FD0AD7351E634CD108760
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008FFC90 Relevance: 4.7, APIs: 3, Instructions: 191fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000000,FF5677B6,?,?), ref: 008FFCF7
                                                                                                  • ReadFile.KERNEL32(?,00000000,00000018,?,00000000), ref: 008FFE04
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$PointerRead
                                                                                                  • String ID:
                                                                                                  • API String ID: 3154509469-0
                                                                                                  • Opcode ID: cafbc62b1f495cb2437dcbeacb5656940701589c66e07a25db43d3e8670a7daf
                                                                                                  • Instruction ID: 7201a947b9c8ddb605e954480e5de217f449fb06566d74b96eca26960cab78b3
                                                                                                  • Opcode Fuzzy Hash: cafbc62b1f495cb2437dcbeacb5656940701589c66e07a25db43d3e8670a7daf
                                                                                                  • Instruction Fuzzy Hash: C2615D71D04649AFDB04DFA8C845B9DBBB4FB49320F10826AE524A7391EB75AA04CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008FD040 Relevance: 4.7, APIs: 3, Instructions: 183fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,FF5677B6,?,00000000,?,80004005,?,00000000), ref: 008FD0DE
                                                                                                  • GetLastError.KERNEL32 ref: 008FD116
                                                                                                  • GetLastError.KERNEL32(?), ref: 008FD1AF
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLast$CreateFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 1722934493-0
                                                                                                  • Opcode ID: 936ba12bae7450a9a235af8dcf5d9617001827a00efe36679c10a5f7cc8c13b7
                                                                                                  • Instruction ID: 795d3866ad7d235a9f0ffac15e73392581522923b1fa2a9509052cefb1f7e3f2
                                                                                                  • Opcode Fuzzy Hash: 936ba12bae7450a9a235af8dcf5d9617001827a00efe36679c10a5f7cc8c13b7
                                                                                                  • Instruction Fuzzy Hash: B951C171A00709DBDB20DF69C845BAAF7B6FF85320F148629EA15D7391EB31A905CB81
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0092C670 Relevance: 4.7, APIs: 3, Instructions: 181fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateFileW.KERNEL32(0092D5B6,40000000,00000001,00000000,00000002,00000080,00000000,FF5677B6,?,00000001), ref: 0092C6D2
                                                                                                  • WriteFile.KERNEL32(00000000,0000C800,0000C800,0000C800,00000000,?,0000C800), ref: 0092C768
                                                                                                  • CloseHandle.KERNEL32(00000000,?,0000C800), ref: 0092C7DC
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$CloseCreateHandleWrite
                                                                                                  • String ID:
                                                                                                  • API String ID: 1065093856-0
                                                                                                  • Opcode ID: 19b43b9ad6aa6cbf01a5b8100181fbd79a3fcf106538e426931a39ec147c10f3
                                                                                                  • Instruction ID: b37c020ec39c52d16e47be997970ad7b6b4a6662dd22b89c034710222e92f5c5
                                                                                                  • Opcode Fuzzy Hash: 19b43b9ad6aa6cbf01a5b8100181fbd79a3fcf106538e426931a39ec147c10f3
                                                                                                  • Instruction Fuzzy Hash: BD517AB1A10219AFDB04DFA8DD45BEEBBB9FF48310F144259F800A7290DB75A900CBA4
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008FC140 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 008FC149
                                                                                                  • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,009E12D0,000000FF), ref: 008FC158
                                                                                                  • IsWindow.USER32(?), ref: 008FC185
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$CurrentDestroyThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2303547079-0
                                                                                                  • Opcode ID: 4aec5c341f1a0a4d04f65ee45c63e9d041a1ca3eda8360b4ccfff97ea4a57a13
                                                                                                  • Instruction ID: 352c09b3d75f3a78eb7e2e681db6c048743f4dba38448f340e5ad87a3aaaea90
                                                                                                  • Opcode Fuzzy Hash: 4aec5c341f1a0a4d04f65ee45c63e9d041a1ca3eda8360b4ccfff97ea4a57a13
                                                                                                  • Instruction Fuzzy Hash: D3F08271009B449AD3719B39EF08B57BFE5BF59B10F240A5DE18296AD0D7B0F881CB14
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0097FD83 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetCurrentProcess.KERNEL32(?,?,0097FD7D,?,00979912,?,?,FF5677B6,00979912,?), ref: 0097FD94
                                                                                                  • TerminateProcess.KERNEL32(00000000,?,0097FD7D,?,00979912,?,?,FF5677B6,00979912,?), ref: 0097FD9B
                                                                                                  • ExitProcess.KERNEL32 ref: 0097FDAD
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                  • String ID:
                                                                                                  • API String ID: 1703294689-0
                                                                                                  • Opcode ID: 170ad05ad915048653bc83de785b149dbfaf0c21d4d0c170f658de9ad2e6243c
                                                                                                  • Instruction ID: f453a1eb8065fe9057023ea22cca99a5ee997f1b16867d224c6ed385125df706
                                                                                                  • Opcode Fuzzy Hash: 170ad05ad915048653bc83de785b149dbfaf0c21d4d0c170f658de9ad2e6243c
                                                                                                  • Instruction Fuzzy Hash: C4D09E32014104BFCF552FA1EC1DAED3F2AEF84355B148024B91D6A071CF719992EA41
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DBB70 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000025,00000000,FF5677B6), ref: 008DBD10
                                                                                                    • Part of subcall function 008DBDD0: GetEnvironmentVariableW.KERNEL32(00000000,00000000,00000000,?,?,?,80004005), ref: 008DBDDD
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footer$EnvironmentFolderHeapPathProcessSpecialVariable
                                                                                                  • String ID: USERPROFILE
                                                                                                  • API String ID: 1777821646-2419442777
                                                                                                  • Opcode ID: 456b06f48ffbcc40d5778376e6dacc99b3b0724eb31e934933258a78190e18d5
                                                                                                  • Instruction ID: 0c5cbeae156afe572c87716d94af88cae490173f880d2023c03d3c60ab52ff5b
                                                                                                  • Opcode Fuzzy Hash: 456b06f48ffbcc40d5778376e6dacc99b3b0724eb31e934933258a78190e18d5
                                                                                                  • Instruction Fuzzy Hash: 6C618A71A00609DFDB14DFA8C859BAEB7E5FF44320F11866EE916DB391DB34A904CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0091A1A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000,FF5677B6,?,00000010,?,?,009E868E,000000FF), ref: 0091A228
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                    • Part of subcall function 00919FE0: ConnectNamedPipe.KERNEL32(?,00000000,FF5677B6,?,000000FF,?,?,00000000,009E863E,000000FF,?,0091A25A,000000FF,?,00000001), ref: 0091A01C
                                                                                                    • Part of subcall function 00919FE0: GetLastError.KERNEL32(?,?,00000000,009E863E,000000FF,?,0091A25A,000000FF,?,00000001), ref: 0091A026
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footer$ConnectErrorFileHeapLastNamedPipeProcessWrite
                                                                                                  • String ID: \\.\pipe\ToServer
                                                                                                  • API String ID: 3549655173-63420281
                                                                                                  • Opcode ID: 7538c3d71f4b1770a7a2f40fafa27b8284ae9ef999aa840a364c311a1baadb23
                                                                                                  • Instruction ID: 5655422aa0f885aa646d9129ccd29ee4f54ef6e5e9e3e4b4b4aa5d5aa6d44820
                                                                                                  • Opcode Fuzzy Hash: 7538c3d71f4b1770a7a2f40fafa27b8284ae9ef999aa840a364c311a1baadb23
                                                                                                  • Instruction Fuzzy Hash: 6A417C72A05248EFDB14CF58D805BAEB7E8EF44724F10466EE925DB390DB76AD40CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 009947BA Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 009942EA: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 00994315
                                                                                                  • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00994601,?,00000000,?,?,?), ref: 0099481B
                                                                                                  • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00994601,?,00000000,?,?,?), ref: 0099485D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CodeInfoPageValid
                                                                                                  • String ID:
                                                                                                  • API String ID: 546120528-0
                                                                                                  • Opcode ID: 0f753077a3099082dce060748f8ce10bc9f2d4368f0b7516aa01458fd885a049
                                                                                                  • Instruction ID: b7c247f3c202d8bf847a5813512de30a75506c57a21f83c0f2e2f48082e56c77
                                                                                                  • Opcode Fuzzy Hash: 0f753077a3099082dce060748f8ce10bc9f2d4368f0b7516aa01458fd885a049
                                                                                                  • Instruction Fuzzy Hash: FB512671A003859EEF22CF7AC851EABBBF9EF85300F18456ED0968B251D7749947CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0091F3D0 Relevance: 3.1, APIs: 2, Instructions: 129COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • IsWindow.USER32(00000000), ref: 0091F421
                                                                                                  • EndDialog.USER32(00000000,00000001), ref: 0091F430
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DialogWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 2634769047-0
                                                                                                  • Opcode ID: 20c901775883f309eb78754b1919433d1eff0391bb631e9fb86e591a8008c5b6
                                                                                                  • Instruction ID: c5e02b1d313d40bc07a62c4c501596bb039b741ef2be21aaf06d2fdf0c791c14
                                                                                                  • Opcode Fuzzy Hash: 20c901775883f309eb78754b1919433d1eff0391bb631e9fb86e591a8008c5b6
                                                                                                  • Instruction Fuzzy Hash: 8C519C30A01B49DFD721CF68C908B8AFBF8FF45310F1486A9E459DB2A1D770AA44CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008FBF40 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetLastError.KERNEL32(008FB881), ref: 008FBF40
                                                                                                  • DestroyWindow.USER32(?,?,?), ref: 008FBFF7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DestroyErrorLastWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 1182162058-0
                                                                                                  • Opcode ID: c1e2e5ad7490de460a1471b262262903d71920b2c9955c8d0c4ab89af079c862
                                                                                                  • Instruction ID: 94f09578c75beeceb8d1888a839e337503e8540b7bdcb0238e8ebfb98e09741e
                                                                                                  • Opcode Fuzzy Hash: c1e2e5ad7490de460a1471b262262903d71920b2c9955c8d0c4ab89af079c862
                                                                                                  • Instruction Fuzzy Hash: 2221A1B161010D9BDB209F2CEC45BBAB794FB54320F004266FA04C7691DB75ED61DBE1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DF130 Relevance: 3.0, APIs: 2, Instructions: 41windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 008DE740: LoadLibraryW.KERNEL32(ComCtl32.dll,FF5677B6,?,00000000,00000000), ref: 008DE77E
                                                                                                    • Part of subcall function 008DE740: GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 008DE7A1
                                                                                                    • Part of subcall function 008DE740: FreeLibrary.KERNEL32(00000000), ref: 008DE81F
                                                                                                  • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 008DF174
                                                                                                  • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 008DF17F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LibraryMessageSend$AddressFreeLoadProc
                                                                                                  • String ID:
                                                                                                  • API String ID: 3032493519-0
                                                                                                  • Opcode ID: 4556460658d5492afa8012425c38a7e9ec58b3a84d49a54b89349042940be9b7
                                                                                                  • Instruction ID: f409653c4c243a4a9df8602f917704fe3086eead3c0aba4d72605f5614903d3c
                                                                                                  • Opcode Fuzzy Hash: 4556460658d5492afa8012425c38a7e9ec58b3a84d49a54b89349042940be9b7
                                                                                                  • Instruction Fuzzy Hash: 16F01C3178521836F660219A5C46F67B64DE781B64F144266BA98AF6D2ECC67C0102D9
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098E778 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LCMapStringEx.KERNEL32(?,0098EAFA,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0098E7AC
                                                                                                  • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,0098EAFA,?,?,00000000,?,00000000), ref: 0098E7CA
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String
                                                                                                  • String ID:
                                                                                                  • API String ID: 2568140703-0
                                                                                                  • Opcode ID: 83ba0e8462438961dc195da74ea11d3048dea7fbcd597d842a9ae46c29414644
                                                                                                  • Instruction ID: d6caaa893be9f89cbb1aa9785ef1b4a49bc00c2a3629871313b9405ca73c0ca0
                                                                                                  • Opcode Fuzzy Hash: 83ba0e8462438961dc195da74ea11d3048dea7fbcd597d842a9ae46c29414644
                                                                                                  • Instruction Fuzzy Hash: 8FF07A3250011ABBCF126F90DC15EEE3F26EF88360F058410FA1865120C736D831EB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098CA2D Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?,0099593D,?,00000000,?,?,00995BDE,?,00000007,?,?,00996030,?,?), ref: 0098CA43
                                                                                                  • GetLastError.KERNEL32(?,?,0099593D,?,00000000,?,?,00995BDE,?,00000007,?,?,00996030,?,?), ref: 0098CA4E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                  • String ID:
                                                                                                  • API String ID: 485612231-0
                                                                                                  • Opcode ID: 57dcb28bc86ec15d71bc97b01ec91d372bb4a8095cd03db575836fd1fd6ac9d6
                                                                                                  • Instruction ID: f745142c8e16d6a2e6e1166ab94f68826d0e125234fce15feac6b26a5067d590
                                                                                                  • Opcode Fuzzy Hash: 57dcb28bc86ec15d71bc97b01ec91d372bb4a8095cd03db575836fd1fd6ac9d6
                                                                                                  • Instruction Fuzzy Hash: D9E08C72100228ABCF11BFA4AC0DBA93B9DEB80761F148020F60C8A160EE35C940DBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 009763CC Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009763EA
                                                                                                  • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 009763F5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                  • String ID:
                                                                                                  • API String ID: 1660781231-0
                                                                                                  • Opcode ID: 57a580a0bca18605306d204d0ecb2088640fe6db3a2a984f77ba5a8ecf4dfe76
                                                                                                  • Instruction ID: 89ac60c2238b4df83d674f974f6403b744b3d59f406dabae9ebfb74fae1ceffb
                                                                                                  • Opcode Fuzzy Hash: 57a580a0bca18605306d204d0ecb2088640fe6db3a2a984f77ba5a8ecf4dfe76
                                                                                                  • Instruction Fuzzy Hash: 84D0A773544A1014185023B42C426D91248F991BB87B0DE5AF42DC50D2DE148445D322
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0091EB70 Relevance: 1.7, APIs: 1, Instructions: 208COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ee851ec7b4f4685c6006abe2f7737c5f2ed3250ea066e8d71ab1eb26db5b5bec
                                                                                                  • Instruction ID: e5fb7dd915f0025539a164f823a2de89b069be07a5d7fac5f35e18b075044984
                                                                                                  • Opcode Fuzzy Hash: ee851ec7b4f4685c6006abe2f7737c5f2ed3250ea066e8d71ab1eb26db5b5bec
                                                                                                  • Instruction Fuzzy Hash: A261A0757006199FCB10DF68D888EAAB7A9FF48710F154669ED15DB3A1DB30EC40CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 009943BE Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetCPInfo.KERNEL32(E8458D00,?,0099460D,00994601,00000000), ref: 009943F0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Info
                                                                                                  • String ID:
                                                                                                  • API String ID: 1807457897-0
                                                                                                  • Opcode ID: 8085444b65716f2437cf731dce42c583f805d300c226f20dbfd5d31625d0901f
                                                                                                  • Instruction ID: 33b59f40cc134614c672bcb14775570bd9b33415aa046816b24ac6c47c18b2f0
                                                                                                  • Opcode Fuzzy Hash: 8085444b65716f2437cf731dce42c583f805d300c226f20dbfd5d31625d0901f
                                                                                                  • Instruction Fuzzy Hash: D0513671A082589BDF228A6CCD80FEA7BECEB59304F2405A9E59AC7152C2349D47DF20
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00902F70 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • EnumResourceLanguagesW.KERNEL32(?,00000010,00000001,009030A0,?), ref: 00902FBB
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: EnumLanguagesResource
                                                                                                  • String ID:
                                                                                                  • API String ID: 4141015960-0
                                                                                                  • Opcode ID: e074df77a0644ad4605db9e2ab511456dc4018ab6bbc5256cd61ad5f6c2d4cea
                                                                                                  • Instruction ID: 3744affd00cd7ca623a0d3926a74024ace5175c796e5c77fd01af3d6a50a25f0
                                                                                                  • Opcode Fuzzy Hash: e074df77a0644ad4605db9e2ab511456dc4018ab6bbc5256cd61ad5f6c2d4cea
                                                                                                  • Instruction Fuzzy Hash: D341A67190024ADFDB10DF54C885BDEBBF8FF48714F10465AE411A76C1DBB59944CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0091ECE0 Relevance: 1.6, APIs: 1, Instructions: 83synchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,FF5677B6,?,?,80004005,FF5677B6,?,?,00000000), ref: 0091ECF2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ObjectSingleWait
                                                                                                  • String ID:
                                                                                                  • API String ID: 24740636-0
                                                                                                  • Opcode ID: 8a5c2b7be5456addd6fdc1fefc87676ec5335af2b27779ae5fde23b7bee38913
                                                                                                  • Instruction ID: 0629d8bd98b84b106c922534c3d3b795b33ccf644475094867c91d3d8beb03f1
                                                                                                  • Opcode Fuzzy Hash: 8a5c2b7be5456addd6fdc1fefc87676ec5335af2b27779ae5fde23b7bee38913
                                                                                                  • Instruction Fuzzy Hash: 2D210635700A2E9FC721AF98E8C4F96F7A9FF54710B064125FE119B2A2DB60EC9187D1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E0100 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 008E0370: __Init_thread_footer.LIBCMT ref: 008E03E6
                                                                                                    • Part of subcall function 00974BA2: EnterCriticalSection.KERNEL32(00A87FD8,?,FF5677B6,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?), ref: 00974BAD
                                                                                                    • Part of subcall function 00974BA2: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?,00000000), ref: 00974BEA
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008E01E0
                                                                                                    • Part of subcall function 00974B58: EnterCriticalSection.KERNEL32(00A87FD8,FF5677B6,?,007C9DD7,00A88C04,009F7520), ref: 00974B62
                                                                                                    • Part of subcall function 00974B58: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9DD7,00A88C04,009F7520), ref: 00974B95
                                                                                                    • Part of subcall function 00974B58: RtlWakeAllConditionVariable.NTDLL ref: 00974C0C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterInit_thread_footerLeave$ConditionVariableWake
                                                                                                  • String ID:
                                                                                                  • API String ID: 984842325-0
                                                                                                  • Opcode ID: c5b80d8c656d6f921050fdaa53678ade9e97f72e27eac44bdfb93b423b0683fd
                                                                                                  • Instruction ID: 23d6effd8f3f36ad5de57481a4614eb33ab06dc90538591709fd093ec08e9d80
                                                                                                  • Opcode Fuzzy Hash: c5b80d8c656d6f921050fdaa53678ade9e97f72e27eac44bdfb93b423b0683fd
                                                                                                  • Instruction Fuzzy Hash: 7731F271940680EFDB14DF84EC86B6AB3E0F701B14F148A19E5268B790D3B67982CF45
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008C0A10 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00974BA2: EnterCriticalSection.KERNEL32(00A87FD8,?,FF5677B6,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?), ref: 00974BAD
                                                                                                    • Part of subcall function 00974BA2: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?,00000000), ref: 00974BEA
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008C0A82
                                                                                                    • Part of subcall function 00974B58: EnterCriticalSection.KERNEL32(00A87FD8,FF5677B6,?,007C9DD7,00A88C04,009F7520), ref: 00974B62
                                                                                                    • Part of subcall function 00974B58: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9DD7,00A88C04,009F7520), ref: 00974B95
                                                                                                    • Part of subcall function 00974B58: RtlWakeAllConditionVariable.NTDLL ref: 00974C0C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                  • String ID:
                                                                                                  • API String ID: 2296764815-0
                                                                                                  • Opcode ID: 67b654f85611001a7193d3ccd65acb795566c13bab66cdd440d93a644f378b96
                                                                                                  • Instruction ID: 2850e3f7fab92845459b2624217bde09293db3cf4884c520c3a93f4b319f1021
                                                                                                  • Opcode Fuzzy Hash: 67b654f85611001a7193d3ccd65acb795566c13bab66cdd440d93a644f378b96
                                                                                                  • Instruction Fuzzy Hash: 7901D4B1A44644DFC714DF98E942B5AB3A4F788720F044339E439D37D1D735A8128B12
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E0370 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00974BA2: EnterCriticalSection.KERNEL32(00A87FD8,?,FF5677B6,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?), ref: 00974BAD
                                                                                                    • Part of subcall function 00974BA2: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?,00000000), ref: 00974BEA
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008E03E6
                                                                                                    • Part of subcall function 00974B58: EnterCriticalSection.KERNEL32(00A87FD8,FF5677B6,?,007C9DD7,00A88C04,009F7520), ref: 00974B62
                                                                                                    • Part of subcall function 00974B58: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9DD7,00A88C04,009F7520), ref: 00974B95
                                                                                                    • Part of subcall function 00974B58: RtlWakeAllConditionVariable.NTDLL ref: 00974C0C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                  • String ID:
                                                                                                  • API String ID: 2296764815-0
                                                                                                  • Opcode ID: da22d913f1502d570d2ff20df015fa2baf2b927c95cbe2c27ff66756f16e34b3
                                                                                                  • Instruction ID: 9d8aeb8f6ebebac87120b4af230d9ff165ede49901a0dcaffc9f4a5f5b9b1fec
                                                                                                  • Opcode Fuzzy Hash: da22d913f1502d570d2ff20df015fa2baf2b927c95cbe2c27ff66756f16e34b3
                                                                                                  • Instruction Fuzzy Hash: F401DFB1A44685AFC710EF98DD42B2EB7E4F706B20F104B69E929D73C0C774A9008B41
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098DFCF Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlAllocateHeap.NTDLL(00000008,?,?,?,0098C824,00000001,00000364,?,00000002,000000FF,?,0097E5A5,00000000,0098A813,?,?), ref: 0098E010
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1279760036-0
                                                                                                  • Opcode ID: 9e358077e0919e2b083b3f5a6b5a46485a1ea2dd10e1c5fba8666ab1652fe4e0
                                                                                                  • Instruction ID: 37bc3b0b9d8e8f96d90073a1709d8067062e5bdd617f609aebf7c437e22adaf0
                                                                                                  • Opcode Fuzzy Hash: 9e358077e0919e2b083b3f5a6b5a46485a1ea2dd10e1c5fba8666ab1652fe4e0
                                                                                                  • Instruction Fuzzy Hash: 41F0E932649124B7DB217E619C55B6B378DAF92770B1C8811AC09DB3C1CEB4DC0097E1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007C9980 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 0097641A: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,?,80004005,FF5677B6,?,?,00000000), ref: 0097647A
                                                                                                  • RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocateExceptionHeapRaise
                                                                                                  • String ID:
                                                                                                  • API String ID: 3789339297-0
                                                                                                  • Opcode ID: 1c2e92a1a3f628fd88651a49600c5eb9b6ea850b01b90d35a6e09fcb85945290
                                                                                                  • Instruction ID: 20624a4c9fed515be2f473f33dc15c19263aab5299b9cfe5e8ef8395e15a6f4e
                                                                                                  • Opcode Fuzzy Hash: 1c2e92a1a3f628fd88651a49600c5eb9b6ea850b01b90d35a6e09fcb85945290
                                                                                                  • Instruction Fuzzy Hash: 7AF0A772648648FFC705DF54DC06F55BBB8F748B10F00852DF91986690DB35A800CB44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098CA67 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,0098A813,?,0098E9B8,?,00000000,?,0097E5A5,00000000,0098A813,?,?,?,?,0098A60D), ref: 0098CA99
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1279760036-0
                                                                                                  • Opcode ID: 21c456e17ab6f9acc3f6c83acad61202e08bedbe06a8351cb2119b867398f038
                                                                                                  • Instruction ID: b74e242d057e6594c309a175c390b16d74801bb231836db4a364e5a501caf17d
                                                                                                  • Opcode Fuzzy Hash: 21c456e17ab6f9acc3f6c83acad61202e08bedbe06a8351cb2119b867398f038
                                                                                                  • Instruction Fuzzy Hash: 9AE09BB12446295AEB25B665DC05F5A364DAF863F0F150111FC55963D0DF75CC4087F4
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098A77B Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: H_prolog3
                                                                                                  • String ID:
                                                                                                  • API String ID: 431132790-0
                                                                                                  • Opcode ID: 14a5c818424220c26c6ebf7a4789c00ac6f15fbd8c6c680c3bb8a5a8d8f868d3
                                                                                                  • Instruction ID: 59a414074468ddf027f612f12dc80d09d574ceea70c71619ad4d781e35bca7c6
                                                                                                  • Opcode Fuzzy Hash: 14a5c818424220c26c6ebf7a4789c00ac6f15fbd8c6c680c3bb8a5a8d8f868d3
                                                                                                  • Instruction Fuzzy Hash: D3E09A72D4020E9EEB41EFE4C456BEFBBB8AB44301F908126E245E6141EB7497459BE1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0097109A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ___delayLoadHelper2@8.DELAYIMP ref: 00971091
                                                                                                    • Part of subcall function 00971B8B: DloadAcquireSectionWriteAccess.DELAYIMP ref: 00971B96
                                                                                                    • Part of subcall function 00971B8B: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00971BFE
                                                                                                    • Part of subcall function 00971B8B: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00971C0F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                  • String ID:
                                                                                                  • API String ID: 697777088-0
                                                                                                  • Opcode ID: af9ff59403a64746fdbc0674b41f20dbba11f8908d3a478cdc32fcfb82199f2c
                                                                                                  • Instruction ID: 2163aa30a07f6c4d15d1fbcccfcad8107006a196c71544569566093a4c7f7eb0
                                                                                                  • Opcode Fuzzy Hash: af9ff59403a64746fdbc0674b41f20dbba11f8908d3a478cdc32fcfb82199f2c
                                                                                                  • Instruction Fuzzy Hash: D9B0928229D0006E2244A11C1E02E3A2A1CC5D0F21330C96BB108D0081A44058420279
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Non-executed Functions

                                                                                                  Function 007C3010 Relevance: 170.0, Strings: 134, Instructions: 2486COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 100$10000$100000$12000$120000$1500$15000$1500000$1800$2000$20000$200000$3000$30000$3000000$500$5000$6000$800$8000$AI_AppSearchEx$AI_ChainProductsPseudo$AI_CountRowAction$AI_DefaultActionCost$AI_DownloadPrereq$AI_ExtractPrereq$AI_Game$AI_GxInstall$AI_GxUninstall$AI_InstallPostPrerequisite$AI_InstallPrerequisite$AI_PreRequisite$AI_ProcessAccounts$AI_ProcessGroups$AI_ProcessTasks$AI_ScheduledTasks$AI_UninstallAccounts$AI_UninstallGroups$AI_UninstallTasks$AI_UserAccounts$AI_UserGroups$AI_XmlAttribute$AI_XmlElement$AI_XmlInstall$AI_XmlUninstall$AppId$AppSearch$BindImage$Complus$Component$Component_$CostFinalize$CostInitialize$CreateFolder$CreateFolders$CreateShortcuts$DuplicateFile$DuplicateFiles$Environment$Extension$Feature$Feature_$File$FileCost$FileSize$Font$IniFile$InstallFiles$InstallFinalize$InstallInitialize$InstallODBC$InstallServices$InstallValidate$Location$MIME$MoveFile$MoveFiles$MsiAssembly$MsiConfigureServices$MsiPublishAssemblies$MsiUnpublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$Options$Patch$PatchFiles$PatchSize$ProcessComponents$ProgId$PublishComponent$PublishComponents$PublishFeatures$RegisterClassInfo$RegisterComPlus$RegisterExtensionInfo$RegisterFonts$RegisterMIMEInfo$RegisterProgIdInfo$RegisterTypeLibraries$Registry$RemoveDuplicateFiles$RemoveEnvironmentStrings$RemoveExistingProducts$RemoveFile$RemoveFiles$RemoveFolders$RemoveIniFile$RemoveIniValues$RemoveODBC$RemoveRegistry$RemoveRegistryValues$RemoveShortcuts$SelfReg$SelfRegModules$SelfUnregModules$ServiceControl$ServiceInstall$Shortcut$StartServices$StopServices$TypeLib$UnpublishComponents$UnpublishFeatures$UnregisterClassInfo$UnregisterComPlus$UnregisterExtensionInfo$UnregisterFonts$UnregisterMIMEInfo$UnregisterProgIdInfo$WriteEnvironmentStrings$WriteIniValues$WriteRegistryValues$~
                                                                                                  • API String ID: 0-2910470256
                                                                                                  • Opcode ID: 567656e5e054857b472db7969093e40be603fb009bd3f06a7dc3f575bd147d80
                                                                                                  • Instruction ID: e3061d6e63d20d5d09205f5515aaea17eced46bb24e6e4c2d2f04d45ae57d520
                                                                                                  • Opcode Fuzzy Hash: 567656e5e054857b472db7969093e40be603fb009bd3f06a7dc3f575bd147d80
                                                                                                  • Instruction Fuzzy Hash: 0C33D570B49384FAD70AFBF8B91AB7D2A50AF55705F10465CE1822B2D2CFB90A05DB52
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007C45FE Relevance: 141.5, Strings: 112, Instructions: 1543COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 100$10000$100000$12000$120000$1500$15000$1500000$1800$2000$20000$200000$3000$30000$3000000$500$5000$6000$8000$AI_AppSearchEx$AI_ChainProductsPseudo$AI_CountRowAction$AI_DefaultActionCost$AI_DownloadPrereq$AI_ExtractPrereq$AI_Game$AI_GxInstall$AI_GxUninstall$AI_InstallPostPrerequisite$AI_InstallPrerequisite$AI_PreRequisite$AI_ProcessAccounts$AI_ProcessGroups$AI_ProcessTasks$AI_ScheduledTasks$AI_UninstallAccounts$AI_UninstallGroups$AI_UninstallTasks$AI_UserAccounts$AI_UserGroups$AI_XmlAttribute$AI_XmlElement$AI_XmlInstall$AI_XmlUninstall$AppId$BindImage$Complus$Component_$CreateFolder$CreateFolders$CreateShortcuts$DuplicateFile$DuplicateFiles$Environment$Extension$Feature$Feature_$File$FileSize$Font$IniFile$InstallFiles$InstallFinalize$InstallInitialize$InstallODBC$InstallServices$Location$MIME$MoveFile$MoveFiles$MsiAssembly$MsiConfigureServices$MsiPublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$Options$Patch$PatchFiles$PatchSize$ProgId$PublishComponent$PublishComponents$PublishFeatures$RegisterClassInfo$RegisterComPlus$RegisterExtensionInfo$RegisterFonts$RegisterMIMEInfo$RegisterProgIdInfo$RegisterTypeLibraries$Registry$RemoveDuplicateFiles$RemoveEnvironmentStrings$RemoveFile$RemoveFiles$RemoveFolders$RemoveIniFile$RemoveIniValues$RemoveShortcuts$SelfReg$SelfRegModules$ServiceControl$ServiceInstall$Shortcut$StartServices$TypeLib$UnregisterMIMEInfo$WriteEnvironmentStrings$WriteIniValues$WriteRegistryValues$~
                                                                                                  • API String ID: 0-1090619422
                                                                                                  • Opcode ID: 53dc26bfb72e3ac3bbb76a9d83c2f3260a3c930e214f567ee010f519cc7fb474
                                                                                                  • Instruction ID: d3169205207248721bdfb2bd623fc84cfc5e9358959e5bcc5e8567801881b079
                                                                                                  • Opcode Fuzzy Hash: 53dc26bfb72e3ac3bbb76a9d83c2f3260a3c930e214f567ee010f519cc7fb474
                                                                                                  • Instruction Fuzzy Hash: 10E2DB10B49785FAC70AF7F8791AB6D6F116F5AB12F10579CF1922B2C2CEA40B01D762
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007EB461 Relevance: 64.6, APIs: 25, Strings: 11, Instructions: 1644memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • VariantClear.OLEAUT32 ref: 007EB70F
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EB86A
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EB892
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EBA1E
                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 007EBA2F
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EBA79
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EBAA2
                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 007EBAAD
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EBBBB
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EBBEC
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EBC45
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EBCF4
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EB73D
                                                                                                    • Part of subcall function 007C92A0: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,007C9418,-00000010,?,00000000), ref: 007C92C3
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EB80E
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EB836
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EBE38
                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 007EBE49
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EBE93
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EBEBC
                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 007EBEC7
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EBFD5
                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 007EBFE2
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EC02A
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007EC052
                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 007EC05C
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ClearVariant$String$AllocFree$HeapInit_thread_footer$AllocateFindProcessResource
                                                                                                  • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted$MsiSetProperty
                                                                                                  • API String ID: 3540692479-3153392536
                                                                                                  • Opcode ID: 5be32f7ce05c72d484e33cb280841ddac7f35ff21a83b783a867b496f56ffe15
                                                                                                  • Instruction ID: 556dfac4d41c1874e115b47b6295fa6ae5b605a6ac1d53d858b0e2c8fe0abda6
                                                                                                  • Opcode Fuzzy Hash: 5be32f7ce05c72d484e33cb280841ddac7f35ff21a83b783a867b496f56ffe15
                                                                                                  • Instruction Fuzzy Hash: 5DE29271D01248DFDB14CFA8C849B9EBBB4FF48314F24825DE515AB391EB78AA45CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0090CF60 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 264filetimeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • InitializeCriticalSection.KERNEL32(00A89384,FF5677B6,00000010,?), ref: 0090CF9C
                                                                                                    • Part of subcall function 007C92A0: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,007C9418,-00000010,?,00000000), ref: 007C92C3
                                                                                                  • EnterCriticalSection.KERNEL32(?,FF5677B6,00000010,?), ref: 0090CFA9
                                                                                                  • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0090CFDB
                                                                                                  • FlushFileBuffers.KERNEL32(00000000,?,00000000,?,00000000), ref: 0090CFE4
                                                                                                  • WriteFile.KERNEL32(00000000,009E5BDD,18E9084D,?,00000000,00A0443C,00000001,?,00000000,?,00000000), ref: 0090D066
                                                                                                  • FlushFileBuffers.KERNEL32(00000000,?,00000000,?,00000000), ref: 0090D06F
                                                                                                  • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,00000000,?,00000000), ref: 0090D0A5
                                                                                                  • FlushFileBuffers.KERNEL32(00000000,?,00000000,?,00000000,?,00000000,?,00000000), ref: 0090D0AE
                                                                                                  • WriteFile.KERNEL32(00000000,008F2B03,9384B9FF,?,00000000,00A06D60,00000002,?,00000000,?,00000000,?,00000000,?,00000000), ref: 0090D10F
                                                                                                  • FlushFileBuffers.KERNEL32(00000000,?,00000000,?,00000000,?,00000000,?,00000000), ref: 0090D118
                                                                                                  • LeaveCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,?,00000000,?,00000000), ref: 0090D148
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                  • GetLocalTime.KERNEL32(?,FF5677B6), ref: 0090D1DE
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$BuffersFlushWrite$CriticalSection$HeapInit_thread_footer$AllocateEnterFindInitializeLeaveLocalProcessResourceTime
                                                                                                  • String ID: v$%04d-%02d-%02d %02d-%02d-%02d
                                                                                                  • API String ID: 4138224324-2546220813
                                                                                                  • Opcode ID: 1c01243732a2d727ecf707ba56c884f20a73cb1d7fcc71fe64a517daaa0ba175
                                                                                                  • Instruction ID: e02b422129b7f5162a07c23691f15ec96666dd7ca591ef3d15248b7bc9ac0cbf
                                                                                                  • Opcode Fuzzy Hash: 1c01243732a2d727ecf707ba56c884f20a73cb1d7fcc71fe64a517daaa0ba175
                                                                                                  • Instruction Fuzzy Hash: F1A1AC71A05648EFDB00DFA8CD49BAEBBF8FF08310F144169F905A72A1DB759914DBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E0880 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 694fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FindClose.KERNEL32(00000000,00000000,?,?,?,008EB647), ref: 007E09BF
                                                                                                  • PathIsUNCW.SHLWAPI(?,*.*,00000000), ref: 007E0A77
                                                                                                  • FindFirstFileW.KERNEL32(00000000,00000000,*.*,00000000), ref: 007E0BCC
                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000), ref: 007E0BE6
                                                                                                  • GetFullPathNameW.KERNEL32(00000000,00000000,?,00000000), ref: 007E0C19
                                                                                                  • FindClose.KERNEL32(00000000), ref: 007E0C88
                                                                                                  • SetLastError.KERNEL32(0000007B), ref: 007E0C96
                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 007E0CEC
                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 007E0D0C
                                                                                                  • PathIsUNCW.SHLWAPI(?,?,FF5677B6), ref: 007E0EE3
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Path$Find$CloseFullName_wcsrchr$ErrorFileFirstLast
                                                                                                  • String ID: *.*$\\?\$\\?\UNC\
                                                                                                  • API String ID: 1241272779-1700010636
                                                                                                  • Opcode ID: 7966f586c6bc23c1fa2f0c9594b089a9292ef821f703a8e47b8c55b2f7197094
                                                                                                  • Instruction ID: 56cb0999b3f55530fc383a5b1bd528a44c7c18f6fad3dcc9a3a97aa8b8245219
                                                                                                  • Opcode Fuzzy Hash: 7966f586c6bc23c1fa2f0c9594b089a9292ef821f703a8e47b8c55b2f7197094
                                                                                                  • Instruction Fuzzy Hash: AE422230602646DFDB14DF69CC49B6AF7B5FF58314F10822CE414DB291EBB9A980CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D4BC0 Relevance: 22.9, APIs: 15, Instructions: 390memorynativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007D5050: EnterCriticalSection.KERNEL32(00A8957C,FF5677B6,00000000,?,?,?,?,?,?,007D487E,0099F9CD,000000FF), ref: 007D508D
                                                                                                    • Part of subcall function 007D5050: LoadCursorW.USER32(00000000,00007F00), ref: 007D5108
                                                                                                    • Part of subcall function 007D5050: LoadCursorW.USER32(00000000,00007F00), ref: 007D51AE
                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 007D4C63
                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 007D4C94
                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 007D4D6B
                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 007D4D7B
                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007D4D86
                                                                                                  • NtdllDefWindowProc_W.NTDLL(?,?,00000001,?), ref: 007D4D94
                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 007D4DA2
                                                                                                  • SetWindowTextW.USER32(?,00A0446C), ref: 007D4E41
                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 007D4E76
                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 007D4E84
                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 007D4ED8
                                                                                                  • SetWindowLongW.USER32(?,000000EB,00000000), ref: 007D4F63
                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 007D4F7C
                                                                                                  • NtdllDefWindowProc_W.NTDLL(?,?,?,00000000), ref: 007D4FC3
                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 007D4FE5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Long$String$FreeGlobal$AllocCursorLoadNtdllProc_$CriticalEnterLockSectionTextUnlock
                                                                                                  • String ID:
                                                                                                  • API String ID: 4180125975-0
                                                                                                  • Opcode ID: 73f5c1b6bca7cab545ff34a87bdd2157afee1e249ff46521c0a87ffde1529ff1
                                                                                                  • Instruction ID: 947948251ae1b4b600ef219cdfe5554268b4af35e1e13244db62a47908055c5d
                                                                                                  • Opcode Fuzzy Hash: 73f5c1b6bca7cab545ff34a87bdd2157afee1e249ff46521c0a87ffde1529ff1
                                                                                                  • Instruction Fuzzy Hash: E4D1CE71A00209EFDB10DFA4CC48BAFBBB8EF45314F184159F915AB391D7799A01CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007DEAF0 Relevance: 21.6, APIs: 14, Instructions: 608COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 007DEBA3
                                                                                                  • ShowWindow.USER32(00000000,?), ref: 007DEBC2
                                                                                                  • SetWindowLongW.USER32(?,000000EB,00000000), ref: 007DEBD0
                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 007DEBE7
                                                                                                  • ShowWindow.USER32(00000000,?), ref: 007DEC08
                                                                                                  • SetWindowLongW.USER32(?,000000EB,?), ref: 007DEC1F
                                                                                                    • Part of subcall function 007D8590: RaiseException.KERNEL32(?,?,00000000,00000000,0091ED87,C000008C,00000001), ref: 007D859C
                                                                                                  • ShowWindow.USER32(?,?), ref: 007DED5D
                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 007DED8C
                                                                                                  • ShowWindow.USER32(?,?), ref: 007DEDA9
                                                                                                  • GetWindowRect.USER32(?,?), ref: 007DEDCE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$LongShow$Rect$ExceptionRaise
                                                                                                  • String ID:
                                                                                                  • API String ID: 777556035-0
                                                                                                  • Opcode ID: 29cec3c9f4f51c579a6ce112830db782b69efc0d1b5ec168d0df30ccbe01eab5
                                                                                                  • Instruction ID: 380fbf7da65c5ef3f6371116a7b7438875cf49a7904d25e076fded64951d6818
                                                                                                  • Opcode Fuzzy Hash: 29cec3c9f4f51c579a6ce112830db782b69efc0d1b5ec168d0df30ccbe01eab5
                                                                                                  • Instruction Fuzzy Hash: 31424771A04248DFCB25DFA8D884AAEBBF5FF88304F14456EE45AAB360D734A945CF50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E8F30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 419fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • FindFirstFileW.KERNEL32(?,?,?,00000001), ref: 008E92D2
                                                                                                  • FindClose.KERNEL32(00000000), ref: 008E9300
                                                                                                  • FindClose.KERNEL32(00000000), ref: 008E9389
                                                                                                  Strings
                                                                                                  • No acceptable version found. It is already downloaded and it will be installed., xrefs: 008E9895
                                                                                                  • Not selected for install., xrefs: 008E98A3
                                                                                                  • No acceptable version found. Operating System not supported., xrefs: 008E988E
                                                                                                  • No acceptable version found. It must be downloaded., xrefs: 008E9880
                                                                                                  • No acceptable version found. It must be downloaded manually from a site., xrefs: 008E9887
                                                                                                  • No acceptable version found. It must be installed from package., xrefs: 008E9879
                                                                                                  • No acceptable version found., xrefs: 008E989C
                                                                                                  • An acceptable version was found., xrefs: 008E9872
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Find$CloseInit_thread_footer$FileFirstHeapProcess
                                                                                                  • String ID: An acceptable version was found.$No acceptable version found.$No acceptable version found. It is already downloaded and it will be installed.$No acceptable version found. It must be downloaded manually from a site.$No acceptable version found. It must be downloaded.$No acceptable version found. It must be installed from package.$No acceptable version found. Operating System not supported.$Not selected for install.
                                                                                                  • API String ID: 544434140-749633484
                                                                                                  • Opcode ID: 252a346db23e970ca9dab886a61408c3db29cec6d850ff6fb6a6a40aa40059e9
                                                                                                  • Instruction ID: 938d23677d0773d7493bbdd3bfd6d4af329dc9dc90491d472c8b995472685add
                                                                                                  • Opcode Fuzzy Hash: 252a346db23e970ca9dab886a61408c3db29cec6d850ff6fb6a6a40aa40059e9
                                                                                                  • Instruction Fuzzy Hash: C0F17A70A00646CFDB20DF39C8487AABBF1FF46314F148698D899DB392DB749A45CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008ECFD0 Relevance: 19.1, APIs: 2, Strings: 8, Instructions: 1614fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                    • Part of subcall function 007C92A0: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,007C9418,-00000010,?,00000000), ref: 007C92C3
                                                                                                  • CopyFileW.KERNEL32(?,?,00000000,00000000,00000000), ref: 008ED558
                                                                                                  • CopyFileW.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?), ref: 008EDA59
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CopyFileHeapInit_thread_footer$AllocateFindProcessResource
                                                                                                  • String ID: AI_PRODUCTNAME_ARP$InstanceId$ProductCode$ProductName$\\?\$instname-custom.mst$instname-target.msi${%0.8X-%0.4X-%0.4X-%0.2X%0.2X-%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X}
                                                                                                  • API String ID: 1612743573-2893908338
                                                                                                  • Opcode ID: d13671eada363f78c36e9afc61192ec8b733abfca66744a8bf5dcc765245d441
                                                                                                  • Instruction ID: 878373c8dc60225b8ab36bf6c98a2e0b8428cbd49d0f32827effeda06b7a572a
                                                                                                  • Opcode Fuzzy Hash: d13671eada363f78c36e9afc61192ec8b733abfca66744a8bf5dcc765245d441
                                                                                                  • Instruction Fuzzy Hash: 61D29D71A00689DFDB00DBA9C849BAEBBB4FF46314F14816DE415EB292DB349908CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D44A0 Relevance: 16.9, APIs: 11, Instructions: 417nativememoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 007D46CB
                                                                                                  • GetWindowLongW.USER32(00000000,000000EC), ref: 007D46DB
                                                                                                  • SetWindowLongW.USER32(00000000,000000EC,00000000), ref: 007D46E6
                                                                                                  • NtdllDefWindowProc_W.NTDLL(00000000,00000000,00000001,?), ref: 007D46F4
                                                                                                  • GetWindowLongW.USER32(00000000,000000EB), ref: 007D4702
                                                                                                  • SetWindowTextW.USER32(00000000,00A0446C), ref: 007D47A1
                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 007D47D6
                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 007D47E4
                                                                                                  • GlobalUnlock.KERNEL32(?), ref: 007D4838
                                                                                                  • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 007D489D
                                                                                                  • NtdllDefWindowProc_W.NTDLL(00000000,00000000,FF5677B6,00000000), ref: 007D48EF
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Long$Global$NtdllProc_$AllocLockTextUnlock
                                                                                                  • String ID:
                                                                                                  • API String ID: 3555041256-0
                                                                                                  • Opcode ID: 5773b985d9666fdb3e49eccd33f59b057a3352380bbfb8ca3f5614d02648891d
                                                                                                  • Instruction ID: 1b05893882c56b2c49c21a1b1e5009cb8cac0ff796e7088a0c83935b904f1b4e
                                                                                                  • Opcode Fuzzy Hash: 5773b985d9666fdb3e49eccd33f59b057a3352380bbfb8ca3f5614d02648891d
                                                                                                  • Instruction Fuzzy Hash: 79E1B171A01245DBDB10DFA8DC49BAFBBB9EF85314F14452AE916E7391DB38D900CBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007EC116 Relevance: 13.1, Strings: 10, Instructions: 592COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted
                                                                                                  • API String ID: 0-2027876840
                                                                                                  • Opcode ID: 7e0223497b5c0d7ecf7a04e695cd9d7ff4afa6373eb19f56855a9c646f4b6bf7
                                                                                                  • Instruction ID: ea24193757641f1ecdf4358bcbb8c9caedbf0c60dbdfd6dcb59d5a68c900845f
                                                                                                  • Opcode Fuzzy Hash: 7e0223497b5c0d7ecf7a04e695cd9d7ff4afa6373eb19f56855a9c646f4b6bf7
                                                                                                  • Instruction Fuzzy Hash: C1422DB5D11289DFDB14CFA4C885BDEBBB1FF48314F20821EE015AB691E7786686CB44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007EC127 Relevance: 13.1, Strings: 10, Instructions: 591COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted
                                                                                                  • API String ID: 0-2027876840
                                                                                                  • Opcode ID: 46182efb23427bd6e7290595522c90337bc2a872d6d61e9a01e62d4e22f493fc
                                                                                                  • Instruction ID: cf7689fb0106ab3903db4f953c8d0824f494197d4822472f07b8ddb7aa5d2a94
                                                                                                  • Opcode Fuzzy Hash: 46182efb23427bd6e7290595522c90337bc2a872d6d61e9a01e62d4e22f493fc
                                                                                                  • Instruction Fuzzy Hash: 36422DB5D11289DFDB14CFA4C885BDEBBB1FF48314F20821EE015AB691E7786686CB44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00909310 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 410COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 0090949D
                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 009094C5
                                                                                                  • GetLogicalDriveStringsW.KERNEL32(00000064,?), ref: 0090951E
                                                                                                  • GetDriveTypeW.KERNEL32(?), ref: 0090953A
                                                                                                  • Wow64DisableWow64FsRedirection.KERNEL32(00000000,00000000), ref: 009095C1
                                                                                                  • Wow64RevertWow64FsRedirection.KERNEL32(00000000,00000000), ref: 00909821
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Wow64$DriveInit_thread_footerRedirection_wcsrchr$DisableHeapLogicalProcessRevertStringsType
                                                                                                  • String ID: ]%!
                                                                                                  • API String ID: 139206881-1069524040
                                                                                                  • Opcode ID: 16b9626df9245468a3413484dbfa3ba0a693733e365c5e3a8da85f500af3d7b3
                                                                                                  • Instruction ID: 3891639f87c55b70ab1b44bd06cb45a8b8bda8dbbe4e515a32c6389291e98682
                                                                                                  • Opcode Fuzzy Hash: 16b9626df9245468a3413484dbfa3ba0a693733e365c5e3a8da85f500af3d7b3
                                                                                                  • Instruction Fuzzy Hash: A8F1B331900259CFDB25DF68CC48BADB7B5AF45310F1486E8E91AA72D2DB749E84CF90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008BAA20 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 373windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 008BACDA
                                                                                                  • SendMessageW.USER32(?,00000443,00000000), ref: 008BAD44
                                                                                                  • MulDiv.KERNEL32(?,00000000), ref: 008BAD7B
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSendWindow
                                                                                                  • String ID: NumberValidationTipMsg$NumberValidationTipTitle$Segoe UI
                                                                                                  • API String ID: 701072176-2319862951
                                                                                                  • Opcode ID: c6efa56ac07274da2dde3fe1a195190d28f770f0cfb27020ed702200b32698a3
                                                                                                  • Instruction ID: b65753a914ee71a045dc5e18d49aeff75e73663d09232d4e297cd48cf4cd9003
                                                                                                  • Opcode Fuzzy Hash: c6efa56ac07274da2dde3fe1a195190d28f770f0cfb27020ed702200b32698a3
                                                                                                  • Instruction Fuzzy Hash: 2DE1BC71A00608AFEB18CF64CC59BEEBBB1FF88300F10825DE555A7291DB74AA45CF91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00997AA7 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __floor_pentium4
                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                  • API String ID: 4168288129-2761157908
                                                                                                  • Opcode ID: 676b87821509e0dc8f275ca77ee09c14b0725abd64f0e3c9050109cda8e328d4
                                                                                                  • Instruction ID: d35b4be441a8754ea7961bb93e0401ea339eab222244afabf0cc2b95f3f5b500
                                                                                                  • Opcode Fuzzy Hash: 676b87821509e0dc8f275ca77ee09c14b0725abd64f0e3c9050109cda8e328d4
                                                                                                  • Instruction Fuzzy Hash: 71D22872E086298FDF65CE28CD407EAB7B9EB45305F1445EAD44DE7240EB38AE858F41
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 009741D9 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000C,009740F5,00000000,?,0097428D,?,?,?,?,?,?,?), ref: 009741DB
                                                                                                  • GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,?,0097428D,?,?,?,?,?,?,?), ref: 00974202
                                                                                                  • HeapAlloc.KERNEL32(00000000,?,0097428D,?,?,?,?,?,?,?), ref: 00974209
                                                                                                  • InitializeSListHead.KERNEL32(00000000,?,0097428D,?,?,?,?,?,?,?), ref: 00974216
                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,0097428D,?,?,?,?,?,?,?), ref: 0097422B
                                                                                                  • HeapFree.KERNEL32(00000000,?,0097428D,?,?,?,?,?,?,?), ref: 00974232
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                                                                                                  • String ID:
                                                                                                  • API String ID: 1475849761-0
                                                                                                  • Opcode ID: ebae1a7714681969f0bf4e1ba4c94586f664f7ed217363d6c3c1f22d6b6c4ce0
                                                                                                  • Instruction ID: 31632c4969c3c32f0200e31edc8f064ae3eec61597cfea62991b4b5a59c2594f
                                                                                                  • Opcode Fuzzy Hash: ebae1a7714681969f0bf4e1ba4c94586f664f7ed217363d6c3c1f22d6b6c4ce0
                                                                                                  • Instruction Fuzzy Hash: 9AF062366582019BD7109F69AC08B2A77FCFFA9B16F144428FA56D3255DF30D801DB60
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DA850 Relevance: 7.7, APIs: 5, Instructions: 209COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 008DA8A8
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footer$HeapProcess_wcsrchr
                                                                                                  • String ID:
                                                                                                  • API String ID: 3663133277-0
                                                                                                  • Opcode ID: e65a795d7d37fe08a25573b3e32124efab51bf0e783e88caeb761ab3e766c4a2
                                                                                                  • Instruction ID: e651d0e8a17b2708249ef08509a039d4490b432d52c2604fb911daa5f89b34e3
                                                                                                  • Opcode Fuzzy Hash: e65a795d7d37fe08a25573b3e32124efab51bf0e783e88caeb761ab3e766c4a2
                                                                                                  • Instruction Fuzzy Hash: 7561BD71A00249ABDB14DF69CD48BAEB7F8FB85324F20432EE925D7380DB749A04CB51
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098CBBA Relevance: 6.3, APIs: 4, Instructions: 337COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _strrchr
                                                                                                  • String ID:
                                                                                                  • API String ID: 3213747228-0
                                                                                                  • Opcode ID: fcc137dfe0708e1f7a0708534d1b12ff6f576f64afdac42b5cb573f5b23bebeb
                                                                                                  • Instruction ID: d0d45e51a255160128cece0e0defa32aa7898c2517b5c6276b053198720ccd7a
                                                                                                  • Opcode Fuzzy Hash: fcc137dfe0708e1f7a0708534d1b12ff6f576f64afdac42b5cb573f5b23bebeb
                                                                                                  • Instruction Fuzzy Hash: 3EB149B29042459FDB15EF68C8817FEBBA9EF55310F14856AE905EB382D238DD01CBB0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0090A4B0 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5f6ed852e56b9d50de202971a32e13d36761f340c3555c99fc111fd2501b7aae
                                                                                                  • Instruction ID: a1a41f794ec21ec4b6c51e6e788a2ac9b9c89ff82527c8340aab0bf017591898
                                                                                                  • Opcode Fuzzy Hash: 5f6ed852e56b9d50de202971a32e13d36761f340c3555c99fc111fd2501b7aae
                                                                                                  • Instruction Fuzzy Hash: 62816B71901218DFDB60DF68CC49B99B7B8EF45314F1482D9E818AB292DB749E84CF91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007EDAC0 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 656COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00974BA2: EnterCriticalSection.KERNEL32(00A87FD8,?,FF5677B6,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?), ref: 00974BAD
                                                                                                    • Part of subcall function 00974BA2: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?,00000000), ref: 00974BEA
                                                                                                  • __Init_thread_footer.LIBCMT ref: 007EDB5E
                                                                                                    • Part of subcall function 00974B58: EnterCriticalSection.KERNEL32(00A87FD8,FF5677B6,?,007C9DD7,00A88C04,009F7520), ref: 00974B62
                                                                                                    • Part of subcall function 00974B58: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9DD7,00A88C04,009F7520), ref: 00974B95
                                                                                                    • Part of subcall function 00974B58: RtlWakeAllConditionVariable.NTDLL ref: 00974C0C
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                  • String ID: AiFeatIco$Icon
                                                                                                  • API String ID: 2296764815-1280411655
                                                                                                  • Opcode ID: 222f5973cf3d909441bfc91764f68e8dfeac11531f52a17506b21edc5269a84d
                                                                                                  • Instruction ID: e1449a32622bb064b62c2d82d9b154516e56887009d22f5bf50414b8d3db8d2d
                                                                                                  • Opcode Fuzzy Hash: 222f5973cf3d909441bfc91764f68e8dfeac11531f52a17506b21edc5269a84d
                                                                                                  • Instruction Fuzzy Hash: 76527A71A01658DFDB28DF68CC58BEDBBB5BB49304F1441A9E409AB391DB746E84CF80
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E4200 Relevance: 5.7, Strings: 4, Instructions: 720COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: AI_CONTROL_VISUAL_STYLE$AI_CONTROL_VISUAL_STYLE_EX$AI_NO_BORDER_HOVER$AI_NO_BORDER_NORMAL
                                                                                                  • API String ID: 0-932585912
                                                                                                  • Opcode ID: c7ff94516ff8a88cfdcb7799052c8347f7b29de027d590e4a3f5b8c9c2fc0161
                                                                                                  • Instruction ID: e32300e181147da5a5871caaefc7adf5b7e146c5a93a8718de4a7424c3b8503c
                                                                                                  • Opcode Fuzzy Hash: c7ff94516ff8a88cfdcb7799052c8347f7b29de027d590e4a3f5b8c9c2fc0161
                                                                                                  • Instruction Fuzzy Hash: 9942F071D012688FDB18CF69CC58BAEB7B1FF89304F14825DE455AB382D778A905CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0090A8B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 173fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FindFirstFileW.KERNEL32(?,?,00000000,?), ref: 0090A96C
                                                                                                  • FindClose.KERNEL32(00000000), ref: 0090AAB7
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                  • String ID: %d.%d.%d.%d
                                                                                                  • API String ID: 1673784098-3491811756
                                                                                                  • Opcode ID: bfce97707e8545d964665e4549278d695712aab5260712266277a42451ad0ad0
                                                                                                  • Instruction ID: 01f2f34e183e9692d625e67c67cecc8b20a2a2fd370b5dbe2cc9f8239db8e869
                                                                                                  • Opcode Fuzzy Hash: bfce97707e8545d964665e4549278d695712aab5260712266277a42451ad0ad0
                                                                                                  • Instruction Fuzzy Hash: 5F617B70A05219DFDF60DF68CD4CB9DBBB8EF45314F108299E818AB291DB759A84CF81
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E8080 Relevance: 5.4, Strings: 4, Instructions: 371COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: MultipleInstances$MultipleInstancesProps$OldProductCode$ProductCode
                                                                                                  • API String ID: 0-469785651
                                                                                                  • Opcode ID: d7a05c6a25cae3450ebe21a44f778e5c24ffdebfa566c9667aa3fbe4a9f3fc34
                                                                                                  • Instruction ID: f0c840cd0674f6ba1c21aceab562162044442886766d77171703a0ebfe38bc20
                                                                                                  • Opcode Fuzzy Hash: d7a05c6a25cae3450ebe21a44f778e5c24ffdebfa566c9667aa3fbe4a9f3fc34
                                                                                                  • Instruction Fuzzy Hash: EBD12635A01286CBCB58CF59C855BAEB3B5FF89714F14825CD90A9B381EB38AD01CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 009030D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • GetLocaleInfoW.KERNEL32(?,00000002,00A0446C,00000000), ref: 00903141
                                                                                                  • GetLocaleInfoW.KERNEL32(?,00000002,00902CC5,-00000001,00000078,-00000001), ref: 0090317D
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InfoInit_thread_footerLocale$HeapProcess
                                                                                                  • String ID: %d-%s
                                                                                                  • API String ID: 1688948774-1781338863
                                                                                                  • Opcode ID: 31ed88187b781b4606b778be20838bc7df7eb97f64030a47b5483bc74388d409
                                                                                                  • Instruction ID: 53100969f824c6ffed4b62f2386a9675ecbd7479421c5083007e2fda85bd11f7
                                                                                                  • Opcode Fuzzy Hash: 31ed88187b781b4606b778be20838bc7df7eb97f64030a47b5483bc74388d409
                                                                                                  • Instruction Fuzzy Hash: 853148B1A04609AFDB04DFA8CC4ABAEBBB8FB48714F10856DE115AB2D1DB755904CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 009719D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualQuery.KERNEL32(80000000,00971916,0000001C,00971B0B,00000000,?,?,?,?,?,?,?,00971916,00000004,00A87A44,00971B9B), ref: 009719E2
                                                                                                  • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00971916,00000004,00A87A44,00971B9B), ref: 009719FD
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InfoQuerySystemVirtual
                                                                                                  • String ID: D
                                                                                                  • API String ID: 401686933-2746444292
                                                                                                  • Opcode ID: 317156e39bbbc94f97da699abaca2dd7c786700df6df2d332dcd408f06a749e8
                                                                                                  • Instruction ID: 299a94bed56a25136901b8179ec3342a6b3aba9107ac3a35ef408c630ed10833
                                                                                                  • Opcode Fuzzy Hash: 317156e39bbbc94f97da699abaca2dd7c786700df6df2d332dcd408f06a749e8
                                                                                                  • Instruction Fuzzy Hash: B501D433710109ABCB18DE29DC05BEE7BADAFC4328F0CC221ED59D7144DA34D801C680
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008BFE80 Relevance: 4.7, APIs: 3, Instructions: 193fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FindFirstFileW.KERNEL32(?,?,?,FF5677B6,?), ref: 008BFF4C
                                                                                                  • FindNextFileW.KERNEL32(000000FF,00000010,?,FF5677B6,?), ref: 008C00A5
                                                                                                  • FindClose.KERNEL32(000000FF,?,?,FF5677B6,?), ref: 008C0104
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                                  • String ID:
                                                                                                  • API String ID: 3541575487-0
                                                                                                  • Opcode ID: ec285114a7577e8ca77560a27e337582d6667c46033fa34c700f47987451542c
                                                                                                  • Instruction ID: 7d0066efc3c086e1365febf90cd96ca8ac1b7aee252ec38faf5bb347d5d4e9ea
                                                                                                  • Opcode Fuzzy Hash: ec285114a7577e8ca77560a27e337582d6667c46033fa34c700f47987451542c
                                                                                                  • Instruction Fuzzy Hash: 9A818970D04259DBDB24DFA8CC99BEEB7B8FF05304F10829DE419A7281DB74AA85CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007DE6B0 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • IsWindow.USER32(00000004), ref: 007DE6FE
                                                                                                  • GetWindowLongW.USER32(00000004,000000FC), ref: 007DE717
                                                                                                  • SetWindowLongW.USER32(00000004,000000FC,?), ref: 007DE729
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Long
                                                                                                  • String ID:
                                                                                                  • API String ID: 847901565-0
                                                                                                  • Opcode ID: 9de9ab16d2256c9394db44e0101d3e8edd5bc935ba7ea5c320082650c968d653
                                                                                                  • Instruction ID: 6f515c566db774c1c5b47b012b410b056bf0855ccc57be77a3d98e97364d70ca
                                                                                                  • Opcode Fuzzy Hash: 9de9ab16d2256c9394db44e0101d3e8edd5bc935ba7ea5c320082650c968d653
                                                                                                  • Instruction Fuzzy Hash: 6C4180B0604646EFDB11DFA8C948B59FBB4FF05324F104269E424DBB90D776E924CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E2390 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetWindowLongW.USER32(00000003,000000FC), ref: 007E23E6
                                                                                                  • SetWindowLongW.USER32(00000003,000000FC,?), ref: 007E23F8
                                                                                                  • DeleteCriticalSection.KERNEL32(?,FF5677B6,?,?,?,?,009A1D64,000000FF), ref: 007E2423
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LongWindow$CriticalDeleteSection
                                                                                                  • String ID:
                                                                                                  • API String ID: 1978754570-0
                                                                                                  • Opcode ID: 7becbb6dcdf3d1318885e0ec1fec454d8837340fc2688686171b702b2b1ffe12
                                                                                                  • Instruction ID: b535cb99f3d01dc3276f6066d902f158e027d4a8b0747a892408abcad3d956b0
                                                                                                  • Opcode Fuzzy Hash: 7becbb6dcdf3d1318885e0ec1fec454d8837340fc2688686171b702b2b1ffe12
                                                                                                  • Instruction Fuzzy Hash: 1A31D271604686BFCB10DF69CC04B59BBB8BF0A310F248269E824A76D2E775E911CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00979913 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00979A0B
                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00979A15
                                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00979A22
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                  • String ID:
                                                                                                  • API String ID: 3906539128-0
                                                                                                  • Opcode ID: 48c6ac751411e06653e7417b7fbf3554c8ec143f95f5237078ee19b829148d0f
                                                                                                  • Instruction ID: 353a22b50ca935ee076f27c9ce55649970ae4632393e20ea52da514d0e53bb4f
                                                                                                  • Opcode Fuzzy Hash: 48c6ac751411e06653e7417b7fbf3554c8ec143f95f5237078ee19b829148d0f
                                                                                                  • Instruction Fuzzy Hash: C531D275911228ABCB21DF28D989BDCBBB8BF48310F5081EAE41CA7250E7709F818F44
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007C9160 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadResource.KERNEL32(00000000,00000000,FF5677B6,00000001,00000000,?,00000000,0099C480,000000FF,?,007C910C,?,?,007C92B0,00000000,00000000), ref: 007C918B
                                                                                                  • LockResource.KERNEL32(00000000,?,007C910C,?,?,007C92B0,00000000,00000000,00000000,007C9418,-00000010,?,00000000), ref: 007C9196
                                                                                                  • SizeofResource.KERNEL32(00000000,00000000,?,007C910C,?,?,007C92B0,00000000,00000000,00000000,007C9418,-00000010,?,00000000), ref: 007C91A4
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Resource$LoadLockSizeof
                                                                                                  • String ID:
                                                                                                  • API String ID: 2853612939-0
                                                                                                  • Opcode ID: 9c4efc379fd8a098b63514aed0f3f9fb59fe7eb7300bc7b44a8c0ae524c0106b
                                                                                                  • Instruction ID: b0b0bcf84bdc3705736a4a5cde7ffb80a2e70a7bfafe42071d24ab1ccfc4f875
                                                                                                  • Opcode Fuzzy Hash: 9c4efc379fd8a098b63514aed0f3f9fb59fe7eb7300bc7b44a8c0ae524c0106b
                                                                                                  • Instruction Fuzzy Hash: 1611E736A146599BC7248F69DC4DF76B7ECE788B20F04492FED1AD3240EA399C00C690
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D7190 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetWindowLongW.USER32(0000001B,000000FC), ref: 007D71A9
                                                                                                  • SetWindowLongW.USER32(0000001B,000000FC,?), ref: 007D71B7
                                                                                                  • DestroyWindow.USER32(0000001B), ref: 007D71E3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Long$Destroy
                                                                                                  • String ID:
                                                                                                  • API String ID: 3055081903-0
                                                                                                  • Opcode ID: 35c960fbadfcb2c9efd63bdf1cafc416ce5b56ccffe28ccd5688807b11b6134a
                                                                                                  • Instruction ID: 424fb038f255b1a1228a1015309dc23fb8b0fd0ff700586feba52cc1829d25e3
                                                                                                  • Opcode Fuzzy Hash: 35c960fbadfcb2c9efd63bdf1cafc416ce5b56ccffe28ccd5688807b11b6134a
                                                                                                  • Instruction Fuzzy Hash: DFF03031008F119BD7609F68ED05F86BBE0BF44721B108729E4BA826E1E735E845DB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00984860 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 21bf8dacb9574699bfbd8f59c451f84edf4308d2cc6cd49f963e3ae839cbb09e
                                                                                                  • Instruction ID: dc5ee0f5d097e1cf8d70c994d0968a0ec914e37ec8f4e23d0c009425e6a91970
                                                                                                  • Opcode Fuzzy Hash: 21bf8dacb9574699bfbd8f59c451f84edf4308d2cc6cd49f963e3ae839cbb09e
                                                                                                  • Instruction Fuzzy Hash: B6F14F71E0121A9FDF14DFA9D880AAEB7B5FF88324F158269E815AB384D7319D01CF94
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007EF4E0 Relevance: 3.3, APIs: 2, Instructions: 257windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SendMessageW.USER32(?,0000102B,00000000,00000001), ref: 007EF60B
                                                                                                  • SendMessageW.USER32(?,0000102B,?,-00000002), ref: 007EF7F5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend
                                                                                                  • String ID:
                                                                                                  • API String ID: 3850602802-0
                                                                                                  • Opcode ID: 3ace44fb36828131fec6b08d3c766e66ff586c089fbd630d63d595252e663ddf
                                                                                                  • Instruction ID: 63c90e2d0f87563e7ddb65c0aa22abce6628eacb6a3b1528d0c6c6d3f335f82a
                                                                                                  • Opcode Fuzzy Hash: 3ace44fb36828131fec6b08d3c766e66ff586c089fbd630d63d595252e663ddf
                                                                                                  • Instruction Fuzzy Hash: D8B12371A01286AFCB18CF29C9D5BA9FBF5FF08304F048269E459DB681D738E940CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DE5B0 Relevance: 3.1, APIs: 2, Instructions: 134windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,FF5677B6,?,00000000), ref: 008DE5FB
                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 008DE605
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocateErrorFormatHeapLastMessage
                                                                                                  • String ID:
                                                                                                  • API String ID: 4114510652-0
                                                                                                  • Opcode ID: 64923e05a9b4cafb86c2847f67d3cf95211ddb6bed7890ed53d56938ce4c6ac8
                                                                                                  • Instruction ID: b5d102f15ec42a27840004d096c1539286c2442652db1c25f7c0c522e1304da4
                                                                                                  • Opcode Fuzzy Hash: 64923e05a9b4cafb86c2847f67d3cf95211ddb6bed7890ed53d56938ce4c6ac8
                                                                                                  • Instruction Fuzzy Hash: 2141F271A01209DBDB14DFA8D809BAEF7F4FB54714F14426EE905EB380D7B99900CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DABE0 Relevance: 3.1, APIs: 2, Instructions: 126COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 463e03b14e496f9967090e710277126d92d47fd0369fa79e4fc565aebf1c7cbe
                                                                                                  • Instruction ID: 60a3bef0b8abebb1354d668b110046b17590a252fbf8ef367fa448407a6b03b4
                                                                                                  • Opcode Fuzzy Hash: 463e03b14e496f9967090e710277126d92d47fd0369fa79e4fc565aebf1c7cbe
                                                                                                  • Instruction Fuzzy Hash: C8419D30901289DBDB28DF68C958BEDB3A4FF44321F24832AE815DB2D1EB749E44CB51
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008310D0 Relevance: 3.1, APIs: 2, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetWindowLongW.USER32(00000000,000000FC), ref: 0083113F
                                                                                                  • SetWindowLongW.USER32(00000000,000000FC,?), ref: 0083114D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LongWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 1378638983-0
                                                                                                  • Opcode ID: a92949546147f6db0fc3e204f66ae88ed0c7ca345dbf82d298bde51978fe039b
                                                                                                  • Instruction ID: 5441d4825000a849c88ecde1220197879fa82667d1bf58c0e98c4c9e86eeafb4
                                                                                                  • Opcode Fuzzy Hash: a92949546147f6db0fc3e204f66ae88ed0c7ca345dbf82d298bde51978fe039b
                                                                                                  • Instruction Fuzzy Hash: EA317871904605EFCB10DFA9C948B9AFBB4FB44720F208269E824E76D1D735AA51CBD0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007FD8C0 Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • __set_se_translator.LIBVCRUNTIME ref: 007FD8C5
                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_0011A060), ref: 007FD8DB
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterUnhandled__set_se_translator
                                                                                                  • String ID:
                                                                                                  • API String ID: 2480343447-0
                                                                                                  • Opcode ID: d759b8b59bdbd3c8d93901e6968738186baa113a6bd03e25cf752d62f778e29d
                                                                                                  • Instruction ID: 33f9c554c96b021835cc121c3a670e303fcde63196d0a23bfa19c770ecd9af18
                                                                                                  • Opcode Fuzzy Hash: d759b8b59bdbd3c8d93901e6968738186baa113a6bd03e25cf752d62f778e29d
                                                                                                  • Instruction Fuzzy Hash: 32D0A9209482488AD70087A0D80A7352BA0F39630CF084115D04B40382D3B85802E703
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098F711 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0098F70C,?,?,00000008,?,?,0099A8F4,00000000), ref: 0098F93E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionRaise
                                                                                                  • String ID:
                                                                                                  • API String ID: 3997070919-0
                                                                                                  • Opcode ID: 4099b8dab7e80b448a5653c19284a8ffc78acc5ccc484e19fe7d1bc04c1108b0
                                                                                                  • Instruction ID: a3d64efd89a7c673e480da041da482588ac25659153ae3c85aae81b9a71b9b35
                                                                                                  • Opcode Fuzzy Hash: 4099b8dab7e80b448a5653c19284a8ffc78acc5ccc484e19fe7d1bc04c1108b0
                                                                                                  • Instruction Fuzzy Hash: 50B14B32610608DFD715DF28C496B657BE0FF45364F299668E89ACF3A1C336E992CB40
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008345B0 Relevance: 1.8, Strings: 1, Instructions: 521COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionRaise__floor_pentium4
                                                                                                  • String ID: unordered_map/set too long
                                                                                                  • API String ID: 996205981-306623848
                                                                                                  • Opcode ID: e9bd52f0a5612919bbb5b04fa4ce465e97f74af0577d7cfa105a37e28e49b232
                                                                                                  • Instruction ID: d8787aab8d1fe320b4b773d60eec5397f6b604ecaee24e49d9d44395137853b7
                                                                                                  • Opcode Fuzzy Hash: e9bd52f0a5612919bbb5b04fa4ce465e97f74af0577d7cfa105a37e28e49b232
                                                                                                  • Instruction Fuzzy Hash: E612B171A002099FCB15DF68C881AADFBF5FF98314F24826AE815EB352D735E951CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E7AC0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtdllDefWindowProc_W.NTDLL(?,-00002000,?,?,007E60F7,?,?,?,?,?,?,?,?,007E5F68,?,?), ref: 007E7B10
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: NtdllProc_Window
                                                                                                  • String ID:
                                                                                                  • API String ID: 4255912815-0
                                                                                                  • Opcode ID: a133d421a9b7b8ac9d037d6c8e4bdcb85ab8a1d19a4f28ce63e0df3f5ff8fa0c
                                                                                                  • Instruction ID: 2fb8ace50ffb51da199d9a32a8310c9c7f22b531143fbf55afc6f4385c199425
                                                                                                  • Opcode Fuzzy Hash: a133d421a9b7b8ac9d037d6c8e4bdcb85ab8a1d19a4f28ce63e0df3f5ff8fa0c
                                                                                                  • Instruction Fuzzy Hash: 64F05EB000E1C1DED3199B59E858A69BBAAFB4C306F5445F5E044C9460C23D8E84DB10
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00991639 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 15ff8281f7793909ffe8983a42da820b98cee2f8f74229f8e46e96f7b6d27242
                                                                                                  • Instruction ID: f81fe3f83c4a3ba6199aa3f8108bfc73d8640b3f3cb7df86f8d7fdb62836f107
                                                                                                  • Opcode Fuzzy Hash: 15ff8281f7793909ffe8983a42da820b98cee2f8f74229f8e46e96f7b6d27242
                                                                                                  • Instruction Fuzzy Hash: 2F321621D29F424DDB239638C822335A64DAFB73D5F15D737F82AB59B9EB29C4839100
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0097D24E Relevance: .4, Instructions: 388COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3ddd92917996de7ac2b0592b9d440596a0a56223695ddd01b49a9f0fed9974b3
                                                                                                  • Instruction ID: bd3d1817434b377586cb9d5179eb688f584aa376db036593ea451d99381bc139
                                                                                                  • Opcode Fuzzy Hash: 3ddd92917996de7ac2b0592b9d440596a0a56223695ddd01b49a9f0fed9974b3
                                                                                                  • Instruction Fuzzy Hash: 53E1DF72A026058FCB24DF68C580AAEB7F5FF89314B24CA4DE45E9B291D730ED42CB51
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D5220 Relevance: .1, Instructions: 140COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f6ddee3df6bbe056d41f1a30aaea58d4029510180a2e0f65f763aacdff3497b2
                                                                                                  • Instruction ID: 57059d4b37bc790bb5645acbb0f02e53aafb59406b4bbaeabd0ad090c847b5d4
                                                                                                  • Opcode Fuzzy Hash: f6ddee3df6bbe056d41f1a30aaea58d4029510180a2e0f65f763aacdff3497b2
                                                                                                  • Instruction Fuzzy Hash: 327106B1801B48CFE761CF68C94478ABBF0BB15324F148A5DD4A99B3D1D3B9A648CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0087C330 Relevance: .1, Instructions: 85COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2ee1c70cd8a1e5642b62731ac58e90fda7177cfd60933bf9e351e2457901078e
                                                                                                  • Instruction ID: f8e03a3a98a3b9d4e4da7f17e58ec56c6ee3fad797938fc103e4de714b63a906
                                                                                                  • Opcode Fuzzy Hash: 2ee1c70cd8a1e5642b62731ac58e90fda7177cfd60933bf9e351e2457901078e
                                                                                                  • Instruction Fuzzy Hash: 2D41F2B0905A49EED704CF69C50878AFBF0FB19318F20829DC4589B781D3BAA619CF95
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007DE540 Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 34abe96d809309ac16a57be67c23d39beb31b4582ffd40cbeae3b306d7760092
                                                                                                  • Instruction ID: d9fb4c8bde3a6dfbb762216d32b00b3af402b8fa8540eaef901cafd2f64bf5c9
                                                                                                  • Opcode Fuzzy Hash: 34abe96d809309ac16a57be67c23d39beb31b4582ffd40cbeae3b306d7760092
                                                                                                  • Instruction Fuzzy Hash: 3431F2B0405B84CEE321CF69C558347BFF0BB05718F104A4DD4A28BB91D3BAA508CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D78B0 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7c108664963608292cf5907a4b5b8f634b518ae8ced39dca2b054b9fd172bcef
                                                                                                  • Instruction ID: 27a936dd588f344b0e9656d264ff9a4907259550d500e806295bc127d8d753fa
                                                                                                  • Opcode Fuzzy Hash: 7c108664963608292cf5907a4b5b8f634b518ae8ced39dca2b054b9fd172bcef
                                                                                                  • Instruction Fuzzy Hash: 942147B0804788CFD710CF68C90478ABBF4FF19314F1186AED455AB791E7B9AA48CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D7E70 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bb7a2c1218f5bcc588bd3111d78d1895f4ac4a8237b84b5d39f890dc9f8f98a4
                                                                                                  • Instruction ID: e09cd3b9a8140f65213d9ea7e13029d7bd87292bfd95b25173db1df5a361e086
                                                                                                  • Opcode Fuzzy Hash: bb7a2c1218f5bcc588bd3111d78d1895f4ac4a8237b84b5d39f890dc9f8f98a4
                                                                                                  • Instruction Fuzzy Hash: 7C2158B0804788CFDB10CF68C94478ABBF4FF19314F1186AED4559B791E7B9AA48CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007F58F0 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ea8c44d085757860dfbd309802bbc3c9a878bdc1f387584d5d780a13de803bb6
                                                                                                  • Instruction ID: 0df0e9f281cc0a2eb689e939bd9b3dad921475e327dd47af50dbc08d3a314e38
                                                                                                  • Opcode Fuzzy Hash: ea8c44d085757860dfbd309802bbc3c9a878bdc1f387584d5d780a13de803bb6
                                                                                                  • Instruction Fuzzy Hash: 621100B1905648DFC740CF58D544749BBF4FB09328F2082AEE8189B381D37A9A06CF84
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098E8FB Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3f050f0a4e895c56bb7793acbc3d3b5abd7238ac9b51d87842c7e60c80246596
                                                                                                  • Instruction ID: 979b88272323b55a1f8c9f16a7a3a41a249ad90066aaf40dadee59f9f0dc3e4a
                                                                                                  • Opcode Fuzzy Hash: 3f050f0a4e895c56bb7793acbc3d3b5abd7238ac9b51d87842c7e60c80246596
                                                                                                  • Instruction Fuzzy Hash: 9CF03031655224EBCB16E748C815B59B3ACEB45B61F51509AE501D7390D6B4DE40C7D0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098E93F Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                  • Instruction ID: 494549968a7c23eab2e20749a8bd7efb69bf8a6befd9500210e5b1839fd09a7f
                                                                                                  • Opcode Fuzzy Hash: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                  • Instruction Fuzzy Hash: EDE0EC72911228EBCB25EB99C954A8AF3ECEB85B50B154997F501E3311D2B1DE41CBD0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0097FDF7 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 16a962eb7063aa5dac9a286c1eb4be0eb6ad47394398426903ba7e2235a18e8e
                                                                                                  • Instruction ID: bd3e6977ec2df3862c2e9e7df990e56bd10a5d05f5ab4176f34628d8570e6985
                                                                                                  • Opcode Fuzzy Hash: 16a962eb7063aa5dac9a286c1eb4be0eb6ad47394398426903ba7e2235a18e8e
                                                                                                  • Instruction Fuzzy Hash: 25C08C35001940CBCF2A991493713A53358ABD1782F80149CC40B0B753D91F9C82D700
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D71F0 Relevance: 28.5, APIs: 15, Strings: 1, Instructions: 460stringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ParentWindowlstrcmp
                                                                                                  • String ID: #32770
                                                                                                  • API String ID: 3676684576-463685578
                                                                                                  • Opcode ID: d57238fed2d910f523337d33a4b33f12acfe074ac6243e9eb1c48e4bd30e6f04
                                                                                                  • Instruction ID: 435e2ad2680d581dc6575f8f256baea8f221786c93f02da9cf4eae0709381046
                                                                                                  • Opcode Fuzzy Hash: d57238fed2d910f523337d33a4b33f12acfe074ac6243e9eb1c48e4bd30e6f04
                                                                                                  • Instruction Fuzzy Hash: D4028E70A04248EFDB15CFA8C948BAEBBB5FF49314F244559F415A7390EB39E940DB21
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008F8270 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 439COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetCurrentProcess.KERNEL32(?,FF5677B6), ref: 008F82D9
                                                                                                  • IsWow64Process.KERNEL32(00000000), ref: 008F82E0
                                                                                                    • Part of subcall function 008DAB00: _wcsrchr.LIBVCRUNTIME ref: 008DAB39
                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 008F8361
                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 008F83F7
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _wcsrchr$Process$CurrentWow64
                                                                                                  • String ID: "%s" $ /fvomus //$ /i //$ /p //$ EXE_CMD_LINE="%s "$ TRANSFORMS=":%d"$%s AI_SETUPEXEPATH="%s" SETUPEXEDIR="%s"$.x64
                                                                                                  • API String ID: 657290924-2074823060
                                                                                                  • Opcode ID: c7a30f8ee55617211733ac1f50202ce11d91d6c028a8793898e7e745f9e1ad5f
                                                                                                  • Instruction ID: ac2977b3b1da938e332ef79d2b78a2939afc7722163f244aa3af3dd529adb94e
                                                                                                  • Opcode Fuzzy Hash: c7a30f8ee55617211733ac1f50202ce11d91d6c028a8793898e7e745f9e1ad5f
                                                                                                  • Instruction Fuzzy Hash: E3F1AD31A0160ADFDB14DFB8C848BAEB7A5FF45314F14866CE915EB291DB74AD00CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007CDE70 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 263libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryW.KERNEL32(combase.dll,RoGetActivationFactory,FF5677B6,?,?,?,?,?,?,?,?,?,FF5677B6,0099E035,000000FF), ref: 007CDED8
                                                                                                  • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 007CDEDE
                                                                                                  • LoadLibraryW.KERNEL32(00000000,.dll,-00000001,00000000,?,00A0446C,00000000,00000000,00000000), ref: 007CE07D
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LibraryLoad$AddressProc
                                                                                                  • String ID: .dll$CoIncrementMTAUsage$DllGetActivationFactory$RoGetActivationFactory$combase.dll
                                                                                                  • API String ID: 1469910268-2454113998
                                                                                                  • Opcode ID: 877d6e027e471492f289ffb5613bb9b0be4bc55c4d6783f89bd76b0a56f1cdb3
                                                                                                  • Instruction ID: 855063ea692cd104fefe0fd36b5ff3d22a16513c0722949e19c5e728e1e60369
                                                                                                  • Opcode Fuzzy Hash: 877d6e027e471492f289ffb5613bb9b0be4bc55c4d6783f89bd76b0a56f1cdb3
                                                                                                  • Instruction Fuzzy Hash: F5A13C71A00249EFDF24DFA8C895FEEBBB5BF48710F24402DE415A7290DB789945CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E9470 Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 410libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00903C70: GetSystemDefaultLangID.KERNEL32(FF5677B6,?,?,?,?), ref: 00903CA6
                                                                                                  • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2,?,?,?,?,00000000), ref: 008E95D3
                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 008E95DA
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008E95F1
                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,?,00000000), ref: 008E9610
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressCurrentDefaultHandleInit_thread_footerLangModuleProcProcessSystem
                                                                                                  • String ID: An acceptable version was found.$IsWow64Process2$Search result:$Searching for:$Undefined$Wrong OS or Os language for:$kernel32
                                                                                                  • API String ID: 52476621-1658165007
                                                                                                  • Opcode ID: bbda397bd30aa0428ee421cd69dd2a8452ae7d11c2559a4f00c6bda69230b955
                                                                                                  • Instruction ID: bb9e6846870fbbb216cf8106a9249010c57343ab504f0a16eed2650394ad8abe
                                                                                                  • Opcode Fuzzy Hash: bbda397bd30aa0428ee421cd69dd2a8452ae7d11c2559a4f00c6bda69230b955
                                                                                                  • Instruction Fuzzy Hash: 5BF1C270900644DFCB10EFA9C884BAEBBF1FF45314F14825DE4A6EB291DBB0A946CB51
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E4730 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 340threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • InitializeCriticalSection.KERNEL32(00A8944C,FF5677B6,?,?), ref: 008E4852
                                                                                                  • EnterCriticalSection.KERNEL32(?,FF5677B6,?,?,?,?,?,?,?,?,00000000,009DD8F7,000000FF), ref: 008E4864
                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,00000000,009DD8F7,000000FF), ref: 008E4871
                                                                                                  • GetCurrentThread.KERNEL32 ref: 008E487C
                                                                                                  • GetModuleHandleW.KERNEL32(00000000,*** Stack Trace (x86) ***,0000001F,?,00A0446C,00000000), ref: 008E4AAE
                                                                                                  • LeaveCriticalSection.KERNEL32(?,00000000), ref: 008E4BDC
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$Current$EnterHandleInitializeLeaveModuleProcessThread
                                                                                                  • String ID: *** Stack Trace (x86) ***$ v$<--------------------MORE--FRAMES-------------------->$MODULE_BASE_ADDRESS$[0x%.8Ix]
                                                                                                  • API String ID: 3051236879-1086252000
                                                                                                  • Opcode ID: 433ce67d676f856e0b556ee6eac02fc58fbd70cdb40ee3ea2fdbd3aa95ef494a
                                                                                                  • Instruction ID: 10e98691c259e241502eca592aea39294780d16fc4efbf987bd1aa7b903d3ee4
                                                                                                  • Opcode Fuzzy Hash: 433ce67d676f856e0b556ee6eac02fc58fbd70cdb40ee3ea2fdbd3aa95ef494a
                                                                                                  • Instruction Fuzzy Hash: 8FD188716002889FEB25DF64CC59BEE7BB8FF45308F10415CE9199B281DB79AB05CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E47E0 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 265threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • InitializeCriticalSection.KERNEL32(00A8944C,FF5677B6,?,?), ref: 008E4852
                                                                                                  • EnterCriticalSection.KERNEL32(?,FF5677B6,?,?,?,?,?,?,?,?,00000000,009DD8F7,000000FF), ref: 008E4864
                                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,00000000,009DD8F7,000000FF), ref: 008E4871
                                                                                                  • GetCurrentThread.KERNEL32 ref: 008E487C
                                                                                                  • GetModuleHandleW.KERNEL32(00000000,*** Stack Trace (x86) ***,0000001F,?,00A0446C,00000000), ref: 008E4AAE
                                                                                                  • LeaveCriticalSection.KERNEL32(?,00000000), ref: 008E4BDC
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$Current$EnterHandleInitializeLeaveModuleProcessThread
                                                                                                  • String ID: *** Stack Trace (x86) ***$ v$<--------------------MORE--FRAMES-------------------->$MODULE_BASE_ADDRESS$[0x%.8Ix]
                                                                                                  • API String ID: 3051236879-1086252000
                                                                                                  • Opcode ID: 76ce7bd6851bf968a3020c57739c7e8b70224d90a2b20a3fc0b8ef311cf1b998
                                                                                                  • Instruction ID: 314514afe71c7fa4f736a57f30fc26ee26b3cc81a56d1baf227d3c301e95dbae
                                                                                                  • Opcode Fuzzy Hash: 76ce7bd6851bf968a3020c57739c7e8b70224d90a2b20a3fc0b8ef311cf1b998
                                                                                                  • Instruction Fuzzy Hash: DDB1BB715002889FDF25DFA4CC59BEE7BB8FF45308F104158E909AB291DB759B04CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007F4DB0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 229windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000063,80000000,80000000,80000000,80000000,?,00000000,00000000,FF5677B6), ref: 007F4E38
                                                                                                    • Part of subcall function 007D68F0: SetWindowLongW.USER32(?,000000FC,00000000), ref: 007D6926
                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 007F4F3B
                                                                                                  • SendMessageW.USER32(00000000,00000439,00000000,0000002C), ref: 007F4F4F
                                                                                                  • SendMessageW.USER32(00000000,00000421,00000003,?), ref: 007F4F64
                                                                                                  • SendMessageW.USER32(00000000,00000418,00000000,0000012C), ref: 007F4F79
                                                                                                  • SendMessageW.USER32(?,000000D6,-00000001,00000000), ref: 007F4F90
                                                                                                  • GetWindowRect.USER32(?,?), ref: 007F4FC2
                                                                                                  • SendMessageW.USER32(00000000,00000412,00000000), ref: 007F5024
                                                                                                  • SendMessageW.USER32(00000000,00000411,00000001,0000002C), ref: 007F5034
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$Window$CreateLongRect
                                                                                                  • String ID: tooltips_class32
                                                                                                  • API String ID: 1954517558-1918224756
                                                                                                  • Opcode ID: 44ecc2df8c17fe86ef2c59682d62ea819cca396f6d7096ef526d0609adab58fe
                                                                                                  • Instruction ID: 52d0a8433f5754f4995b869214549e51a7b4fb901a9bfcc372e9368c89cda149
                                                                                                  • Opcode Fuzzy Hash: 44ecc2df8c17fe86ef2c59682d62ea819cca396f6d7096ef526d0609adab58fe
                                                                                                  • Instruction Fuzzy Hash: 2C913C71A00648AFDB14CFA4CC95FAEBBF9FB48300F14852AF616EA290D774A905CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00836CB0 Relevance: 16.7, APIs: 11, Instructions: 170COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00836CF7
                                                                                                  • GetParent.USER32 ref: 00836D0D
                                                                                                  • GetWindowRect.USER32(?,?), ref: 00836D18
                                                                                                  • GetParent.USER32(?), ref: 00836D20
                                                                                                  • GetWindow.USER32(?,00000004), ref: 00836D52
                                                                                                  • GetWindowRect.USER32(?,?), ref: 00836D60
                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 00836D6D
                                                                                                  • MonitorFromWindow.USER32(?,00000002), ref: 00836D85
                                                                                                  • GetMonitorInfoW.USER32(00000000,00000004), ref: 00836D9F
                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015), ref: 00836E4D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$LongMonitorParentRect$FromInfo
                                                                                                  • String ID:
                                                                                                  • API String ID: 1820395375-0
                                                                                                  • Opcode ID: 198ea61c2be7a179e36501a8eb7ddae65dff76ce9acd8a1af944619e1774e3f3
                                                                                                  • Instruction ID: 4e72b0455b241f07982b5ea125b96d776aaf180ef4019d85af59413323297b40
                                                                                                  • Opcode Fuzzy Hash: 198ea61c2be7a179e36501a8eb7ddae65dff76ce9acd8a1af944619e1774e3f3
                                                                                                  • Instruction Fuzzy Hash: B8516172D04519AFDB11CFA8CD45ADDBBB9FB48710F244229E815F3294EB30AD15CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008F06D0 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 283COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 008E5290: LoadLibraryW.KERNEL32(Shlwapi.dll,?,?,?,?,008F0731,?,FF5677B6,?,?), ref: 008E52AB
                                                                                                    • Part of subcall function 008E5290: GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 008E52C1
                                                                                                    • Part of subcall function 008E5290: FreeLibrary.KERNEL32(00000000), ref: 008E52FA
                                                                                                  • GetEnvironmentVariableW.KERNEL32(APPDATA,?,00000104,FF5677B6,?,?), ref: 008F0910
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Library$AddressEnvironmentFreeLoadProcVariable
                                                                                                  • String ID: AI_BOOTSTRAPPERLANGS$APPDATA$AppDataFolder$PROGRAMFILES$ProgramFiles$ProgramFilesFolder$Shell32.dll$Shlwapi.dll
                                                                                                  • API String ID: 788177547-1020860216
                                                                                                  • Opcode ID: aaace1719534a648c81a92f059697333c3734f46db5ef19df9b72cdd7affdeb5
                                                                                                  • Instruction ID: 0c8aab9f045ff3e4624b1c3073f6c7e5c382579ed0c30b7d04bb589d48e7a9b1
                                                                                                  • Opcode Fuzzy Hash: aaace1719534a648c81a92f059697333c3734f46db5ef19df9b72cdd7affdeb5
                                                                                                  • Instruction Fuzzy Hash: 2391D071A012099FDB14EB74C845BFAB3A5FF64354F1446A9EA06CB292E731ED41CF90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D5050 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 119COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • EnterCriticalSection.KERNEL32(00A8957C,FF5677B6,00000000,?,?,?,?,?,?,007D487E,0099F9CD,000000FF), ref: 007D508D
                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 007D5108
                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 007D51AE
                                                                                                  • LeaveCriticalSection.KERNEL32(00A8957C), ref: 007D5203
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalCursorLoadSection$EnterLeave
                                                                                                  • String ID: v$AtlAxWin140$AtlAxWinLic140$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                  • API String ID: 3727441302-4127849342
                                                                                                  • Opcode ID: aca5715e5aa887ed2af771f9bde49ff66f1f54f8517e0fa7ed2f9114dcb73e9b
                                                                                                  • Instruction ID: b33c9963a6c03d77e1edfc5ae6b1c1d1bc0f478c438fe5e3eba7f7a5cfa48bbe
                                                                                                  • Opcode Fuzzy Hash: aca5715e5aa887ed2af771f9bde49ff66f1f54f8517e0fa7ed2f9114dcb73e9b
                                                                                                  • Instruction Fuzzy Hash: 435108B1C45219AFDB51DF98EC447EEBBB8BB08704F14416AE504B7380DBB99A05CF90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0091D8D0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 43libraryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryW.KERNEL32(?,00000000,0090098B,?,?,?,?,?), ref: 0091D8E5
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LibraryLoad
                                                                                                  • String ID: EndExtraction$ExtractAllFiles$GetTotalFilesSize$InitExtraction
                                                                                                  • API String ID: 1029625771-3462492388
                                                                                                  • Opcode ID: cb98a483c561b07d562c41a1fff528c655d655e83f402dd8a5850ec49ed70f36
                                                                                                  • Instruction ID: 0e1f7fb84cb82858917c266192891124b4f158e6b507d77d508536dfbb9f4c45
                                                                                                  • Opcode Fuzzy Hash: cb98a483c561b07d562c41a1fff528c655d655e83f402dd8a5850ec49ed70f36
                                                                                                  • Instruction Fuzzy Hash: 7A017C79905366AFCB50EFE4FC0CAB67FA1F719325304566AE84293262C7344842DFA4
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00919380 Relevance: 15.3, APIs: 10, Instructions: 334COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9a55372dfb7f0378c32c4c88395ad81acaeebd0a6534c48af0df9bb60ae8b3f6
                                                                                                  • Instruction ID: 98a7e0d63b1a5f17c3bf0cb6b53cd74c21843897b4bb48cee72821383678be37
                                                                                                  • Opcode Fuzzy Hash: 9a55372dfb7f0378c32c4c88395ad81acaeebd0a6534c48af0df9bb60ae8b3f6
                                                                                                  • Instruction Fuzzy Hash: 96A1E172704209EBDB10EFA4DC99FAEBBA8EF85310F104169F9059B2E1D775E941CB60
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D32F0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 267memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007D3335
                                                                                                  • SysAllocString.OLEAUT32(?), ref: 007D3349
                                                                                                  • VariantInit.OLEAUT32(?), ref: 007D3384
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007D33DA
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007D33E4
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007D33EE
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007D33FB
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                  Strings
                                                                                                  • <body><h3 style="color:green;">Error loading resource:</h3><p style="white-space:nowrap">"%s"</p></body>, xrefs: 007D347B
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Variant$Clear$AllocAllocateHeapInitString
                                                                                                  • String ID: <body><h3 style="color:green;">Error loading resource:</h3><p style="white-space:nowrap">"%s"</p></body>
                                                                                                  • API String ID: 1547307772-1571955069
                                                                                                  • Opcode ID: 23dbd3f83c1456760e3c8a2f81fc1260d659e6ef8c16b9b34f96e1eebc69b654
                                                                                                  • Instruction ID: 1d9ff8d6ae6a1cb31f06d0cd60aa94d6296e89ca48722a32e6b70fd9ac26d5ae
                                                                                                  • Opcode Fuzzy Hash: 23dbd3f83c1456760e3c8a2f81fc1260d659e6ef8c16b9b34f96e1eebc69b654
                                                                                                  • Instruction Fuzzy Hash: 8B916C71904249DFDB01DFA8DD48BDEBBB8FF49314F14825AE415E7290E778AA04CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00902DC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetSystemDefaultLangID.KERNEL32 ref: 00902DFC
                                                                                                  • GetUserDefaultLangID.KERNEL32 ref: 00902E09
                                                                                                  • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00902E1B
                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemDefaultUILanguage), ref: 00902E2F
                                                                                                  • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 00902E44
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressDefaultLangProc$LibraryLoadSystemUser
                                                                                                  • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll
                                                                                                  • API String ID: 667524283-3528650308
                                                                                                  • Opcode ID: 7cda8456c0b5d85fe14b55d3aca50696bf51ab7b407b5a8976132bca19c9c342
                                                                                                  • Instruction ID: f6c6d08338afbfac431981abd53ec3b4c68815cc41cd60199dea785a78ce5079
                                                                                                  • Opcode Fuzzy Hash: 7cda8456c0b5d85fe14b55d3aca50696bf51ab7b407b5a8976132bca19c9c342
                                                                                                  • Instruction Fuzzy Hash: 5E41AF306083519FCB44EF28D8587BAB3E5AFE8351F90092EF989C7280EB34D945CB52
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00978400 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00978437
                                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 0097843F
                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 009784C8
                                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 009784F3
                                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00978548
                                                                                                  • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 0097855E
                                                                                                  • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00978573
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
                                                                                                  • String ID: csm
                                                                                                  • API String ID: 1385549066-1018135373
                                                                                                  • Opcode ID: fab1a20449d4db0c0f2eb21cbb79feb44984303907c65e5f7a2ded3d396ae15a
                                                                                                  • Instruction ID: 725dcd1f9606000de5d145d16825110d2fbfdc85b4500e168c401ae1567b8eaa
                                                                                                  • Opcode Fuzzy Hash: fab1a20449d4db0c0f2eb21cbb79feb44984303907c65e5f7a2ded3d396ae15a
                                                                                                  • Instruction Fuzzy Hash: 5B41B436A40209ABCF10DF68C849A9F7BB9FF85324F14C195E91C5B392DB759905CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008C2AF0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 248fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000), ref: 008C2BDF
                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 008C2C07
                                                                                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?), ref: 008C2C49
                                                                                                  • CloseHandle.KERNEL32(?), ref: 008C2C9E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseFileHandle$CreateWrite
                                                                                                  • String ID: .bat$EXE$open
                                                                                                  • API String ID: 3602564925-2898749727
                                                                                                  • Opcode ID: 95a78712fd2351cab98ac9b9712d2f4bc8a6ded5d02cdf16c3b6418471768ed5
                                                                                                  • Instruction ID: fe378c37492710c97528c095974a1d48bae0860b247cf71d2643712841acf46e
                                                                                                  • Opcode Fuzzy Hash: 95a78712fd2351cab98ac9b9712d2f4bc8a6ded5d02cdf16c3b6418471768ed5
                                                                                                  • Instruction Fuzzy Hash: C7A15670901648EBEB10DFA8C948B9EBBB4FF45324F24829DE515EB2E1DB749D44CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D8680 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 151threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetLastError.KERNEL32(0000000E,FF5677B6,?,?,00000000,?), ref: 007D86BE
                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 007D86FF
                                                                                                  • EnterCriticalSection.KERNEL32(00A8957C), ref: 007D871F
                                                                                                  • LeaveCriticalSection.KERNEL32(00A8957C), ref: 007D8743
                                                                                                  • CreateWindowExW.USER32(00000000,00000000,00000000,00A8957C,?,80000000,00000000,80000000,00000000,00000000,00000000), ref: 007D879E
                                                                                                    • Part of subcall function 00974245: GetProcessHeap.KERNEL32(00000008,00000008,00000000,009035FE,?,?,?,?,?,?), ref: 0097424A
                                                                                                    • Part of subcall function 00974245: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?), ref: 00974251
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalHeapSection$AllocCreateCurrentEnterErrorLastLeaveProcessThreadWindow
                                                                                                  • String ID: v$AXWIN UI Window
                                                                                                  • API String ID: 213679520-2690018532
                                                                                                  • Opcode ID: 17c4bc02b38109ec9f0269281ad8c9a90cf5cb818ca254c8a4909e4de2f85490
                                                                                                  • Instruction ID: dd7da6146c512bb4fc2b6169929ce52d0a0c4db3b1f8dadb0c87cf9334724451
                                                                                                  • Opcode Fuzzy Hash: 17c4bc02b38109ec9f0269281ad8c9a90cf5cb818ca254c8a4909e4de2f85490
                                                                                                  • Instruction Fuzzy Hash: 4051D371604305AFDB10CF58DD05BAABBF8FB88724F14851AF918A7380DB75A815CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007DC6D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • __Init_thread_footer.LIBCMT ref: 007DC7BF
                                                                                                    • Part of subcall function 00974B58: EnterCriticalSection.KERNEL32(00A87FD8,FF5677B6,?,007C9DD7,00A88C04,009F7520), ref: 00974B62
                                                                                                    • Part of subcall function 00974B58: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9DD7,00A88C04,009F7520), ref: 00974B95
                                                                                                    • Part of subcall function 00974B58: RtlWakeAllConditionVariable.NTDLL ref: 00974C0C
                                                                                                  • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,?,FF5677B8), ref: 007DC813
                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 007DC870
                                                                                                    • Part of subcall function 00974BA2: EnterCriticalSection.KERNEL32(00A87FD8,?,FF5677B6,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?), ref: 00974BAD
                                                                                                    • Part of subcall function 00974BA2: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?,00000000), ref: 00974BEA
                                                                                                  • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,00000000,?), ref: 007DC8D4
                                                                                                  • CloseHandle.KERNEL32(00000000,7556E610), ref: 007DC8FA
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$CloseEnterFileHandleLeave$ConditionCreateInit_thread_footerVariableWakeWrite
                                                                                                  • String ID: aix$html
                                                                                                  • API String ID: 2030708724-2369804267
                                                                                                  • Opcode ID: 2f898bf600663b16a661ca90cbec20a389836cf101dd01057dcc31eb8182ca22
                                                                                                  • Instruction ID: 24b8e60c98dcd3d03d846411aadace5d1778d86f94eb3a0a2a8e95998e64f052
                                                                                                  • Opcode Fuzzy Hash: 2f898bf600663b16a661ca90cbec20a389836cf101dd01057dcc31eb8182ca22
                                                                                                  • Instruction Fuzzy Hash: C96168B0900248DFEB15DFA4DD59BAEBBF4BB44318F18411DE101AB391DBB96909CFA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007CD970 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 139COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .dll$CoIncrementMTAUsage$DllGetActivationFactory$RoGetActivationFactory$Windows.Foundation.Uri$combase.dll
                                                                                                  • API String ID: 0-3956872289
                                                                                                  • Opcode ID: 628f42c5c3a61d05be6237158fc43f89c7f72c7f8f740e838570d4f329706891
                                                                                                  • Instruction ID: aee42349d02336f50da75a512cda142115d0f2eb977494586d42e1fb0a92549e
                                                                                                  • Opcode Fuzzy Hash: 628f42c5c3a61d05be6237158fc43f89c7f72c7f8f740e838570d4f329706891
                                                                                                  • Instruction Fuzzy Hash: C2518CB1901259EFDB14DFA4C945BEFBBB4FB05714F10452EE911AB380CBB96A05CBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007C2860 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 135COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(00A89358,00000000,FF5677B6,00000000,009D84A3,000000FF,?,FF5677B6), ref: 007C29D3
                                                                                                  • GetLastError.KERNEL32(?,FF5677B6), ref: 007C29DD
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CountCriticalErrorInitializeLastSectionSpin
                                                                                                  • String ID: VolumeCostAvailable$VolumeCostDifference$VolumeCostRequired$VolumeCostSize$VolumeCostVolume
                                                                                                  • API String ID: 439134102-34576578
                                                                                                  • Opcode ID: 05794d7d470a807a042bc41b8a15b27fd65486ac7282a0a1e157dc49baaeb4be
                                                                                                  • Instruction ID: aaebe4539acecbc786788db18db15fecdff7aceaed10401d772a23e8f774e638
                                                                                                  • Opcode Fuzzy Hash: 05794d7d470a807a042bc41b8a15b27fd65486ac7282a0a1e157dc49baaeb4be
                                                                                                  • Instruction Fuzzy Hash: 7451A0B29002489BDB10DFA4DC05BEFBBF8FB44714F14422DE815AB391EB79A906CB51
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00920940 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000023,?,00A89384), ref: 00920950
                                                                                                  • LoadLibraryW.KERNEL32(Shell32.dll), ref: 00920963
                                                                                                  • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00920973
                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 009209FC
                                                                                                  • SHGetMalloc.SHELL32(?), ref: 00920A3E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressFolderFromLibraryListLoadLocationMallocPathProcSpecial
                                                                                                  • String ID: SHGetSpecialFolderPathW$Shell32.dll
                                                                                                  • API String ID: 2352187698-2988203397
                                                                                                  • Opcode ID: 056659283b7da4e0656d565609cf0052a0e5278a7084cf6f398d8c83643779c3
                                                                                                  • Instruction ID: c97043188230c102ca15e87c92f9eda5e75716b98b3f00bfb1261436613b4636
                                                                                                  • Opcode Fuzzy Hash: 056659283b7da4e0656d565609cf0052a0e5278a7084cf6f398d8c83643779c3
                                                                                                  • Instruction Fuzzy Hash: 21310975A007115FEB24AF18EC09B6B77F9BFC4710F54842CE48687196EBB1D885CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008BA4D0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderwindowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008BA560
                                                                                                    • Part of subcall function 00974B58: EnterCriticalSection.KERNEL32(00A87FD8,FF5677B6,?,007C9DD7,00A88C04,009F7520), ref: 00974B62
                                                                                                    • Part of subcall function 00974B58: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9DD7,00A88C04,009F7520), ref: 00974B95
                                                                                                    • Part of subcall function 00974B58: RtlWakeAllConditionVariable.NTDLL ref: 00974C0C
                                                                                                  • GetProcAddress.KERNEL32(SetWindowTheme), ref: 008BA59D
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008BA5B4
                                                                                                  • SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 008BA5DF
                                                                                                    • Part of subcall function 00974BA2: EnterCriticalSection.KERNEL32(00A87FD8,?,FF5677B6,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?), ref: 00974BAD
                                                                                                    • Part of subcall function 00974BA2: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?,00000000), ref: 00974BEA
                                                                                                    • Part of subcall function 00897A10: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00897A51
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterInit_thread_footerLeave$AddressConditionDirectoryMessageProcSendSystemVariableWake
                                                                                                  • String ID: SetWindowTheme$UxTheme.dll$explorer
                                                                                                  • API String ID: 3410024541-3123591815
                                                                                                  • Opcode ID: 1e2b814928c193019fcfb828cb6d622bb2333a0abcb48c5bf187230c189a5309
                                                                                                  • Instruction ID: 80c6eaa46dd9f77a879828f4e358de3944362fd2a3c6d0022f3df8f18989e17d
                                                                                                  • Opcode Fuzzy Hash: 1e2b814928c193019fcfb828cb6d622bb2333a0abcb48c5bf187230c189a5309
                                                                                                  • Instruction Fuzzy Hash: 8F21A871A40601EBD724DF98DC02BEA77A4F74AB20F144225F535A73D0D770AA51CB56
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007DF720 Relevance: 12.1, APIs: 8, Instructions: 138COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetWindowRect.USER32(?,?), ref: 007DF74A
                                                                                                  • GetWindow.USER32(?,00000005), ref: 007DF757
                                                                                                  • GetWindow.USER32(00000000,00000002), ref: 007DF892
                                                                                                    • Part of subcall function 007DF5A0: GetWindowRect.USER32(?,?), ref: 007DF5CC
                                                                                                    • Part of subcall function 007DF5A0: GetWindowRect.USER32(?,?), ref: 007DF5DC
                                                                                                  • GetWindowRect.USER32(?,?), ref: 007DF7EB
                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 007DF7FB
                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 007DF815
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Rect
                                                                                                  • String ID:
                                                                                                  • API String ID: 3200805268-0
                                                                                                  • Opcode ID: bcfeb74b5c9a1190aec49884054a6e1a06bbfb6630f3b05edb6ff25dff538c00
                                                                                                  • Instruction ID: 6f8cd104bc1d51b1991c0af536e7cd6c89033d35a7199033fa6c756fb21886d5
                                                                                                  • Opcode Fuzzy Hash: bcfeb74b5c9a1190aec49884054a6e1a06bbfb6630f3b05edb6ff25dff538c00
                                                                                                  • Instruction Fuzzy Hash: 6D419F319047409FC321DF28C984A6BF7F9BF9A704F544A2EF18697661EB34E984CB52
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 009740E3 Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,0097428D,?,?,?,?,?,?,?), ref: 00974107
                                                                                                  • HeapAlloc.KERNEL32(00000000,?,0097428D,?,?,?,?,?,?,?), ref: 0097410E
                                                                                                    • Part of subcall function 009741D9: IsProcessorFeaturePresent.KERNEL32(0000000C,009740F5,00000000,?,0097428D,?,?,?,?,?,?,?), ref: 009741DB
                                                                                                  • InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,0097428D,?,?,?,?,?,?,?), ref: 0097411E
                                                                                                  • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,0097428D,?,?,?,?,?,?,?), ref: 00974145
                                                                                                  • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,0097428D,?,?,?,?,?,?,?), ref: 00974159
                                                                                                  • InterlockedPopEntrySList.KERNEL32(00000000,?,0097428D,?,?,?,?,?,?,?), ref: 0097416C
                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,?,0097428D,?,?,?,?,?,?,?), ref: 0097417F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
                                                                                                  • String ID:
                                                                                                  • API String ID: 2460949444-0
                                                                                                  • Opcode ID: be469f217c17dff303980c8275649e5bcf251c7d1d2c1a808f02db073a5d3886
                                                                                                  • Instruction ID: b0c576fe045077de5cbac8bd7b67f3c9001594c227451d557c6bd65e14175afb
                                                                                                  • Opcode Fuzzy Hash: be469f217c17dff303980c8275649e5bcf251c7d1d2c1a808f02db073a5d3886
                                                                                                  • Instruction Fuzzy Hash: 85112B7371C2117BE3216B649C48F7A365CFFB4790F554420FA19D6152DB20CC40D7A0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DEA80 Relevance: 10.9, APIs: 7, Instructions: 413fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,FF5677B6), ref: 008DEBC9
                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00001000,?,00000000,00001000), ref: 008DEC3B
                                                                                                  • ReadFile.KERNEL32(?,00000000,00001000,00000000,00000000,?,00000000,00000000), ref: 008DEEDC
                                                                                                  • CloseHandle.KERNEL32(?), ref: 008DEF3A
                                                                                                    • Part of subcall function 008DEA80: LoadStringW.USER32(000000A1,?,00000514,FF5677B6), ref: 008DE9E6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: File$Init_thread_footerRead$CloseCreateHandleHeapLoadProcessString
                                                                                                  • String ID:
                                                                                                  • API String ID: 1714711150-0
                                                                                                  • Opcode ID: 8e450f1d4d9d057941b455324e5cb1126915cdf4005d907fb161cb604294eeaf
                                                                                                  • Instruction ID: 443e753966d9488e71f6b0816e66d9fcae3d4ac21b7ec90399a59ae082e94b77
                                                                                                  • Opcode Fuzzy Hash: 8e450f1d4d9d057941b455324e5cb1126915cdf4005d907fb161cb604294eeaf
                                                                                                  • Instruction Fuzzy Hash: FBF18071D10218DBDB24DFA8C849BAEBBB5FF45314F24825EE415EB381DB74AA44CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0090EAB0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 319synchronizationfileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • DeleteFileW.KERNEL32(?,?,?,?,00000000,?,?,?,?), ref: 0090EDBA
                                                                                                    • Part of subcall function 007C92A0: FindResourceW.KERNEL32(00000000,?,00000006,00000000,00000000,00000000,007C9418,-00000010,?,00000000), ref: 007C92C3
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                  • ResetEvent.KERNEL32(00000000,FF5677B6,?,?,00000000,009E614D,000000FF,?,80004005), ref: 0090EE4F
                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,00000000,009E614D,000000FF,?,80004005), ref: 0090EE6F
                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000,009E614D,000000FF,?,80004005), ref: 0090EE7A
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HeapInit_thread_footerObjectSingleWait$AllocateDeleteEventFileFindProcessResetResource
                                                                                                  • String ID: TEST$tin9999.tmp
                                                                                                  • API String ID: 3248508590-3424081289
                                                                                                  • Opcode ID: 98bf8bfb1756e883b483abcc378f8d91dbd710264eb2997b9060277b3b9ac837
                                                                                                  • Instruction ID: 0a30361ed2aeefb37ff057e9390e35c25a0404db948ead7eda9c844cf9131aae
                                                                                                  • Opcode Fuzzy Hash: 98bf8bfb1756e883b483abcc378f8d91dbd710264eb2997b9060277b3b9ac837
                                                                                                  • Instruction Fuzzy Hash: E1C1CF71904249DFDB14DB68CC08BAEB7B8EF45310F148AADE816A72D1DB74AA04CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007DC940 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 284registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateEventW.KERNEL32(00000000,00000000,00000000,Caphyon.AI.ExtUI.IEClickSoundRemover,FF5677B6), ref: 007DC9CE
                                                                                                  • GetLastError.KERNEL32 ref: 007DC9ED
                                                                                                  • RegCloseKey.ADVAPI32(?,00A0446C,00000000,00A0446C,00000000,00000000,80000001,00000001,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033), ref: 007DCC7D
                                                                                                  • CloseHandle.KERNEL32(00000005,FF5677B6,?,?,00000000,009A0F5D,000000FF,?,00A0446C,00000000,00A0446C,00000000,00000000,80000001,00000001,00000000), ref: 007DCD0E
                                                                                                  Strings
                                                                                                  • Caphyon.AI.ExtUI.IEClickSoundRemover, xrefs: 007DC9C3
                                                                                                  • AppEvents\Schemes\Apps\Explorer\Navigating\.Current, xrefs: 007DCA35
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Close$CreateErrorEventHandleLast
                                                                                                  • String ID: AppEvents\Schemes\Apps\Explorer\Navigating\.Current$Caphyon.AI.ExtUI.IEClickSoundRemover
                                                                                                  • API String ID: 1253123496-2079760225
                                                                                                  • Opcode ID: 94992de76265e15f6d912d378b3ccd39565223d27425b587fd82275917b646ab
                                                                                                  • Instruction ID: 31fe029873b8b27ab6c5057723979a65fe0cc877f258aa72be248ca180457371
                                                                                                  • Opcode Fuzzy Hash: 94992de76265e15f6d912d378b3ccd39565223d27425b587fd82275917b646ab
                                                                                                  • Instruction Fuzzy Hash: 90C1AD70A10249DFDB15CFA8CD89BAEBBB4FF44304F14825DE549A7381D778AA44CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007DAAC0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 269COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • EnterCriticalSection.KERNEL32(00A89338,FF5677B6,?,?,?,?,?,?,?,?,?,?,?,?,00000000,009A0855), ref: 007DAB2A
                                                                                                  • GetModuleFileNameW.KERNEL32(0000FFFF,00000104,?,?,?,?,?,?,?,?,?,?,?,?,00000000,009A0855), ref: 007DABAA
                                                                                                  • EnterCriticalSection.KERNEL32(00A89354,?,?,?,?,?,?,?,?,?,?,?,00000000,009A0855,000000FF), ref: 007DAD63
                                                                                                  • LeaveCriticalSection.KERNEL32(00A89354,?,?,?,?,?,?,?,?,?,?,00000000,009A0855,000000FF), ref: 007DAD84
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$Enter$FileLeaveModuleName
                                                                                                  • String ID: v
                                                                                                  • API String ID: 1807155316-3261393531
                                                                                                  • Opcode ID: e4bfe5a35c2552c6b5d60cf7c9d124a979d06635a6eed0675ae12fb9a13b6f70
                                                                                                  • Instruction ID: 9d3ca1cf7a8262d0a24218f398778f4b48b9ea18b45ffea711aca678477ee59d
                                                                                                  • Opcode Fuzzy Hash: e4bfe5a35c2552c6b5d60cf7c9d124a979d06635a6eed0675ae12fb9a13b6f70
                                                                                                  • Instruction Fuzzy Hash: CBB18270A04249EFDB11CFA4C888BAEBBF9BF48314F14415AE404EB391DB79AD45CB61
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D8120 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 157COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • EnterCriticalSection.KERNEL32(00A8957C,FF5677B6,00000000,00A89598), ref: 007D8193
                                                                                                  • LeaveCriticalSection.KERNEL32(00A8957C), ref: 007D81F8
                                                                                                  • LoadCursorW.USER32(007C0000,?), ref: 007D8254
                                                                                                  • LeaveCriticalSection.KERNEL32(00A8957C), ref: 007D82EB
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$Leave$CursorEnterLoad
                                                                                                  • String ID: v$ATL:%p
                                                                                                  • API String ID: 2080323225-109518622
                                                                                                  • Opcode ID: c7fac7950dbb98763afeb814d1c9cf77d0fe2c4b55fdccc4a02e84b252d54b23
                                                                                                  • Instruction ID: 353759ad20dea16a7305b349ec532bf16e3952ac06fcc9448f976c37da5a3473
                                                                                                  • Opcode Fuzzy Hash: c7fac7950dbb98763afeb814d1c9cf77d0fe2c4b55fdccc4a02e84b252d54b23
                                                                                                  • Instruction Fuzzy Hash: 4C51CC71D04B449BCB21CFA9C9447AAB7F4FF18710F04461EE896A3790EB70B984CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007CF7D8 Relevance: 10.6, APIs: 7, Instructions: 146memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SysFreeString.OLEAUT32(?), ref: 007CF804
                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 007CF879
                                                                                                  • GetProcessHeap.KERNEL32(?,?), ref: 007CF8E9
                                                                                                  • HeapFree.KERNEL32(00000000,?,?), ref: 007CF8EF
                                                                                                  • GetProcessHeap.KERNEL32(?,00000000,?,00000000), ref: 007CF91C
                                                                                                  • HeapFree.KERNEL32(00000000,?,00000000,?,00000000), ref: 007CF922
                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 007CF93A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Free$Heap$String$Process
                                                                                                  • String ID:
                                                                                                  • API String ID: 2680101141-0
                                                                                                  • Opcode ID: f59ea368e5403680fac55bd00fca973f738e8200da8f4ef9cc2337feacb3d5df
                                                                                                  • Instruction ID: 080106ee8d0374fe7667830db28af6bfc97a77ec738b61ada118015fecba3e60
                                                                                                  • Opcode Fuzzy Hash: f59ea368e5403680fac55bd00fca973f738e8200da8f4ef9cc2337feacb3d5df
                                                                                                  • Instruction Fuzzy Hash: F251AE71D00259DFDF14DFA8C845BAEBBB6BF44310F24466DE424AB281CB78A905CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007F3970 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124windowstringCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SendMessageW.USER32(?,0000043A,00000000,00000074), ref: 007F39E5
                                                                                                  • lstrcpynW.KERNEL32(?,?,00000020), ref: 007F3A5B
                                                                                                  • MulDiv.KERNEL32(?,00000048,00000000), ref: 007F3A98
                                                                                                  • SendMessageW.USER32(?,00000444,00000000,00000074), ref: 007F3ACA
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$lstrcpyn
                                                                                                  • String ID: ?$t
                                                                                                  • API String ID: 3928028829-1995845436
                                                                                                  • Opcode ID: e8c1df7baae5e28c4372bbde0119e05472fdc2ef07e8e0c79538c30596bf6b7c
                                                                                                  • Instruction ID: e6279e1a85a55a9fdeef5f819b8dbd8e636616405e4e1df2b5786cc50d564e77
                                                                                                  • Opcode Fuzzy Hash: e8c1df7baae5e28c4372bbde0119e05472fdc2ef07e8e0c79538c30596bf6b7c
                                                                                                  • Instruction Fuzzy Hash: C7513EB1508340AFE721DF64DC49FABBBE8EB88701F00492DF699DA191D774E608CB52
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DC720 Relevance: 10.6, APIs: 7, Instructions: 108processsynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Wow64DisableWow64FsRedirection.KERNEL32(00000000,FF5677B6,00000010), ref: 008DC767
                                                                                                  • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,FF5677B6,009DC52D), ref: 008DC7DF
                                                                                                  • GetLastError.KERNEL32 ref: 008DC7F0
                                                                                                  • WaitForSingleObject.KERNEL32(009DC52D,000000FF), ref: 008DC80C
                                                                                                  • GetExitCodeProcess.KERNEL32(009DC52D,00000000), ref: 008DC81D
                                                                                                  • CloseHandle.KERNEL32(009DC52D), ref: 008DC827
                                                                                                  • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 008DC842
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Wow64$ProcessRedirection$CloseCodeCreateDisableErrorExitHandleLastObjectRevertSingleWait
                                                                                                  • String ID:
                                                                                                  • API String ID: 1153077990-0
                                                                                                  • Opcode ID: 1489301e9d62495b1002d20910d620f176989eb40319d6ce9705e76cec0daa23
                                                                                                  • Instruction ID: d1ea008cbb00bae62659b5cef57cece8296baa331dc36cce7254cbff8f1d7d16
                                                                                                  • Opcode Fuzzy Hash: 1489301e9d62495b1002d20910d620f176989eb40319d6ce9705e76cec0daa23
                                                                                                  • Instruction Fuzzy Hash: CE415E71E0438AABDB10CFA5CD08BAEBBF8FF49314F14426AE825E6290D7749940DF50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E5290 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryW.KERNEL32(Shlwapi.dll,?,?,?,?,008F0731,?,FF5677B6,?,?), ref: 008E52AB
                                                                                                  • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 008E52C1
                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 008E52FA
                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,?,008F0731,?,FF5677B6,?,?), ref: 008E5316
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Library$Free$AddressLoadProc
                                                                                                  • String ID: DllGetVersion$Shlwapi.dll
                                                                                                  • API String ID: 1386263645-2240825258
                                                                                                  • Opcode ID: 212d0db1dc5fec856aaed4ef8f83c0d8d6f97e6c2c769660360a250c7c5d8e10
                                                                                                  • Instruction ID: f746aa7eb938c767d5a39e2018256db861955b3ba549c98be142ffc6a1130b55
                                                                                                  • Opcode Fuzzy Hash: 212d0db1dc5fec856aaed4ef8f83c0d8d6f97e6c2c769660360a250c7c5d8e10
                                                                                                  • Instruction Fuzzy Hash: D7219F726047418BC700AF29E84166BB7E4FFDA715B800A2EF489C7201EB75D805CBA2
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098E202 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FreeLibrary.KERNEL32(00000000,?,0098E30F,0098A813,0000000C,?,00000000,00000000,?,0098E579,00000021,FlsSetValue,009FE06C,009FE074,?), ref: 0098E2C3
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FreeLibrary
                                                                                                  • String ID: api-ms-$ext-ms-
                                                                                                  • API String ID: 3664257935-537541572
                                                                                                  • Opcode ID: 565ea037737186d481127f3ea9741e50d282999bda35631169db370b1a19b075
                                                                                                  • Instruction ID: cae36b1a69c5af920ad8a16e115bf0f439ed3164c341b2dc7f87e9e973dea24e
                                                                                                  • Opcode Fuzzy Hash: 565ea037737186d481127f3ea9741e50d282999bda35631169db370b1a19b075
                                                                                                  • Instruction Fuzzy Hash: B121B432A02229EBC731BB64DC61E6A375DAB82770F250620E925B7390DB74ED01DBD1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0097191C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00971997,009718FA,00971B9B), ref: 00971933
                                                                                                  • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00971949
                                                                                                  • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0097195E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressProc$HandleModule
                                                                                                  • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                  • API String ID: 667068680-1718035505
                                                                                                  • Opcode ID: 7d54e0057769ff5a7449aadc8e8a31f895b6548a093e16d581b44ec4a4679881
                                                                                                  • Instruction ID: e6f8293b987235990cb6a73bf2d2146d7f3aebd3dc3cf51c089fd161f8ee9c90
                                                                                                  • Opcode Fuzzy Hash: 7d54e0057769ff5a7449aadc8e8a31f895b6548a093e16d581b44ec4a4679881
                                                                                                  • Instruction Fuzzy Hash: A2F0C233619222AB0F215EE86CE077FA2DE5B41794318843AEB46D3500EA10CD03DBD5
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007F64D0 Relevance: 9.2, APIs: 6, Instructions: 178windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SendMessageW.USER32(?,00000318,00000000,00000004), ref: 007F6537
                                                                                                  • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 007F655F
                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 007F6577
                                                                                                  • SendMessageW.USER32(?,0000130A,00000000,?), ref: 007F65A8
                                                                                                  • GetParent.USER32(?), ref: 007F6684
                                                                                                  • SendMessageW.USER32(00000000,00000136,?,?), ref: 007F6695
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$Parent
                                                                                                  • String ID:
                                                                                                  • API String ID: 1020955656-0
                                                                                                  • Opcode ID: 237cfb4e347ff2ded02813d5ead3dcf8fce81d60724bf7842cd44791a6842a7f
                                                                                                  • Instruction ID: 9bcd3541d1d5184ddd3ee86fa58b6f0b79df805b0bb42fc3de5b8cf029e6f480
                                                                                                  • Opcode Fuzzy Hash: 237cfb4e347ff2ded02813d5ead3dcf8fce81d60724bf7842cd44791a6842a7f
                                                                                                  • Instruction Fuzzy Hash: E5610A72904618AFDB11DFE4CD49FAEBBB9FF48710F240119F619AB2A0D774A911CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008BA2A0 Relevance: 9.2, APIs: 6, Instructions: 155windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SendMessageW.USER32(?,00001036,00010000,00000000), ref: 008BA30B
                                                                                                  • GetParent.USER32(00000000), ref: 008BA35E
                                                                                                  • GetWindowRect.USER32(00000000), ref: 008BA361
                                                                                                  • GetParent.USER32(00000000), ref: 008BA370
                                                                                                    • Part of subcall function 008739A0: GetWindowRect.USER32(?,?), ref: 00873A32
                                                                                                    • Part of subcall function 008739A0: GetWindowRect.USER32(?,?), ref: 00873A4A
                                                                                                  • SendMessageW.USER32(?,00001026,00000000,000000FF), ref: 008BA460
                                                                                                  • SendMessageW.USER32(?,0000108A,00000000,00000011), ref: 008BA473
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageRectSendWindow$Parent
                                                                                                  • String ID:
                                                                                                  • API String ID: 425339167-0
                                                                                                  • Opcode ID: 7b104b5cca4986f42d76c0439f3b9ec482d56a9439c9c7e9ab56c89c3d7e4974
                                                                                                  • Instruction ID: 94ff46447b7f4f9f013e7b5c862abc7ec7341fa8b8bc9b7a27b6742476b4d1bf
                                                                                                  • Opcode Fuzzy Hash: 7b104b5cca4986f42d76c0439f3b9ec482d56a9439c9c7e9ab56c89c3d7e4974
                                                                                                  • Instruction Fuzzy Hash: 6D514871D04648AFDB11DFA8CD45BDEBBF8EF59710F20431AE815A7291EB70A981CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007FDCC0 Relevance: 9.2, APIs: 6, Instructions: 153COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 007FDD0A
                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 007FDD2C
                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 007FDD54
                                                                                                  • __Getctype.LIBCPMT ref: 007FDE35
                                                                                                  • std::_Facet_Register.LIBCPMT ref: 007FDE97
                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 007FDEC1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                  • String ID:
                                                                                                  • API String ID: 1102183713-0
                                                                                                  • Opcode ID: 6d89f5c0d6930fe1108d7003a11c72cae4f0fe271283ee2f7a635d25a72854b6
                                                                                                  • Instruction ID: 1c9f20ede9bcf02e6fcde71c07e6c0147aa5d23050a15456b58f8c9d50a8ad20
                                                                                                  • Opcode Fuzzy Hash: 6d89f5c0d6930fe1108d7003a11c72cae4f0fe271283ee2f7a635d25a72854b6
                                                                                                  • Instruction Fuzzy Hash: 7F61AEB1D04609CFDB20CF58C9457AEBBF4FB14314F14825AD949AB391E734AE85CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007FDAC0 Relevance: 9.1, APIs: 6, Instructions: 140COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 007FDAFD
                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 007FDB1F
                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 007FDB47
                                                                                                  • __Getcoll.LIBCPMT ref: 007FDC11
                                                                                                  • std::_Facet_Register.LIBCPMT ref: 007FDC56
                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 007FDC8E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                                                                                  • String ID:
                                                                                                  • API String ID: 1184649410-0
                                                                                                  • Opcode ID: 7af03657a86a18b954f4384bb1386b532db59f9987f106f603d0c1adcd7a474d
                                                                                                  • Instruction ID: 3e3e9c94e80a42982de6e1da474bca59eac6d960aff52c0c91cebefefddd61f0
                                                                                                  • Opcode Fuzzy Hash: 7af03657a86a18b954f4384bb1386b532db59f9987f106f603d0c1adcd7a474d
                                                                                                  • Instruction Fuzzy Hash: 0351BFB1C01248DFCB11DF98D884BADBBB5FF40310F24815AE819AB391DB78AE05CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00976303 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetLastError.KERNEL32(?,?,009762FA,009762C6,?,?,007FAEBD,008D9A40,?,00000008), ref: 00976311
                                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0097631F
                                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00976338
                                                                                                  • SetLastError.KERNEL32(00000000,009762FA,009762C6,?,?,007FAEBD,008D9A40,?,00000008), ref: 0097638A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                                  • String ID:
                                                                                                  • API String ID: 3852720340-0
                                                                                                  • Opcode ID: 68cb650551ff2353845568de879a18513c6084906edd16da8c8ec3ab0c939412
                                                                                                  • Instruction ID: bf545fc8c607aaa7fd3130a68aefa86515f668e53f76be901261190e52de997e
                                                                                                  • Opcode Fuzzy Hash: 68cb650551ff2353845568de879a18513c6084906edd16da8c8ec3ab0c939412
                                                                                                  • Instruction Fuzzy Hash: 4C01F733309A226EAB2527F4BCC57AA2B6CEB417B8330832DF528951F4EF154C42E254
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007C87E0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 238COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • __Init_thread_footer.LIBCMT ref: 007C88C5
                                                                                                  • __Init_thread_footer.LIBCMT ref: 007C893F
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footer
                                                                                                  • String ID: </a>$<a href="$<a>
                                                                                                  • API String ID: 1385522511-4210067781
                                                                                                  • Opcode ID: 13a978452005a63db333027a2558f41b2bf2df7cc1082d64686d87f1087f85d8
                                                                                                  • Instruction ID: 19ca24339ed5cc475d144f9bcf1d529ea9e728f1d9e7077b91b0629c5052f811
                                                                                                  • Opcode Fuzzy Hash: 13a978452005a63db333027a2558f41b2bf2df7cc1082d64686d87f1087f85d8
                                                                                                  • Instruction Fuzzy Hash: B9A171B0A00205EFCB18DFA4D859FAEB7B1FF44324F14421DE425AB2D1EB74A946CB65
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007F62C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 182windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(?,SysTabControl32,?,46010000,?,?,?,?,00000000,00000309,00000000), ref: 007F63BD
                                                                                                  • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 007F63D2
                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 007F63DA
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                    • Part of subcall function 007F8190: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 007F81D8
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$AllocateCreateHeapWindow
                                                                                                  • String ID: SysTabControl32$TabHost
                                                                                                  • API String ID: 2359350451-2872506973
                                                                                                  • Opcode ID: df5f7cd8b4a1d5c18d4e3d32fe4910ec90f8e09da9c6b6ced037c42dc8a4a3ca
                                                                                                  • Instruction ID: d2824a4fd2e0bfd73c25bf1869e89cded0fe66a0a204dc4b2f97203e7a056507
                                                                                                  • Opcode Fuzzy Hash: df5f7cd8b4a1d5c18d4e3d32fe4910ec90f8e09da9c6b6ced037c42dc8a4a3ca
                                                                                                  • Instruction Fuzzy Hash: B5518C35A00609EFDB04DF68C848BAEBBF5FF49310F10425DE915A7391DB35A901CBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008DC870 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166synchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetLastError.KERNEL32 ref: 008DC9F7
                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 008DCA13
                                                                                                  • GetExitCodeProcess.KERNEL32(00000000,009DC5B7), ref: 008DCA24
                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 008DCA32
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
                                                                                                  • String ID: open
                                                                                                  • API String ID: 2321548817-2758837156
                                                                                                  • Opcode ID: 227239aa9d0955bdac1c0fcf94e2fa85d913b00a06a699e3ea6d53d542461fb6
                                                                                                  • Instruction ID: 9e2df0d448efba4cd82ba6bbd9b633419541a9552efcb3492a211b1ae98b1293
                                                                                                  • Opcode Fuzzy Hash: 227239aa9d0955bdac1c0fcf94e2fa85d913b00a06a699e3ea6d53d542461fb6
                                                                                                  • Instruction Fuzzy Hash: 35615BB1D0065A9BDB10CFA9C8547AEBBB4FF49324F14835AE825EB391DB749901CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008B9FC0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 008BA4D0: __Init_thread_footer.LIBCMT ref: 008BA560
                                                                                                    • Part of subcall function 008BA4D0: GetProcAddress.KERNEL32(SetWindowTheme), ref: 008BA59D
                                                                                                    • Part of subcall function 008BA4D0: __Init_thread_footer.LIBCMT ref: 008BA5B4
                                                                                                    • Part of subcall function 008BA4D0: SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 008BA5DF
                                                                                                  • CreateWindowExW.USER32(80000000,SysListView32,?,00000000,00000000,80000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008BA012
                                                                                                  • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 008BA030
                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 008BA038
                                                                                                    • Part of subcall function 007D68F0: SetWindowLongW.USER32(?,000000FC,00000000), ref: 007D6926
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$Init_thread_footerWindow$AddressCreateLongProc
                                                                                                  • String ID: SysListView32$qf~
                                                                                                  • API String ID: 605634508-1747135174
                                                                                                  • Opcode ID: f0d4daf00f0af6fc3ccd6defe75a58b19c50b8c11b6041f57b31e3f7b4a6d003
                                                                                                  • Instruction ID: 5929922d1e3f6101ee5a0f111d0ec9cfabdcaef4a5ce92c7c9c9f42ebab3bb4f
                                                                                                  • Opcode Fuzzy Hash: f0d4daf00f0af6fc3ccd6defe75a58b19c50b8c11b6041f57b31e3f7b4a6d003
                                                                                                  • Instruction Fuzzy Hash: 3E117931300314BBD6249B198C09F6BFBA9FFC9750F154659FA45AB2A0D6B1EC01CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0097FE19 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,FF5677B6,?,?,00000000,009F72FA,000000FF,?,0097FDA9,?,?,0097FD7D,?), ref: 0097FE4E
                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0097FE60
                                                                                                  • FreeLibrary.KERNEL32(00000000,?,00000000,009F72FA,000000FF,?,0097FDA9,?,?,0097FD7D,?), ref: 0097FE82
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                  • Opcode ID: 13580b129a0026933a0d0d91ed930af3ccdefb6e1f3d64437f3afeca25969699
                                                                                                  • Instruction ID: 5d548e6d51d5019479a41b0314e329ab32664096a7038ed71778efe16c5e6c5a
                                                                                                  • Opcode Fuzzy Hash: 13580b129a0026933a0d0d91ed930af3ccdefb6e1f3d64437f3afeca25969699
                                                                                                  • Instruction Fuzzy Hash: 4D018F32A54659AFCB118FA4DC09BFEB7BCFB44B11F004625E922A22A0DB749900CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E3C20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 00974BA2: EnterCriticalSection.KERNEL32(00A87FD8,?,FF5677B6,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?), ref: 00974BAD
                                                                                                    • Part of subcall function 00974BA2: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?,?,00000000), ref: 00974BEA
                                                                                                  • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr), ref: 008E3C7E
                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 008E3C85
                                                                                                  • __Init_thread_footer.LIBCMT ref: 008E3C9C
                                                                                                    • Part of subcall function 00974B58: EnterCriticalSection.KERNEL32(00A87FD8,FF5677B6,?,007C9DD7,00A88C04,009F7520), ref: 00974B62
                                                                                                    • Part of subcall function 00974B58: LeaveCriticalSection.KERNEL32(00A87FD8,?,007C9DD7,00A88C04,009F7520), ref: 00974B95
                                                                                                    • Part of subcall function 00974B58: RtlWakeAllConditionVariable.NTDLL ref: 00974C0C
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterLeave$AddressConditionInit_thread_footerLibraryLoadProcVariableWake
                                                                                                  • String ID: Dbghelp.dll$SymFromAddr
                                                                                                  • API String ID: 3268644551-642441706
                                                                                                  • Opcode ID: 64a3428270e367d73da4c177722ace6baefa19a5b989e094de31118162542533
                                                                                                  • Instruction ID: 26a59fae710f51acadca8487ac86a89de969a14f4c585e03b8c5acb330eb4b8c
                                                                                                  • Opcode Fuzzy Hash: 64a3428270e367d73da4c177722ace6baefa19a5b989e094de31118162542533
                                                                                                  • Instruction Fuzzy Hash: A90188B1A54684EFC710CFA8ED45BAAB7B4F708B20F140625E926933D0CB36A9008B11
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00974C2A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SleepConditionVariableCS.KERNELBASE(?,00974BC7,00000064), ref: 00974C4D
                                                                                                  • LeaveCriticalSection.KERNEL32(00A87FD8,?,?,00974BC7,00000064,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6), ref: 00974C57
                                                                                                  • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00974BC7,00000064,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6), ref: 00974C68
                                                                                                  • EnterCriticalSection.KERNEL32(00A87FD8,?,00974BC7,00000064,?,007C9D66,00A88C04,FF5677B6,FF5677B6,?,0099CC0D,000000FF,?,0091EBD6,FF5677B6,?), ref: 00974C6F
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                  • String ID: v
                                                                                                  • API String ID: 3269011525-3261393531
                                                                                                  • Opcode ID: 21552ac6db17b8b502f7f8ae26f8776d8d5311d38d3594f96a9b6ec62aee454a
                                                                                                  • Instruction ID: 2cf293676e9ab9b882874a8c9007e086783bd3e5d0543fc063ecec1eae27318b
                                                                                                  • Opcode Fuzzy Hash: 21552ac6db17b8b502f7f8ae26f8776d8d5311d38d3594f96a9b6ec62aee454a
                                                                                                  • Instruction Fuzzy Hash: 10E0123255E224B7CF02AF96EC09BED7F28AF04751B244010FB1966570CF619C10EBD4
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D5780 Relevance: 7.6, APIs: 5, Instructions: 125windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ItemMessageSendWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 799199299-0
                                                                                                  • Opcode ID: 618717f327c54a8c2054b5bd7d6e467584cc13b29bd6466d77be05a4c5f08327
                                                                                                  • Instruction ID: 42e63358c87ea20c14733ffd1b32ddc76a15371b5ae1c1741624199db5141756
                                                                                                  • Opcode Fuzzy Hash: 618717f327c54a8c2054b5bd7d6e467584cc13b29bd6466d77be05a4c5f08327
                                                                                                  • Instruction Fuzzy Hash: A341DF32300A05DFC718CF58D894E66B7B9FB84351F14892BE586CB661D73AE851EB60
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008D5610 Relevance: 7.6, APIs: 5, Instructions: 122COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008D5644
                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 008D5666
                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008D568E
                                                                                                  • std::_Facet_Register.LIBCPMT ref: 008D5777
                                                                                                  • std::_Lockit::~_Lockit.LIBCPMT ref: 008D57A1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                  • String ID:
                                                                                                  • API String ID: 459529453-0
                                                                                                  • Opcode ID: de65a23c57d607d5268334eb0d405606ac842b2237e6cb66d0bddeba629c8556
                                                                                                  • Instruction ID: de3deeffc25bf382ae94234c0a5951efef16b5321807a80e3a031582280f2d84
                                                                                                  • Opcode Fuzzy Hash: de65a23c57d607d5268334eb0d405606ac842b2237e6cb66d0bddeba629c8556
                                                                                                  • Instruction Fuzzy Hash: 2B519D71900649DFDB11CF98D884BAEBBF0FB11314F24825BE849AB381D775AA06CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007CF230 Relevance: 7.6, APIs: 5, Instructions: 60memorywindowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 007CF27A
                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 007CF280
                                                                                                  • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,00000000,00000000,00000000), ref: 007CF2A3
                                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,0099E1F6,000000FF), ref: 007CF2CB
                                                                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,0099E1F6,000000FF), ref: 007CF2D1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Heap$FreeProcess$FormatMessage
                                                                                                  • String ID:
                                                                                                  • API String ID: 1606019998-0
                                                                                                  • Opcode ID: a1d0c7eb30c399e84c808fb18078fd7d87ddd272d1d04e273d0d0aac6715c76f
                                                                                                  • Instruction ID: 71b6fc04c593b09ddda73c940738568ad4029c2706b6afa83f8f6161ac280466
                                                                                                  • Opcode Fuzzy Hash: a1d0c7eb30c399e84c808fb18078fd7d87ddd272d1d04e273d0d0aac6715c76f
                                                                                                  • Instruction Fuzzy Hash: BB1130B1A44259ABEB10DF98CD06FAFBBBCEB44B04F104519F914AB2C1D7B9990487D1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E71B0 Relevance: 7.6, APIs: 5, Instructions: 58windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 007E71BB
                                                                                                  • SendMessageW.USER32(?,?,?,0000102B), ref: 007E7218
                                                                                                  • SendMessageW.USER32(?,?,?,0000102B), ref: 007E7267
                                                                                                  • SendMessageW.USER32(?,00001043,00000000,00000000), ref: 007E7278
                                                                                                  • SendMessageW.USER32(?,00001013,00000000,00000000), ref: 007E7285
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$LongWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 312131281-0
                                                                                                  • Opcode ID: 529182e67820b12c8394c942a1e9c80d24e40be997c1fccd7f802d6269f63188
                                                                                                  • Instruction ID: 44c222b69a4fca05cbedd7c9354dd35e23b8c12242106ce6bc1db31f0b207422
                                                                                                  • Opcode Fuzzy Hash: 529182e67820b12c8394c942a1e9c80d24e40be997c1fccd7f802d6269f63188
                                                                                                  • Instruction Fuzzy Hash: A4218131918386A6E220DF41CD40B1ABBF5BFED758F202B0EF1D0211A4E7F191848F82
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007F3570 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 319windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(?,RichEdit20W,?,?,?,?,?,?,00000000,00000000,00000000), ref: 007F371C
                                                                                                  • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 007F3731
                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 007F3739
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$AllocateCreateHeapWindow
                                                                                                  • String ID: RichEdit20W
                                                                                                  • API String ID: 2359350451-4173859555
                                                                                                  • Opcode ID: a788244cb4303e4d835b5a7378def4eea36e17c1a7fb302b74eb12bb8af2d28b
                                                                                                  • Instruction ID: ca781b2aabd25c54e78f4dfc53a762b58372ef8e214af2148ad1cbe2d73486d6
                                                                                                  • Opcode Fuzzy Hash: a788244cb4303e4d835b5a7378def4eea36e17c1a7fb302b74eb12bb8af2d28b
                                                                                                  • Instruction Fuzzy Hash: 80B15A71A01209DFDB14CFA8C994BAEBBF4FF89710F144169E905AB391DB75AD40CBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007ED870 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 226windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                    • Part of subcall function 008BA0B0: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,007E66F8,00000000,80004005), ref: 008BA118
                                                                                                    • Part of subcall function 008BA0B0: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 008BA148
                                                                                                  • SendMessageW.USER32(?,00001036,00000004,00000004), ref: 007EDA2D
                                                                                                  • SendMessageW.USER32(?,00001036,00000400,00000400), ref: 007EDA44
                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 007EDAA0
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$AllocateHeapWindow
                                                                                                  • String ID: QuickSelectionList
                                                                                                  • API String ID: 3168177373-3633591268
                                                                                                  • Opcode ID: fb16e468732e6771bb9a47df1d3257f0e7c2511e09730285b32705800e0353d4
                                                                                                  • Instruction ID: 8d4ca59b18880c3b82727dc5a1d13a4912710a3cbf5b76580d74dcec9b7bd03b
                                                                                                  • Opcode Fuzzy Hash: fb16e468732e6771bb9a47df1d3257f0e7c2511e09730285b32705800e0353d4
                                                                                                  • Instruction Fuzzy Hash: D8819A71A01205AFCB14DF69C884BEAF7B4FF88324F10825DE565AB391DB75AD04CBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007CF600 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryW.KERNEL32(combase.dll,RoOriginateLanguageException), ref: 007CF642
                                                                                                  • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 007CF648
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                  • String ID: RoOriginateLanguageException$combase.dll
                                                                                                  • API String ID: 2574300362-3996158991
                                                                                                  • Opcode ID: 81d18b9207ee504f5a8c4fec1fe625c27167ece1196bef7234fa30834f7ee1ab
                                                                                                  • Instruction ID: 0b4e373ba387235666ac7f65c15c024ab3406ba0efce8d4ec39575cdbc2bbda2
                                                                                                  • Opcode Fuzzy Hash: 81d18b9207ee504f5a8c4fec1fe625c27167ece1196bef7234fa30834f7ee1ab
                                                                                                  • Instruction Fuzzy Hash: 2A315E71900249EFDF11DFA8C845BEEBBB4EB04314F10853EE829A72D0DB789A44CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 009114E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,0090F23A,?,FF5677B6,?,?,?,?,009E62A5,000000FF), ref: 009114ED
                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,0090F23A,?,FF5677B6,?,?,?,?,009E62A5,000000FF,?), ref: 0091150E
                                                                                                  • GetLastError.KERNEL32(?,FF5677B6,?,?,?,?,009E62A5,000000FF,?,0090EB6D,?,?,00000000,?,?), ref: 0091156E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateEvent$ErrorLast
                                                                                                  • String ID: AdvancedInstaller
                                                                                                  • API String ID: 1131763895-1372594473
                                                                                                  • Opcode ID: b982444744c55b19ee5a1dfdaaee120fd77a3cc3e95ad53dfe3b86300c180735
                                                                                                  • Instruction ID: 28357eeada22ad685e70df96047ec29d832aa7f488cca69153ec93ab0b3871d1
                                                                                                  • Opcode Fuzzy Hash: b982444744c55b19ee5a1dfdaaee120fd77a3cc3e95ad53dfe3b86300c180735
                                                                                                  • Instruction Fuzzy Hash: 64114C71340606FBD720CF30CD89F6ABBA9FB84705F204518F6069B690DB71E851CB94
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D8320 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • EnterCriticalSection.KERNEL32(00A8957C), ref: 007D835C
                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 007D8370
                                                                                                  • LeaveCriticalSection.KERNEL32(00A8957C), ref: 007D83AF
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                  • String ID: v
                                                                                                  • API String ID: 2351996187-3261393531
                                                                                                  • Opcode ID: 780f50587808c48e43e052ec102dd10ef8a16dcd324122cff0227da761439b67
                                                                                                  • Instruction ID: e086bed33e7e53015c48f2c6a15b957d09501dc4da985181553db1740b3754de
                                                                                                  • Opcode Fuzzy Hash: 780f50587808c48e43e052ec102dd10ef8a16dcd324122cff0227da761439b67
                                                                                                  • Instruction Fuzzy Hash: 6111EF31E08214DBCB25CF59DE0476EBBF4FB88B14F18465ED81AA7390CB749900CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0097942C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,009793DD,?,?,00000000,?,?,?,00979507,00000002,FlsGetValue,009FB154,009FB15C), ref: 00979439
                                                                                                  • GetLastError.KERNEL32(?,009793DD,?,?,00000000,?,?,?,00979507,00000002,FlsGetValue,009FB154,009FB15C,?,?,00976324), ref: 00979443
                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 0097946B
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: LibraryLoad$ErrorLast
                                                                                                  • String ID: api-ms-
                                                                                                  • API String ID: 3177248105-2084034818
                                                                                                  • Opcode ID: 20357a6c298a318838b10301f50e591ea6b2bbac4c249da1e0eb4f21e4c6b4e2
                                                                                                  • Instruction ID: 8eae1c3fc8a8e0bc8f60b5449206084120688f5c46d7eea9c64dde9e5ddce764
                                                                                                  • Opcode Fuzzy Hash: 20357a6c298a318838b10301f50e591ea6b2bbac4c249da1e0eb4f21e4c6b4e2
                                                                                                  • Instruction Fuzzy Hash: 0FE01A32284208B6EB201F60FC06B683B5A9B80B44F148020FA4EE80A0EB61AA119645
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E6560 Relevance: 6.3, APIs: 4, Instructions: 320windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 007E66A8
                                                                                                  • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 007E66BD
                                                                                                    • Part of subcall function 007C9980: RtlAllocateHeap.NTDLL(?,00000000,?,FF5677B6,00000000,0099C6B0,000000FF,?,?,00A7C42C,00000000,0091ECDB,80004005,FF5677B6,?,?), ref: 007C99CA
                                                                                                    • Part of subcall function 008BA0B0: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,007E66F8,00000000,80004005), ref: 008BA118
                                                                                                    • Part of subcall function 008BA0B0: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 008BA148
                                                                                                  • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 007E67F3
                                                                                                  • SendMessageW.USER32(?,00001061,00000000,00000005), ref: 007E68EF
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend$AllocateHeapWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 3168177373-0
                                                                                                  • Opcode ID: 535b007275911a05b9221e7388a6d16194f29335d843c494682eb8c9a8604290
                                                                                                  • Instruction ID: 51498b18c30244c7b12d2ff22d3f7fc4aa3d0d19128368248555b332d804844e
                                                                                                  • Opcode Fuzzy Hash: 535b007275911a05b9221e7388a6d16194f29335d843c494682eb8c9a8604290
                                                                                                  • Instruction Fuzzy Hash: 55C1B071A01249DFDB18CFA9C889BEEFBB5FF58314F10421DE515AB291DB74A940CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D49D0 Relevance: 6.3, APIs: 4, Instructions: 269memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SysAllocStringLen.OLEAUT32(00000000,?), ref: 007D4A9A
                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 007D4AE6
                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 007D4B08
                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 007D4C63
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$Free$Alloc
                                                                                                  • String ID:
                                                                                                  • API String ID: 986138563-0
                                                                                                  • Opcode ID: e9d81c62e29a907a116726f89b90c9fcf07e45f5560de3d7b0bdbe1b5ce37646
                                                                                                  • Instruction ID: 65d8b905eeb55d5f3ef3ac70ca297b6b1e3fbd5155f58d5f1fbd2623510fe253
                                                                                                  • Opcode Fuzzy Hash: e9d81c62e29a907a116726f89b90c9fcf07e45f5560de3d7b0bdbe1b5ce37646
                                                                                                  • Instruction Fuzzy Hash: 2BA16FB1A002099FDB15DFA8CD44FAEBBB8EF44724F14411EE515E7390E778AA05CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007F0050 Relevance: 6.2, APIs: 4, Instructions: 246windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SendMessageW.USER32(00000001,0000110A,00000004,?), ref: 007F0125
                                                                                                  • SendMessageW.USER32(00000001,0000110A,00000001,00000000), ref: 007F0157
                                                                                                  • SendMessageW.USER32(?,0000110A,00000004,?), ref: 007F02CE
                                                                                                  • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 007F02F6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MessageSend
                                                                                                  • String ID:
                                                                                                  • API String ID: 3850602802-0
                                                                                                  • Opcode ID: bc739809ee47ed60cd64c1c6e2ad71e05dafb88915398f27ccc33749e62cc9cf
                                                                                                  • Instruction ID: b997205804cfd42f8f52286100318eaf00fd11107d5a66c86eaecae0733d089f
                                                                                                  • Opcode Fuzzy Hash: bc739809ee47ed60cd64c1c6e2ad71e05dafb88915398f27ccc33749e62cc9cf
                                                                                                  • Instruction Fuzzy Hash: 57915E71A00209DFCB15DFA8D888BEEB7F5FF49310F444569E601AB392DB74A945CBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007DD470 Relevance: 6.2, APIs: 4, Instructions: 166memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007DD5A8
                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 007DD5BB
                                                                                                  • VariantClear.OLEAUT32(00000000), ref: 007DD5DD
                                                                                                  • VariantClear.OLEAUT32(?), ref: 007DD60E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ClearVariant$AllocString
                                                                                                  • String ID:
                                                                                                  • API String ID: 2502263055-0
                                                                                                  • Opcode ID: 9cc9660b257e65780c64fe6b530d35ddcbdc55194852ce5a930f8b10c99d33b4
                                                                                                  • Instruction ID: 0771d7639f70687c6dde4bfc680cb5876a38b8c262c0f1b2821c222ad00144b9
                                                                                                  • Opcode Fuzzy Hash: 9cc9660b257e65780c64fe6b530d35ddcbdc55194852ce5a930f8b10c99d33b4
                                                                                                  • Instruction Fuzzy Hash: 295171B5A00258DBDB20CF68CC40B99B7B8EF48714F1085AEEA19EB341D735ED858F94
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0090ACF0 Relevance: 6.2, APIs: 4, Instructions: 157registryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RegCloseKey.ADVAPI32(00000000,FF5677B6), ref: 0090AD66
                                                                                                  • _wcsrchr.LIBVCRUNTIME ref: 0090AD90
                                                                                                  • RegQueryValueExW.ADVAPI32(00000000,FF5677B6,00000000,00000000,00000000,00000000,FF5677B6,00000001,?,00000000,00000000), ref: 0090AE13
                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 0090AE5F
                                                                                                    • Part of subcall function 0090AC10: RegOpenKeyExW.ADVAPI32(00000000,FF5677B6,00000000,00020019,00000002,FF5677B6,00000001,00000010,00000002,00909F3C,FF5677B6,00000000,00000000), ref: 0090ACAC
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Close$OpenQueryValue_wcsrchr
                                                                                                  • String ID:
                                                                                                  • API String ID: 213811329-0
                                                                                                  • Opcode ID: e190b08c8aa9b4618112f9ba77fd157fb5e1bacdf1ea96d6d10d4cc9d678a60a
                                                                                                  • Instruction ID: 4635ef8a92021f2a8e6a7018edbc33d29ba15edcfc835540f993a17c4f26e8a1
                                                                                                  • Opcode Fuzzy Hash: e190b08c8aa9b4618112f9ba77fd157fb5e1bacdf1ea96d6d10d4cc9d678a60a
                                                                                                  • Instruction Fuzzy Hash: DA51E3729017499FDB10CF68C945B9EBBB8EF85720F24826AEC249B3D0D7759A40CBD1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008739A0 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetWindowRect.USER32(?,?), ref: 00873A32
                                                                                                  • GetWindowRect.USER32(?,?), ref: 00873A4A
                                                                                                  • GetWindowRect.USER32(?,?), ref: 00873AB6
                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 00873ADA
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$Rect$Long
                                                                                                  • String ID:
                                                                                                  • API String ID: 3486571012-0
                                                                                                  • Opcode ID: c8bae8e364a1dbb9ff045f3ffa07e25ec1fce1efeb2ae03914b0885b22b0f140
                                                                                                  • Instruction ID: aba6e0f704ed4c5de6e8f7e79249c2f6e1fd2b4a52439e2dfc8d74ef2cca54c6
                                                                                                  • Opcode Fuzzy Hash: c8bae8e364a1dbb9ff045f3ffa07e25ec1fce1efeb2ae03914b0885b22b0f140
                                                                                                  • Instruction Fuzzy Hash: 1E418D32A083159FC710DF64D985AAFB7E8FF99714F14862DF989D7210E730EA418B62
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E2BA0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • InitializeCriticalSection.KERNEL32(FF5677B6,FF5677B6,?), ref: 007E2BDF
                                                                                                  • EnterCriticalSection.KERNEL32(?,FF5677B6,?), ref: 007E2BEC
                                                                                                  • LeaveCriticalSection.KERNEL32(?,?,00000000,?), ref: 007E2CC3
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterInitializeLeave
                                                                                                  • String ID: v
                                                                                                  • API String ID: 3991485460-3261393531
                                                                                                  • Opcode ID: 60c03b5da4fe8150765ae0ef24c2ab9224e15be958aa03b2f0d9e648935cad29
                                                                                                  • Instruction ID: e928a07ad52c49d44c61c29fc95d2da61058e6d52f6a6da9c8981c49d7243813
                                                                                                  • Opcode Fuzzy Hash: 60c03b5da4fe8150765ae0ef24c2ab9224e15be958aa03b2f0d9e648935cad29
                                                                                                  • Instruction Fuzzy Hash: E04109312017418FCB11CF39C840BAEBBB9FF49310F204959E596D7392CB35A906CBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007DE7F0 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • SetWindowLongW.USER32(?,000000FC,00000000), ref: 007DE839
                                                                                                  • GetParent.USER32(?), ref: 007DE86D
                                                                                                    • Part of subcall function 00974245: GetProcessHeap.KERNEL32(00000008,00000008,00000000,009035FE,?,?,?,?,?,?), ref: 0097424A
                                                                                                    • Part of subcall function 00974245: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?), ref: 00974251
                                                                                                  • SetWindowLongW.USER32(?,000000EB), ref: 007DE8A0
                                                                                                  • ShowWindow.USER32(?,00000000), ref: 007DE8B6
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Window$HeapLong$AllocParentProcessShow
                                                                                                  • String ID:
                                                                                                  • API String ID: 78937335-0
                                                                                                  • Opcode ID: 4ec7781641e29cc1b593942d36e9bc5d4857d17e9506bdb2a10002331784f654
                                                                                                  • Instruction ID: 39c7dcd609170efc0f29eb60c5c82d1f01850ae8815b78455099d1d890694767
                                                                                                  • Opcode Fuzzy Hash: 4ec7781641e29cc1b593942d36e9bc5d4857d17e9506bdb2a10002331784f654
                                                                                                  • Instruction Fuzzy Hash: F42150756047019FD721EF29D845A2BBBF8FF89711B404A2EF89AC7651EB34E804CB61
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E29D0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • InitializeCriticalSection.KERNEL32(?,FF5677B6), ref: 007E2A3A
                                                                                                  • EnterCriticalSection.KERNEL32(?,FF5677B6), ref: 007E2A47
                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 007E2A98
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterInitializeLeave
                                                                                                  • String ID: v
                                                                                                  • API String ID: 3991485460-3261393531
                                                                                                  • Opcode ID: e08fa759e754d1343117b36c920f07e62717f23320d202aa7312460b16bbed6f
                                                                                                  • Instruction ID: c32f89b14ac6c9b471d153c4a3c76eb8862b824194bdd0113859aab5a4af5520
                                                                                                  • Opcode Fuzzy Hash: e08fa759e754d1343117b36c920f07e62717f23320d202aa7312460b16bbed6f
                                                                                                  • Instruction Fuzzy Hash: 5921D3769042849FDF11DF64C840BE9BBB8FF5A324F5441A9DC59AB392C7315906CBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E2AC0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • InitializeCriticalSection.KERNEL32(?,FF5677B6), ref: 007E2B2A
                                                                                                  • EnterCriticalSection.KERNEL32(?,FF5677B6), ref: 007E2B37
                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 007E2B7E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterInitializeLeave
                                                                                                  • String ID: v
                                                                                                  • API String ID: 3991485460-3261393531
                                                                                                  • Opcode ID: 4c41b061d81874d5b60feb93a18a3b1b4030fb9090274eb5ae3f4ac384daa209
                                                                                                  • Instruction ID: e01831d9fbf0768a2b30f8d6e1972c1cc8314ae38dc741051e90ca76da8efc53
                                                                                                  • Opcode Fuzzy Hash: 4c41b061d81874d5b60feb93a18a3b1b4030fb9090274eb5ae3f4ac384daa209
                                                                                                  • Instruction Fuzzy Hash: 5A21B2769042449FDF11CF64C840BA9BBB8FF59324F1005A9ED59AB292D731A906CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00912FF0 Relevance: 6.1, APIs: 4, Instructions: 62synchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • ResetEvent.KERNEL32(?,?,000003E8,00912422,?,?,?,?,?,00000003,00000000,FF5677B6,?,000003E8), ref: 00913002
                                                                                                  • GetLastError.KERNEL32(?,?,000003E8,00912422,?,?,?,?,?,00000003,00000000,FF5677B6,?,000003E8), ref: 0091302F
                                                                                                  • WaitForSingleObject.KERNEL32(?,0000000A,?,?,000003E8,00912422,?,?,?,?,?,00000003,00000000,FF5677B6,?,000003E8), ref: 00913065
                                                                                                  • SetEvent.KERNEL32(?,?,?,000003E8,00912422,?,?,?,?,?,00000003,00000000,FF5677B6,?,000003E8), ref: 00913088
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Event$ErrorLastObjectResetSingleWait
                                                                                                  • String ID:
                                                                                                  • API String ID: 708712559-0
                                                                                                  • Opcode ID: c5405c976db646f9163cf2c9af89b1831ae47e71c7855da33d1e1bf571d52826
                                                                                                  • Instruction ID: 3b00c4bd9c140225c1bb902c775f8f9c7f7467b1f680f4308a7600760551de48
                                                                                                  • Opcode Fuzzy Hash: c5405c976db646f9163cf2c9af89b1831ae47e71c7855da33d1e1bf571d52826
                                                                                                  • Instruction Fuzzy Hash: 2311E3317087488EDB308B29D848BA77BF9AF58320F14895DE08282665C770EDC5D750
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E2910 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • InitializeCriticalSection.KERNEL32(?,FF5677B6,?), ref: 007E296D
                                                                                                  • EnterCriticalSection.KERNEL32(?,FF5677B6,?), ref: 007E297A
                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 007E29A2
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CriticalSection$EnterInitializeLeave
                                                                                                  • String ID: v
                                                                                                  • API String ID: 3991485460-3261393531
                                                                                                  • Opcode ID: e90196f7f2de81beb4c5e5bf6740574d4e967ba4c45a0fc8d3ecd561d8a7fb2c
                                                                                                  • Instruction ID: 746a7b4df3b5bb2b578c1f4922fecf913d33944cebbca663c82706775d3ca4bd
                                                                                                  • Opcode Fuzzy Hash: e90196f7f2de81beb4c5e5bf6740574d4e967ba4c45a0fc8d3ecd561d8a7fb2c
                                                                                                  • Instruction Fuzzy Hash: A921E9769053889FCF01CF64C840BE9BB78FF56324F5402A9D855A7353D7366A06DB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0091EDB0 Relevance: 6.0, APIs: 4, Instructions: 44threadsynchronizationCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WaitForSingleObject.KERNEL32(?,?,FF5677B6,?,?,00000000,0099C4E0,000000FF,?,0091ED98,00000000,C000008C,00000001), ref: 0091EDE7
                                                                                                  • GetExitCodeThread.KERNEL32(?,?,?,?,00000000,0099C4E0,000000FF,?,0091ED98,00000000,C000008C,00000001), ref: 0091EE01
                                                                                                  • TerminateThread.KERNEL32(?,00000000,?,?,00000000,0099C4E0,000000FF,?,0091ED98,00000000,C000008C,00000001), ref: 0091EE19
                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000,0099C4E0,000000FF,?,0091ED98,00000000,C000008C,00000001), ref: 0091EE22
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Thread$CloseCodeExitHandleObjectSingleTerminateWait
                                                                                                  • String ID:
                                                                                                  • API String ID: 3774109050-0
                                                                                                  • Opcode ID: d64d63d84ea44f6d800c5337fd74d2eceec310df8fc22d8c00551933e8ef5421
                                                                                                  • Instruction ID: be0ccf146c96aa6586b54e689009a9d329dc8698584c44c0e59731adc21752a6
                                                                                                  • Opcode Fuzzy Hash: d64d63d84ea44f6d800c5337fd74d2eceec310df8fc22d8c00551933e8ef5421
                                                                                                  • Instruction Fuzzy Hash: B0017171604609EFDB208F54DD09BA6B7FCFB08714F004A2DF966D26A0DB75A890CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D3060 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 231windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(00000000,AtlAxWin140,?,?,?,80000000,00000000,00000000,?,00000000,00000000), ref: 007D30D6
                                                                                                  • SendMessageW.USER32(?,00000000,00000000), ref: 007D31D2
                                                                                                    • Part of subcall function 007D4BC0: SysFreeString.OLEAUT32(00000000), ref: 007D4C63
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFreeMessageSendStringWindow
                                                                                                  • String ID: AtlAxWin140
                                                                                                  • API String ID: 4045344427-3842940177
                                                                                                  • Opcode ID: 5bea3b1e4a33a92942cb4124a22104e76797e47531d03f14b45ae58528fc110e
                                                                                                  • Instruction ID: fe63f24bfb8712284076c86d85a91877d1b4af84897b655ad850b9606ed0c3ef
                                                                                                  • Opcode Fuzzy Hash: 5bea3b1e4a33a92942cb4124a22104e76797e47531d03f14b45ae58528fc110e
                                                                                                  • Instruction Fuzzy Hash: 89912774600209EFDB14CF68C888F5ABBB9FF48714F1085A9F9159B391DB75EA05CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0098871D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • __startOneArgErrorHandling.LIBCMT ref: 009887AD
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorHandling__start
                                                                                                  • String ID: pow
                                                                                                  • API String ID: 3213639722-2276729525
                                                                                                  • Opcode ID: be882cf9fa9c1c96c2066a980dd0289ab2e95bc7e410b081885d6179a8f00f60
                                                                                                  • Instruction ID: b71b000dd93e0544ff4affebb4ab9c6bfd3bb382728d786933ba04382170f312
                                                                                                  • Opcode Fuzzy Hash: be882cf9fa9c1c96c2066a980dd0289ab2e95bc7e410b081885d6179a8f00f60
                                                                                                  • Instruction Fuzzy Hash: C2515971A19102A6CF117B5CDD0537B3BACAB80740FB04D69E0D5827B9EF388C95EB66
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0090CB90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007C9CC0: GetProcessHeap.KERNEL32 ref: 007C9D15
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9D47
                                                                                                    • Part of subcall function 007C9CC0: __Init_thread_footer.LIBCMT ref: 007C9DD2
                                                                                                  • CloseHandle.KERNEL32(?,FF5677B6,000000C9,00000000), ref: 0090CD13
                                                                                                  • DeleteCriticalSection.KERNEL32(?,FF5677B6,000000C9,00000000), ref: 0090CDA1
                                                                                                  Strings
                                                                                                  • << Advanced Installer (x86) Log >>, xrefs: 0090CC7F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Init_thread_footer$CloseCriticalDeleteHandleHeapProcessSection
                                                                                                  • String ID: << Advanced Installer (x86) Log >>
                                                                                                  • API String ID: 3699736680-396061572
                                                                                                  • Opcode ID: e68a37095be084ac3ea0885cadbda8f98269af10588e16383d925d1dea61068f
                                                                                                  • Instruction ID: 4d66576433a160c78187dc3693d56726ddf06f8603fc8a8035c1ff8acecb255f
                                                                                                  • Opcode Fuzzy Hash: e68a37095be084ac3ea0885cadbda8f98269af10588e16383d925d1dea61068f
                                                                                                  • Instruction Fuzzy Hash: 6C61AD70901685EFDB01DFA8C948BAABBF4FF45314F1882ADE4049B7D1DB75AA04CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 0092F900 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 147COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • OpenEventW.KERNEL32(00000000,00000000,00000000,_pbl_evt,00000008,?,?,00A1BE58,00000001,FF5677B6,00000000), ref: 0092F9AE
                                                                                                  • CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 0092F9CB
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Event$CreateOpen
                                                                                                  • String ID: _pbl_evt
                                                                                                  • API String ID: 2335040897-4023232351
                                                                                                  • Opcode ID: 87aa607e3ba93ae3f18ca5b9ad463a4cf2fc31f737153ca9630acb40815422ad
                                                                                                  • Instruction ID: 8a667771d1c01fb9e909ebc9fd213bd1068baba0f892c8b7bf49c354dd3d8f60
                                                                                                  • Opcode Fuzzy Hash: 87aa607e3ba93ae3f18ca5b9ad463a4cf2fc31f737153ca9630acb40815422ad
                                                                                                  • Instruction Fuzzy Hash: D0518B71D10618EFDB14DFA8DC56BEEB7B8EF04714F108229E515A7280EB786A04CF90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 008E3620 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103windowCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,00000000,00000000,00000000,FF5677B6,00A1B190), ref: 008E3678
                                                                                                  • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 008E3782
                                                                                                    • Part of subcall function 008D3110: std::locale::_Init.LIBCPMT ref: 008D31ED
                                                                                                    • Part of subcall function 008D0BA0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 008D0C75
                                                                                                  Strings
                                                                                                  • Failed to get Windows error message [win32 error 0x, xrefs: 008E3696
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FormatFreeInitIos_base_dtorLocalMessagestd::ios_base::_std::locale::_
                                                                                                  • String ID: Failed to get Windows error message [win32 error 0x
                                                                                                  • API String ID: 1983821583-3373098694
                                                                                                  • Opcode ID: 7efd03da431c8aa0f48f9081b05414b15b0d28b4a23857e317e2667aa2e08eb6
                                                                                                  • Instruction ID: f0dc2515f7126a208aded43ecca4008d80db067c85c0b0858826050f105d1846
                                                                                                  • Opcode Fuzzy Hash: 7efd03da431c8aa0f48f9081b05414b15b0d28b4a23857e317e2667aa2e08eb6
                                                                                                  • Instruction Fuzzy Hash: 2C416DB0A043499BDB10DF69CD09BAEBBF8FF45704F104669E455EB290D7B49A08CB91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00805300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • std::_Lockit::_Lockit.LIBCPMT ref: 0080532B
                                                                                                  • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0080538E
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                  • String ID: bad locale name
                                                                                                  • API String ID: 3988782225-1405518554
                                                                                                  • Opcode ID: e868e779d8289ca206277fc5e8771f0504ceb649757bc6fef73d036b257e7eb1
                                                                                                  • Instruction ID: b43057b35462d9a965f06d3a03e7e1cd4f92568bc6c83aff62d768b854c9f0be
                                                                                                  • Opcode Fuzzy Hash: e868e779d8289ca206277fc5e8771f0504ceb649757bc6fef73d036b257e7eb1
                                                                                                  • Instruction Fuzzy Hash: 5B21B070905B84DFD720CF68C90475BBBF4AF15714F14869DE489C7781D7B9AA04CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E7710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetParent.USER32(00000005), ref: 007E7784
                                                                                                  Strings
                                                                                                  • C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 007E7759
                                                                                                  • d, xrefs: 007E7750
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Parent
                                                                                                  • String ID: C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h$d
                                                                                                  • API String ID: 975332729-572215800
                                                                                                  • Opcode ID: 8665f5b26881eb908c12c57f708d614a39ef86320c4f67e3f3f54a9b9c0c7329
                                                                                                  • Instruction ID: c15a4b803e4d67f55b84a586632544c4db2d760309205b9179be124cf45f740d
                                                                                                  • Opcode Fuzzy Hash: 8665f5b26881eb908c12c57f708d614a39ef86320c4f67e3f3f54a9b9c0c7329
                                                                                                  • Instruction Fuzzy Hash: 45217970D09288EFDB04DFE4D958BDDBBB1BF09308F608198E005AB395DBB95A08DB51
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D266B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • d, xrefs: 007D26AB
                                                                                                  • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 007D26B4
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ActiveWindow
                                                                                                  • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                                                                                                  • API String ID: 2558294473-506145171
                                                                                                  • Opcode ID: 9693bd676d7e57aa31e22207464760eaef44e8ea3f837b90404a62a71f48e89a
                                                                                                  • Instruction ID: 5681e2b7399cc2fc2882438bb30ec29abbf9dca93f4486b91f6cee288032cff6
                                                                                                  • Opcode Fuzzy Hash: 9693bd676d7e57aa31e22207464760eaef44e8ea3f837b90404a62a71f48e89a
                                                                                                  • Instruction Fuzzy Hash: C5217470D05288EFCB00DBE4D958B9DBBB1BF19308F608098E001AB395EBB85A09DB51
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E77EB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetParent.USER32(0000000D), ref: 007E785C
                                                                                                  Strings
                                                                                                  • C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 007E782F
                                                                                                  • d, xrefs: 007E7826
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Parent
                                                                                                  • String ID: C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h$d
                                                                                                  • API String ID: 975332729-572215800
                                                                                                  • Opcode ID: e676c677bc3ec9f8f5db69a81f1879929f93d3fcebcb2252c0ed859a0b64197c
                                                                                                  • Instruction ID: 65cde4b83f4cd5a09931046f926993ee58ff1f5737305a44b4979f7708c5b78c
                                                                                                  • Opcode Fuzzy Hash: e676c677bc3ec9f8f5db69a81f1879929f93d3fcebcb2252c0ed859a0b64197c
                                                                                                  • Instruction Fuzzy Hash: 6F214430D05288EFDB04DFE4D958BDDBBB1BF14308F608158E001AF2A5DBB95A48DB52
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D2A59 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • d, xrefs: 007D2A99
                                                                                                  • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 007D2AA5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ActiveWindow
                                                                                                  • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                                                                                                  • API String ID: 2558294473-506145171
                                                                                                  • Opcode ID: bdd8d640b443e374e80b102a9cf24c7f41b887bfa5aeb9fc0fffdbddf0925372
                                                                                                  • Instruction ID: 451c2232377accf13433bc004c168f6be9b8d2d8968ff9931695ca1b3bf94b5d
                                                                                                  • Opcode Fuzzy Hash: bdd8d640b443e374e80b102a9cf24c7f41b887bfa5aeb9fc0fffdbddf0925372
                                                                                                  • Instruction Fuzzy Hash: 51215870D15298EFCB04DFE4D8587DDBBB1BF55304F608198E001AB395EBB95A09CB51
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D2740 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 007D2784
                                                                                                  • d, xrefs: 007D277B
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ActiveWindow
                                                                                                  • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                                                                                                  • API String ID: 2558294473-506145171
                                                                                                  • Opcode ID: f6db825d1ff832a6fc13cfb44d3b883e93eaeb482f7959d0e794456b028131f1
                                                                                                  • Instruction ID: 3035b88988d4bed0a3f01a38c0e9a6cc612a60f75f02ebaadbfb98acb349f0ef
                                                                                                  • Opcode Fuzzy Hash: f6db825d1ff832a6fc13cfb44d3b883e93eaeb482f7959d0e794456b028131f1
                                                                                                  • Instruction Fuzzy Hash: B7215330D05288EECB04DBE4D958BDDBBB1BF55308F608158E001BB295DBB94A09EB51
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D2B31 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 007D2B78
                                                                                                  • d, xrefs: 007D2B6C
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ActiveWindow
                                                                                                  • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                                                                                                  • API String ID: 2558294473-506145171
                                                                                                  • Opcode ID: cc591dcdc490e85e4a33c77d03df09b5f575ca44f5e19eeb664d659ef3684341
                                                                                                  • Instruction ID: 3d179b229319197f858e79e320f1562793f2b131c336a3bb901d06d72891fd62
                                                                                                  • Opcode Fuzzy Hash: cc591dcdc490e85e4a33c77d03df09b5f575ca44f5e19eeb664d659ef3684341
                                                                                                  • Instruction Fuzzy Hash: EE214470D15288EECB04DFE4D9687DDBBB0BF54308F608198E001AB295EBB94A09DB51
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007E78C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetParent.USER32(00000013), ref: 007E78F6
                                                                                                  Strings
                                                                                                  • C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 007E78DB
                                                                                                  • Unknown exception, xrefs: 007E78CB
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Parent
                                                                                                  • String ID: C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h$Unknown exception
                                                                                                  • API String ID: 975332729-9186675
                                                                                                  • Opcode ID: e86eaf7871f7fa57af7c2726015526fb5638e4f62de9142bdcef94531ecf0865
                                                                                                  • Instruction ID: 210eac867cd4a6615904294b3bd9dcccabb9336a76956bde80a52fecb25c575e
                                                                                                  • Opcode Fuzzy Hash: e86eaf7871f7fa57af7c2726015526fb5638e4f62de9142bdcef94531ecf0865
                                                                                                  • Instruction Fuzzy Hash: 45016D30D05288EFDB04DBE8C919ADDBBB0AF55304F54819CE0026B296DBB95E08DB92
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D2C06 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 007D2C21
                                                                                                  • Unknown exception, xrefs: 007D2C0E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ActiveWindow
                                                                                                  • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                  • API String ID: 2558294473-2631306498
                                                                                                  • Opcode ID: 479143d405c74e7f1413723cf9effe5d60d0807c4748d1c3edc763d75b9b4051
                                                                                                  • Instruction ID: 04e3a8200944a700eae0c2294ff4434a69ce95b61a1c6b205f1e3346a95f3f43
                                                                                                  • Opcode Fuzzy Hash: 479143d405c74e7f1413723cf9effe5d60d0807c4748d1c3edc763d75b9b4051
                                                                                                  • Instruction Fuzzy Hash: 72019230D05288EBCB05EBE8CD59ACEBBB0BF55304F54819CD0016B396DBB45A08DB92
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 007D2812 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 007D282A
                                                                                                  • Unknown exception, xrefs: 007D281A
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ActiveWindow
                                                                                                  • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                  • API String ID: 2558294473-2631306498
                                                                                                  • Opcode ID: f0adbebd91d61967a53c7331edb142899646091d0284e3c3c1a8378e7fb3bb7c
                                                                                                  • Instruction ID: 8f053eeec8a3b374ac281daa0a9a90a0a9d9c0e07719fa9648dbf8f6d57db366
                                                                                                  • Opcode Fuzzy Hash: f0adbebd91d61967a53c7331edb142899646091d0284e3c3c1a8378e7fb3bb7c
                                                                                                  • Instruction Fuzzy Hash: 2F019E30D05288EBCB05DBE8C918BDDBFB0BF55304F54409CE0026B386DBB84A08DBA2
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00973EC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                    • Part of subcall function 007D9260: InitializeCriticalSectionAndSpinCount.KERNEL32(00A87F5C,00000000,FF5677B6,007C0000,Function_001DC6B0,000000FF,?,00973EF0,?,?,?,007C6508), ref: 007D9285
                                                                                                    • Part of subcall function 007D9260: GetLastError.KERNEL32(?,00973EF0,?,?,?,007C6508), ref: 007D928F
                                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,007C6508), ref: 00973EF4
                                                                                                  • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,007C6508), ref: 00973F03
                                                                                                  Strings
                                                                                                  • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00973EFE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1569918841.00000000007C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007C0000, based on PE: true
                                                                                                  • Associated: 00000000.00000002.1569879084.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570067888.00000000009F9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570123358.0000000000A81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570142663.0000000000A86000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570159656.0000000000A87000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                  • Associated: 00000000.00000002.1570177246.0000000000A8A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7c0000_fxsound_setup.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                  • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                  • API String ID: 450123788-631824599
                                                                                                  • Opcode ID: 2c45895d91dde77f5500458b0ba0c8928e67bbf0af0b692eeb4cd0c18dfcf201
                                                                                                  • Instruction ID: 98f8ff78e9318d6fe7be39c6e9e1eb0de6e7b2d7c574adc237b2ac540e218b57
                                                                                                  • Opcode Fuzzy Hash: 2c45895d91dde77f5500458b0ba0c8928e67bbf0af0b692eeb4cd0c18dfcf201
                                                                                                  • Instruction Fuzzy Hash: 05E065B1A043118BE720AF29E808752BAF4BB44344F00C86DE58AC2640EBB8E544DBA2
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:1.5%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:4.2%
                                                                                                  Total number of Nodes:734
                                                                                                  Total number of Limit Nodes:25
                                                                                                  execution_graph 14326 7ff76681c8c8 14347 7ff76681ca94 14326->14347 14329 7ff76681c8e9 __scrt_acquire_startup_lock 14332 7ff76681ca29 14329->14332 14338 7ff76681c907 __scrt_release_startup_lock 14329->14338 14330 7ff76681ca1f 14406 7ff76681cfc0 IsProcessorFeaturePresent 14330->14406 14333 7ff76681cfc0 7 API calls 14332->14333 14335 7ff76681ca34 BuildCatchObjectHelperInternal 14333->14335 14334 7ff76681c92c 14336 7ff76681c9b2 14355 7ff766828968 14336->14355 14338->14334 14338->14336 14395 7ff766828d20 14338->14395 14340 7ff76681c9b7 14361 7ff766818c60 14340->14361 14344 7ff76681c9db 14344->14335 14402 7ff76681cc28 14344->14402 14413 7ff76681d250 14347->14413 14350 7ff76681cac3 14415 7ff76682ac54 14350->14415 14354 7ff76681c8e1 14354->14329 14354->14330 14356 7ff766828978 14355->14356 14359 7ff76682898d 14355->14359 14356->14359 14458 7ff766828624 14356->14458 14359->14340 14362 7ff766818c89 14361->14362 14363 7ff766818c9c 14361->14363 14544 7ff766818e70 14362->14544 14527 7ff766822f18 14363->14527 14366 7ff766818cac 14367 7ff766818cfe 14366->14367 14368 7ff766818cb0 14366->14368 14369 7ff766822f18 TranslateName 53 API calls 14367->14369 14371 7ff766818cc8 14368->14371 14372 7ff766818cb5 14368->14372 14373 7ff766818d0e 14369->14373 14370 7ff76681c4b0 _log10_special 8 API calls 14374 7ff766818e28 14370->14374 14558 7ff766816870 14371->14558 14375 7ff766818e70 180 API calls 14372->14375 14382 7ff766818d3d SetupDiGetClassDevsW 14373->14382 14383 7ff766818df7 14373->14383 14388 7ff766818c95 14373->14388 14400 7ff76681d114 GetModuleHandleW 14374->14400 14375->14388 14378 7ff766818ce8 14381 7ff766818e70 180 API calls 14378->14381 14379 7ff766818cd5 14380 7ff766818e70 180 API calls 14379->14380 14384 7ff766818ce1 14380->14384 14381->14384 14382->14383 14386 7ff766818d5d SetupDiEnumDeviceInfo 14382->14386 14385 7ff766818e70 180 API calls 14383->14385 14384->14388 14385->14388 14387 7ff766818dee SetupDiDestroyDeviceInfoList 14386->14387 14390 7ff766818d7d 14386->14390 14387->14383 14388->14370 14389 7ff766818d80 SetupDiGetDeviceRegistryPropertyW 14389->14390 14390->14389 14391 7ff766818e39 SetupDiRemoveDevice 14390->14391 14392 7ff766818ddb SetupDiEnumDeviceInfo 14390->14392 14391->14387 14393 7ff766818e48 SetupDiDestroyDeviceInfoList 14391->14393 14392->14387 14392->14389 14394 7ff766818e70 180 API calls 14393->14394 14394->14388 14396 7ff766828d37 14395->14396 14397 7ff766828d58 14395->14397 14396->14336 14398 7ff76682aca0 __GSHandlerCheck_EH 47 API calls 14397->14398 14399 7ff766828d5d 14398->14399 14401 7ff76681d125 14400->14401 14401->14344 14404 7ff76681cc39 14402->14404 14403 7ff76681c9f2 14403->14334 14404->14403 14405 7ff76681f218 __scrt_initialize_crt 7 API calls 14404->14405 14405->14403 14407 7ff76681cfe6 _fread_nolock BuildCatchObjectHelperInternal 14406->14407 14408 7ff76681d005 RtlCaptureContext RtlLookupFunctionEntry 14407->14408 14409 7ff76681d02e RtlVirtualUnwind 14408->14409 14410 7ff76681d06a _fread_nolock 14408->14410 14409->14410 14411 7ff76681d09c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14410->14411 14412 7ff76681d0ee BuildCatchObjectHelperInternal 14411->14412 14412->14332 14414 7ff76681cab6 __scrt_dllmain_crt_thread_attach 14413->14414 14414->14350 14414->14354 14416 7ff766835a40 14415->14416 14417 7ff76681cac8 14416->14417 14425 7ff76682ccb0 14416->14425 14417->14354 14419 7ff76681f218 14417->14419 14420 7ff76681f22a 14419->14420 14421 7ff76681f220 14419->14421 14420->14354 14437 7ff76681f3f0 14421->14437 14436 7ff766824a34 EnterCriticalSection 14425->14436 14427 7ff76682ccc0 14428 7ff766832ea4 53 API calls 14427->14428 14429 7ff76682ccc9 14428->14429 14430 7ff76682ccd7 14429->14430 14431 7ff76682cab8 55 API calls 14429->14431 14432 7ff766824a88 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 14430->14432 14433 7ff76682ccd2 14431->14433 14434 7ff76682cce3 14432->14434 14435 7ff76682cba8 GetStdHandle GetFileType 14433->14435 14434->14416 14435->14430 14438 7ff76681f225 14437->14438 14439 7ff76681f3ff 14437->14439 14441 7ff766822564 14438->14441 14445 7ff766822734 14439->14445 14442 7ff76682258f 14441->14442 14443 7ff766822572 DeleteCriticalSection 14442->14443 14444 7ff766822593 14442->14444 14443->14442 14444->14420 14449 7ff76682259c 14445->14449 14450 7ff7668226b6 TlsFree 14449->14450 14455 7ff7668225e0 __vcrt_FlsAlloc 14449->14455 14451 7ff76682260e LoadLibraryExW 14453 7ff76682262f GetLastError 14451->14453 14454 7ff766822685 14451->14454 14452 7ff7668226a5 GetProcAddress 14452->14450 14453->14455 14454->14452 14456 7ff76682269c FreeLibrary 14454->14456 14455->14450 14455->14451 14455->14452 14457 7ff766822651 LoadLibraryExW 14455->14457 14456->14452 14457->14454 14457->14455 14459 7ff766828639 14458->14459 14460 7ff76682863d 14458->14460 14459->14359 14471 7ff7668287f4 14459->14471 14479 7ff766832878 GetEnvironmentStringsW 14460->14479 14463 7ff76682864a 14465 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14463->14465 14464 7ff766828656 14486 7ff766828694 14464->14486 14465->14459 14468 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14469 7ff76682867d 14468->14469 14470 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14469->14470 14470->14459 14472 7ff766828817 14471->14472 14473 7ff76682882e 14471->14473 14472->14359 14473->14472 14474 7ff76682bf44 _set_errno_from_matherr 11 API calls 14473->14474 14475 7ff7668288a2 14473->14475 14476 7ff7668314d0 MultiByteToWideChar _fread_nolock 14473->14476 14478 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14473->14478 14474->14473 14477 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14475->14477 14476->14473 14477->14472 14478->14473 14480 7ff76683289c 14479->14480 14481 7ff766828642 14479->14481 14505 7ff76682bee4 14480->14505 14481->14463 14481->14464 14483 7ff7668328d3 _Yarn 14484 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14483->14484 14485 7ff7668328f3 FreeEnvironmentStringsW 14484->14485 14485->14481 14487 7ff7668286bc 14486->14487 14488 7ff76682bf44 _set_errno_from_matherr 11 API calls 14487->14488 14499 7ff7668286f7 14488->14499 14489 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14490 7ff76682865e 14489->14490 14490->14468 14491 7ff766828779 14492 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14491->14492 14492->14490 14493 7ff76682bf44 _set_errno_from_matherr 11 API calls 14493->14499 14494 7ff766828768 14521 7ff7668287b0 14494->14521 14498 7ff76682879c 14503 7ff766822dc8 _invalid_parameter_noinfo_noreturn 17 API calls 14498->14503 14499->14491 14499->14493 14499->14494 14499->14498 14501 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14499->14501 14502 7ff7668286ff 14499->14502 14512 7ff766830794 14499->14512 14500 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14500->14502 14501->14499 14502->14489 14504 7ff7668287ae 14503->14504 14506 7ff76682bf2f 14505->14506 14510 7ff76682bef3 _set_errno_from_matherr 14505->14510 14507 7ff766825808 _set_errno_from_matherr 11 API calls 14506->14507 14509 7ff76682bf2d 14507->14509 14508 7ff76682bf16 HeapAlloc 14508->14509 14508->14510 14509->14483 14510->14506 14510->14508 14511 7ff766828010 std::_Facet_Register 2 API calls 14510->14511 14511->14510 14513 7ff7668307ab 14512->14513 14514 7ff7668307a1 14512->14514 14515 7ff766825808 _set_errno_from_matherr 11 API calls 14513->14515 14514->14513 14519 7ff7668307c7 14514->14519 14516 7ff7668307b3 14515->14516 14517 7ff766822d78 _invalid_parameter_noinfo 47 API calls 14516->14517 14518 7ff7668307bf 14517->14518 14518->14499 14519->14518 14520 7ff766825808 _set_errno_from_matherr 11 API calls 14519->14520 14520->14516 14522 7ff766828770 14521->14522 14523 7ff7668287b5 14521->14523 14522->14500 14524 7ff7668287de 14523->14524 14525 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14523->14525 14526 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14524->14526 14525->14523 14526->14522 14528 7ff766822f49 14527->14528 14529 7ff766822f25 14527->14529 14532 7ff766822f83 14528->14532 14533 7ff766822fa2 14528->14533 14529->14528 14530 7ff766822f2a 14529->14530 14531 7ff766825808 _set_errno_from_matherr 11 API calls 14530->14531 14534 7ff766822f2f 14531->14534 14535 7ff766825808 _set_errno_from_matherr 11 API calls 14532->14535 14580 7ff766822e3c 14533->14580 14537 7ff766822d78 _invalid_parameter_noinfo 47 API calls 14534->14537 14538 7ff766822f88 14535->14538 14539 7ff766822f3a 14537->14539 14540 7ff766822d78 _invalid_parameter_noinfo 47 API calls 14538->14540 14539->14366 14541 7ff766822f93 TranslateName 14540->14541 14541->14366 14542 7ff766822faf 14542->14541 14543 7ff76682bcd8 53 API calls TranslateName 14542->14543 14543->14542 14546 7ff766818eb0 14544->14546 14545 7ff766818f08 14548 7ff7668190f8 14545->14548 14549 7ff7668190ab 14545->14549 14546->14545 14612 7ff766819240 14546->14612 14633 7ff766818b10 14548->14633 14551 7ff7668190bc 14549->14551 14626 7ff7668193a0 14549->14626 14551->14388 14553 7ff76681913a 14644 7ff76681e350 14553->14644 14555 7ff76681916a 14555->14388 14556 7ff76681914b 14556->14555 14557 7ff7668193a0 180 API calls 14556->14557 14557->14555 14559 7ff7668168a0 14558->14559 14566 7ff7668168cb 14558->14566 14560 7ff7668168ab GetFullPathNameW 14559->14560 14559->14566 14563 7ff7668168d2 _fread_nolock 14560->14563 14560->14566 14561 7ff76681c4b0 _log10_special 8 API calls 14562 7ff766816b22 14561->14562 14562->14378 14562->14379 14564 7ff76681694b SetupDiGetINFClassW 14563->14564 14563->14566 14565 7ff766816977 SetupDiCreateDeviceInfoList 14564->14565 14564->14566 14565->14566 14567 7ff766816999 SetupDiCreateDeviceInfoW 14565->14567 14566->14561 14568 7ff7668169d9 SetupDiSetDeviceRegistryPropertyW 14567->14568 14569 7ff766816af0 SetupDiDestroyDeviceInfoList 14567->14569 14568->14569 14571 7ff766816a2a SetupDiCallClassInstaller 14568->14571 14569->14566 14571->14569 14572 7ff766816a45 14571->14572 14573 7ff766816a58 GetFullPathNameW 14572->14573 14574 7ff766816a4e 14572->14574 14573->14569 14575 7ff766816a7a GetFileAttributesW 14573->14575 14574->14569 14575->14569 14576 7ff766816a8d LoadLibraryW 14575->14576 14576->14569 14577 7ff766816aa2 GetProcAddress 14576->14577 14578 7ff766816ae7 FreeLibrary 14577->14578 14579 7ff766816ab7 14577->14579 14578->14569 14579->14578 14581 7ff766822e5b 14580->14581 14582 7ff766822e60 14580->14582 14581->14542 14582->14581 14583 7ff76682b978 _Getctype 47 API calls 14582->14583 14584 7ff766822e7b 14583->14584 14588 7ff76682bdd0 14584->14588 14589 7ff766822e9e 14588->14589 14590 7ff76682bde5 14588->14590 14592 7ff76682be3c 14589->14592 14590->14589 14596 7ff766834440 14590->14596 14593 7ff76682be51 14592->14593 14595 7ff76682be64 14592->14595 14593->14595 14609 7ff76683259c 14593->14609 14595->14581 14597 7ff76682b978 _Getctype 47 API calls 14596->14597 14598 7ff76683444f 14597->14598 14600 7ff76683449a 14598->14600 14608 7ff766824a34 EnterCriticalSection 14598->14608 14600->14589 14610 7ff76682b978 _Getctype 47 API calls 14609->14610 14611 7ff7668325a5 14610->14611 14613 7ff76681927e 14612->14613 14620 7ff7668192fe 14612->14620 14649 7ff766819190 14613->14649 14614 7ff76681c4b0 _log10_special 8 API calls 14616 7ff76681932c 14614->14616 14616->14545 14618 7ff7668192eb 14619 7ff7668193a0 180 API calls 14618->14619 14618->14620 14619->14620 14620->14614 14621 7ff766819341 14622 7ff766818b10 180 API calls 14621->14622 14623 7ff766819383 14622->14623 14624 7ff76681e350 Concurrency::cancel_current_task 2 API calls 14623->14624 14625 7ff766819394 14624->14625 14627 7ff7668193e9 14626->14627 14628 7ff7668193b7 14626->14628 14627->14551 14628->14627 14629 7ff766818b10 180 API calls 14628->14629 14630 7ff76681942f 14629->14630 14631 7ff76681e350 Concurrency::cancel_current_task 2 API calls 14630->14631 14632 7ff766819440 14631->14632 14634 7ff766818b50 14633->14634 14634->14634 14636 7ff766818b63 _Yarn 14634->14636 14653 7ff766817b00 14634->14653 14668 7ff766818690 14636->14668 14638 7ff766818b9b 14639 7ff766818bd0 14638->14639 14687 7ff766822d98 14638->14687 14639->14553 14645 7ff76681e38c RtlPcToFileHeader 14644->14645 14646 7ff76681e36f 14644->14646 14647 7ff76681e3a4 14645->14647 14648 7ff76681e3b3 RaiseException 14645->14648 14646->14645 14647->14648 14648->14556 14651 7ff7668191b9 14649->14651 14650 7ff7668191ce 14650->14618 14650->14621 14651->14650 14652 7ff766819240 180 API calls 14651->14652 14652->14650 14654 7ff766817b27 14653->14654 14655 7ff766817c1f 14653->14655 14657 7ff766817b76 14654->14657 14660 7ff766817b69 14654->14660 14661 7ff766817ba2 14654->14661 14698 7ff766811370 14655->14698 14692 7ff76681c774 14657->14692 14658 7ff766817c24 14808 7ff7668112d0 14658->14808 14660->14657 14660->14658 14663 7ff76681c774 std::_Facet_Register 49 API calls 14661->14663 14666 7ff766817b8b _Yarn 14661->14666 14663->14666 14664 7ff766822d98 _invalid_parameter_noinfo_noreturn 47 API calls 14665 7ff766817c30 14664->14665 14666->14664 14667 7ff766817bfc 14666->14667 14667->14636 14669 7ff7668186dc 14668->14669 14670 7ff766818718 14669->14670 14671 7ff766818747 14669->14671 14675 7ff7668186e5 _Yarn 14669->14675 14672 7ff76681c774 std::_Facet_Register 49 API calls 14670->14672 14680 7ff76681890b 14670->14680 14673 7ff76681c774 std::_Facet_Register 49 API calls 14671->14673 14671->14675 14672->14675 14673->14675 14674 7ff7668112d0 Concurrency::cancel_current_task 49 API calls 14676 7ff766818911 14674->14676 14675->14676 14677 7ff766818906 14675->14677 14681 7ff76681e0b8 __std_exception_copy 47 API calls 14675->14681 14679 7ff766822d98 _invalid_parameter_noinfo_noreturn 47 API calls 14676->14679 14678 7ff766822d98 _invalid_parameter_noinfo_noreturn 47 API calls 14677->14678 14678->14680 14684 7ff766818917 __std_exception_destroy 14679->14684 14680->14674 14682 7ff766818891 14681->14682 14682->14677 14683 7ff7668188cd 14682->14683 14685 7ff76681c4b0 _log10_special 8 API calls 14683->14685 14684->14638 14686 7ff7668188f4 14685->14686 14686->14638 14688 7ff766822c0c _invalid_parameter_noinfo_noreturn 47 API calls 14687->14688 14689 7ff766822db1 14688->14689 14690 7ff766822dc8 _invalid_parameter_noinfo_noreturn 17 API calls 14689->14690 14691 7ff766822dc6 14690->14691 14695 7ff76681c77f 14692->14695 14693 7ff76681c798 14693->14666 14694 7ff766828010 std::_Facet_Register 2 API calls 14694->14695 14695->14692 14695->14693 14695->14694 14697 7ff7668112d0 Concurrency::cancel_current_task 49 API calls 14695->14697 14814 7ff76681ce94 14695->14814 14697->14695 14818 7ff766819924 14698->14818 14809 7ff7668112de Concurrency::cancel_current_task 14808->14809 14810 7ff76681e350 Concurrency::cancel_current_task 2 API calls 14809->14810 14811 7ff7668112ef 14810->14811 14812 7ff76681e0b8 __std_exception_copy 47 API calls 14811->14812 14813 7ff766811319 14812->14813 14813->14666 14815 7ff76681cea2 Concurrency::cancel_current_task 14814->14815 14816 7ff76681e350 Concurrency::cancel_current_task 2 API calls 14815->14816 14817 7ff76681ceb3 14816->14817 14823 7ff7668197d4 14818->14823 14821 7ff76681e350 Concurrency::cancel_current_task 2 API calls 14822 7ff766819946 14821->14822 14826 7ff76681e0b8 14823->14826 14825 7ff766819808 14825->14821 14827 7ff76681e10e _Yarn 14826->14827 14828 7ff76681e0d9 14826->14828 14827->14825 14828->14827 14830 7ff76682accc 14828->14830 14831 7ff76682acd9 14830->14831 14832 7ff76682ace3 14830->14832 14831->14832 14836 7ff76682acfe 14831->14836 14833 7ff766825808 _set_errno_from_matherr 11 API calls 14832->14833 14838 7ff76682acea 14833->14838 14834 7ff76682acf6 14834->14827 14835 7ff766822d78 _invalid_parameter_noinfo 47 API calls 14835->14834 14836->14834 14837 7ff766825808 _set_errno_from_matherr 11 API calls 14836->14837 14837->14838 14838->14835 17169 7ff766836ad0 17172 7ff76683253c 17169->17172 17173 7ff766832549 17172->17173 17174 7ff76683258e 17172->17174 17178 7ff76682ba4c 17173->17178 17179 7ff76682ba78 FlsSetValue 17178->17179 17180 7ff76682ba5d FlsGetValue 17178->17180 17181 7ff76682ba6a 17179->17181 17183 7ff76682ba85 17179->17183 17180->17181 17182 7ff76682ba72 17180->17182 17185 7ff7668256dc BuildCatchObjectHelperInternal 47 API calls 17181->17185 17187 7ff76682ba70 17181->17187 17182->17179 17184 7ff76682bf44 _set_errno_from_matherr 11 API calls 17183->17184 17186 7ff76682ba94 17184->17186 17188 7ff76682baed 17185->17188 17189 7ff76682bab2 FlsSetValue 17186->17189 17190 7ff76682baa2 FlsSetValue 17186->17190 17198 7ff766832214 17187->17198 17192 7ff76682babe FlsSetValue 17189->17192 17193 7ff76682bad0 17189->17193 17191 7ff76682baab 17190->17191 17194 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17191->17194 17192->17191 17195 7ff76682b728 _set_errno_from_matherr 11 API calls 17193->17195 17194->17181 17196 7ff76682bad8 17195->17196 17197 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17196->17197 17197->17187 17221 7ff766832484 17198->17221 17203 7ff76682bee4 _fread_nolock 12 API calls 17204 7ff766832277 17203->17204 17205 7ff76683227f 17204->17205 17207 7ff76683228e 17204->17207 17206 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17205->17206 17220 7ff766832266 17206->17220 17207->17207 17239 7ff7668325b8 17207->17239 17210 7ff76683238a 17211 7ff766825808 _set_errno_from_matherr 11 API calls 17210->17211 17213 7ff76683238f 17211->17213 17212 7ff7668323e5 17215 7ff76683244c 17212->17215 17250 7ff766831d44 17212->17250 17216 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17213->17216 17214 7ff7668323a4 17214->17212 17217 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17214->17217 17219 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17215->17219 17216->17220 17217->17212 17219->17220 17220->17174 17222 7ff7668324a7 17221->17222 17225 7ff7668324b1 17222->17225 17265 7ff766824a34 EnterCriticalSection 17222->17265 17226 7ff766832249 17225->17226 17227 7ff7668256dc BuildCatchObjectHelperInternal 47 API calls 17225->17227 17232 7ff766831f14 17226->17232 17229 7ff76683253b 17227->17229 17233 7ff766822e3c TranslateName 47 API calls 17232->17233 17234 7ff766831f28 17233->17234 17235 7ff766831f46 17234->17235 17236 7ff766831f34 GetOEMCP 17234->17236 17237 7ff766831f5b 17235->17237 17238 7ff766831f4b GetACP 17235->17238 17236->17237 17237->17203 17237->17220 17238->17237 17240 7ff766831f14 49 API calls 17239->17240 17241 7ff7668325e5 17240->17241 17242 7ff766832665 _fread_nolock 17241->17242 17243 7ff766832622 IsValidCodePage 17241->17243 17244 7ff76681c4b0 _log10_special 8 API calls 17242->17244 17243->17242 17245 7ff766832633 17243->17245 17246 7ff766832381 17244->17246 17247 7ff76683266a GetCPInfo 17245->17247 17249 7ff76683263c _fread_nolock 17245->17249 17246->17210 17246->17214 17247->17242 17247->17249 17266 7ff76683202c 17249->17266 17277 7ff766824a34 EnterCriticalSection 17250->17277 17267 7ff766832069 GetCPInfo 17266->17267 17268 7ff76683215f 17266->17268 17267->17268 17274 7ff76683207c 17267->17274 17269 7ff76681c4b0 _log10_special 8 API calls 17268->17269 17271 7ff7668321fe 17269->17271 17270 7ff766830240 std::_Locinfo::_Locinfo_ctor 50 API calls 17272 7ff7668320f3 17270->17272 17271->17242 17273 7ff7668306fc 56 API calls 17272->17273 17275 7ff766832126 17273->17275 17274->17270 17276 7ff7668306fc 56 API calls 17275->17276 17276->17268 15732 7ff7668231d8 15733 7ff7668231e3 15732->15733 15741 7ff76682c9c4 15733->15741 15754 7ff766824a34 EnterCriticalSection 15741->15754 15755 7ff76681c7e4 15756 7ff76681c7f4 15755->15756 15772 7ff766828d6c 15756->15772 15758 7ff76681c800 15778 7ff76681cae0 15758->15778 15760 7ff76681cfc0 7 API calls 15762 7ff76681c899 15760->15762 15761 7ff76681c818 _RTC_Initialize 15770 7ff76681c86d 15761->15770 15783 7ff76681cc90 15761->15783 15764 7ff76681c82d 15786 7ff7668284a0 15764->15786 15770->15760 15771 7ff76681c889 15770->15771 15773 7ff766828d7d 15772->15773 15774 7ff766828d85 15773->15774 15775 7ff766825808 _set_errno_from_matherr 11 API calls 15773->15775 15774->15758 15776 7ff766828d94 15775->15776 15777 7ff766822d78 _invalid_parameter_noinfo 47 API calls 15776->15777 15777->15774 15779 7ff76681caf1 15778->15779 15782 7ff76681caf6 __scrt_release_startup_lock 15778->15782 15780 7ff76681cfc0 7 API calls 15779->15780 15779->15782 15781 7ff76681cb6a 15780->15781 15782->15761 15811 7ff76681cc54 15783->15811 15785 7ff76681cc99 15785->15764 15787 7ff7668284c0 15786->15787 15809 7ff76681c839 15786->15809 15788 7ff7668284c8 15787->15788 15789 7ff7668284de GetModuleFileNameW 15787->15789 15790 7ff766825808 _set_errno_from_matherr 11 API calls 15788->15790 15793 7ff766828509 15789->15793 15791 7ff7668284cd 15790->15791 15792 7ff766822d78 _invalid_parameter_noinfo 47 API calls 15791->15792 15792->15809 15794 7ff766828440 11 API calls 15793->15794 15795 7ff766828549 15794->15795 15796 7ff766828569 15795->15796 15797 7ff766828551 15795->15797 15801 7ff76682858b 15796->15801 15803 7ff7668285b7 15796->15803 15804 7ff7668285d0 15796->15804 15798 7ff766825808 _set_errno_from_matherr 11 API calls 15797->15798 15799 7ff766828556 15798->15799 15800 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15799->15800 15800->15809 15802 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15801->15802 15802->15809 15805 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15803->15805 15807 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15804->15807 15806 7ff7668285c0 15805->15806 15808 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15806->15808 15807->15801 15808->15809 15809->15770 15810 7ff76681cf68 InitializeSListHead 15809->15810 15812 7ff76681cc6e 15811->15812 15814 7ff76681cc67 shared_ptr 15811->15814 15815 7ff76682aae0 15812->15815 15814->15785 15818 7ff76682a71c 15815->15818 15825 7ff766824a34 EnterCriticalSection 15818->15825 16022 7ff76681100c 16027 7ff766819d00 16022->16027 16025 7ff76681cc54 shared_ptr 50 API calls 16026 7ff76681cc99 16025->16026 16028 7ff766819d1b 16027->16028 16031 7ff76681aa40 16028->16031 16030 7ff76681102c 16030->16025 16051 7ff76681a698 16031->16051 16036 7ff76681aa8b 16037 7ff76681aa98 16036->16037 16062 7ff76681bfc4 16036->16062 16037->16030 16039 7ff76681aaa8 16040 7ff766818b10 180 API calls 16039->16040 16041 7ff76681aae8 16040->16041 16042 7ff76681e350 Concurrency::cancel_current_task 2 API calls 16041->16042 16045 7ff76681aaf9 16042->16045 16043 7ff76681ab30 16044 7ff76681c4b0 _log10_special 8 API calls 16043->16044 16046 7ff76681ac6c 16044->16046 16045->16043 16048 7ff76681ac24 16045->16048 16049 7ff76681abb5 16045->16049 16046->16030 16048->16043 16075 7ff766824570 16048->16075 16049->16043 16067 7ff766823b34 16049->16067 16083 7ff76681a7e4 16051->16083 16054 7ff76681c774 std::_Facet_Register 49 API calls 16055 7ff76681a6e2 16054->16055 16056 7ff76681a6f1 16055->16056 16090 7ff76681b9bc 16055->16090 16058 7ff76681b2f8 16056->16058 16059 7ff76681b321 16058->16059 16143 7ff766819be8 16059->16143 16063 7ff76681b774 std::_Lockit::_Lockit 6 API calls 16062->16063 16064 7ff76681bfdc 16063->16064 16065 7ff76681b7ec std::_Lockit::~_Lockit LeaveCriticalSection 16064->16065 16066 7ff76681c035 16065->16066 16066->16037 16068 7ff766823b64 16067->16068 16243 7ff7668239d8 16068->16243 16071 7ff766823ba2 16073 7ff766823bb7 16071->16073 16074 7ff766822988 _invalid_parameter_noinfo_noreturn 47 API calls 16071->16074 16072 7ff766822988 _invalid_parameter_noinfo_noreturn 47 API calls 16072->16071 16073->16043 16074->16073 16076 7ff7668245a0 16075->16076 16262 7ff7668242d4 16076->16262 16079 7ff7668245e4 16081 7ff7668245f9 16079->16081 16082 7ff766822988 _invalid_parameter_noinfo_noreturn 47 API calls 16079->16082 16080 7ff766822988 _invalid_parameter_noinfo_noreturn 47 API calls 16080->16079 16081->16043 16082->16081 16084 7ff76681a6d8 16083->16084 16085 7ff76681a7fb 16083->16085 16084->16054 16086 7ff766818b10 180 API calls 16085->16086 16087 7ff76681a83d 16086->16087 16088 7ff76681e350 Concurrency::cancel_current_task 2 API calls 16087->16088 16089 7ff76681a84e 16088->16089 16099 7ff76681b774 16090->16099 16092 7ff76681b9de 16098 7ff76681ba01 _Yarn 16092->16098 16103 7ff76681bbb8 16092->16103 16094 7ff76681b9f6 16106 7ff76681bbe8 16094->16106 16097 7ff76681ba9c 16097->16056 16110 7ff76681b7ec 16098->16110 16100 7ff76681b788 16099->16100 16101 7ff76681b783 16099->16101 16100->16092 16114 7ff766824aa4 16101->16114 16104 7ff76681c774 std::_Facet_Register 49 API calls 16103->16104 16105 7ff76681bbca 16104->16105 16105->16094 16107 7ff76681bbfa 16106->16107 16108 7ff76681bc0d 16106->16108 16138 7ff76681c134 16107->16138 16108->16098 16111 7ff76681b7f7 LeaveCriticalSection 16110->16111 16112 7ff76681b800 16110->16112 16112->16097 16117 7ff76682c800 16114->16117 16118 7ff76682c06c __crtLCMapStringW 5 API calls 16117->16118 16119 7ff76682c820 16118->16119 16120 7ff76682c06c __crtLCMapStringW 5 API calls 16119->16120 16121 7ff76682c83f 16120->16121 16122 7ff76682c06c __crtLCMapStringW 5 API calls 16121->16122 16123 7ff76682c85e 16122->16123 16124 7ff76682c06c __crtLCMapStringW 5 API calls 16123->16124 16125 7ff76682c87d 16124->16125 16126 7ff76682c06c __crtLCMapStringW 5 API calls 16125->16126 16127 7ff76682c89c 16126->16127 16128 7ff76682c06c __crtLCMapStringW 5 API calls 16127->16128 16129 7ff76682c8bb 16128->16129 16130 7ff76682c06c __crtLCMapStringW 5 API calls 16129->16130 16131 7ff76682c8da 16130->16131 16132 7ff76682c06c __crtLCMapStringW 5 API calls 16131->16132 16133 7ff76682c8f9 16132->16133 16134 7ff76682c06c __crtLCMapStringW 5 API calls 16133->16134 16135 7ff76682c918 16134->16135 16136 7ff76682c06c __crtLCMapStringW 5 API calls 16135->16136 16137 7ff76682c937 16136->16137 16139 7ff76681c169 16138->16139 16140 7ff76681c142 EncodePointer 16138->16140 16141 7ff7668256dc BuildCatchObjectHelperInternal 47 API calls 16139->16141 16140->16108 16142 7ff76681c16e 16141->16142 16144 7ff76681b774 std::_Lockit::_Lockit 6 API calls 16143->16144 16145 7ff766819c02 16144->16145 16146 7ff76681b774 std::_Lockit::_Lockit 6 API calls 16145->16146 16150 7ff766819c51 16145->16150 16147 7ff766819c27 16146->16147 16151 7ff76681b7ec std::_Lockit::~_Lockit LeaveCriticalSection 16147->16151 16148 7ff766819c9e 16149 7ff76681b7ec std::_Lockit::~_Lockit LeaveCriticalSection 16148->16149 16152 7ff766819ce9 16149->16152 16150->16148 16160 7ff76681a4dc 16150->16160 16151->16150 16152->16036 16152->16039 16155 7ff766819cf7 16173 7ff76681a7a8 16155->16173 16156 7ff766819cb6 16170 7ff76681b97c 16156->16170 16161 7ff766819cb0 16160->16161 16162 7ff76681a50b 16160->16162 16161->16155 16161->16156 16162->16161 16163 7ff76681c774 std::_Facet_Register 49 API calls 16162->16163 16165 7ff76681a51c 16163->16165 16164 7ff76681a572 16164->16161 16202 7ff766819ff8 16164->16202 16165->16164 16179 7ff766819e14 16165->16179 16171 7ff76681c774 std::_Facet_Register 49 API calls 16170->16171 16172 7ff76681b98f 16171->16172 16172->16148 16174 7ff76681a7b6 std::bad_alloc::bad_alloc 16173->16174 16175 7ff76681e350 Concurrency::cancel_current_task 2 API calls 16174->16175 16176 7ff76681a7c7 16175->16176 16177 7ff766819cfc 16176->16177 16242 7ff766823288 LeaveCriticalSection 16176->16242 16180 7ff76681b774 std::_Lockit::_Lockit 6 API calls 16179->16180 16181 7ff766819e30 16180->16181 16182 7ff766819e7e 16181->16182 16183 7ff766819e64 16181->16183 16210 7ff76681996c 16182->16210 16205 7ff76681bb30 16183->16205 16238 7ff76681bb9c 16202->16238 16204 7ff76681a006 _Yarn 16215 7ff766824dac 16205->16215 16228 7ff7668198dc 16210->16228 16213 7ff76681e350 Concurrency::cancel_current_task 2 API calls 16214 7ff76681998e 16213->16214 16216 7ff76682c800 std::_Lockit::_Lockit 5 API calls 16215->16216 16217 7ff766824dc2 16216->16217 16220 7ff766824ad0 16217->16220 16227 7ff766824a34 EnterCriticalSection 16220->16227 16229 7ff76681e0b8 __std_exception_copy 47 API calls 16228->16229 16230 7ff766819910 16229->16230 16230->16213 16239 7ff76681bba9 16238->16239 16240 7ff76681bbb0 16238->16240 16241 7ff766824dac std::_Locinfo::_Locinfo_ctor 81 API calls 16239->16241 16240->16204 16241->16240 16244 7ff7668239fe 16243->16244 16245 7ff766823a33 16243->16245 16246 7ff766822ca8 _invalid_parameter_noinfo_noreturn 47 API calls 16244->16246 16261 7ff76682327c EnterCriticalSection 16245->16261 16249 7ff766823a20 16246->16249 16249->16071 16249->16072 16263 7ff766824321 16262->16263 16264 7ff7668242f4 16262->16264 16263->16079 16263->16080 16264->16263 16265 7ff766824329 16264->16265 16266 7ff7668242fe 16264->16266 16269 7ff766824214 16265->16269 16268 7ff766822ca8 _invalid_parameter_noinfo_noreturn 47 API calls 16266->16268 16268->16263 16276 7ff76682327c EnterCriticalSection 16269->16276 16280 7ff76682b7f8 16281 7ff76682b7fd 16280->16281 16285 7ff76682b812 16280->16285 16286 7ff76682b818 16281->16286 16287 7ff76682b85a 16286->16287 16288 7ff76682b862 16286->16288 16289 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16287->16289 16290 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16288->16290 16289->16288 16291 7ff76682b86f 16290->16291 16292 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16291->16292 16293 7ff76682b87c 16292->16293 16294 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16293->16294 16295 7ff76682b889 16294->16295 16296 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16295->16296 16297 7ff76682b896 16296->16297 16298 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16297->16298 16299 7ff76682b8a3 16298->16299 16300 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16299->16300 16301 7ff76682b8b0 16300->16301 16302 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16301->16302 16303 7ff76682b8bd 16302->16303 16304 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16303->16304 16305 7ff76682b8cd 16304->16305 16306 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16305->16306 16307 7ff76682b8dd 16306->16307 16312 7ff76682b6c8 16307->16312 16326 7ff766824a34 EnterCriticalSection 16312->16326 14100 7ff766828b49 14112 7ff76682aca0 14100->14112 14102 7ff766828b4e 14103 7ff766828bbf 14102->14103 14104 7ff766828b75 GetModuleHandleW 14102->14104 14105 7ff766828a4c 11 API calls 14103->14105 14104->14103 14110 7ff766828b82 14104->14110 14106 7ff766828bfb 14105->14106 14107 7ff766828c02 14106->14107 14108 7ff766828c18 11 API calls 14106->14108 14109 7ff766828c14 14108->14109 14110->14103 14111 7ff766828c7c GetModuleHandleExW GetProcAddress FreeLibrary 14110->14111 14111->14103 14117 7ff76682b978 GetLastError 14112->14117 14118 7ff76682b9b9 FlsSetValue 14117->14118 14119 7ff76682b99c FlsGetValue 14117->14119 14121 7ff76682b9cb 14118->14121 14136 7ff76682b9a9 SetLastError 14118->14136 14120 7ff76682b9b3 14119->14120 14119->14136 14120->14118 14148 7ff76682bf44 14121->14148 14124 7ff76682aca9 14139 7ff7668256dc 14124->14139 14125 7ff76682ba45 14129 7ff7668256dc BuildCatchObjectHelperInternal 40 API calls 14125->14129 14127 7ff76682b9f8 FlsSetValue 14131 7ff76682ba16 14127->14131 14132 7ff76682ba04 FlsSetValue 14127->14132 14128 7ff76682b9e8 FlsSetValue 14130 7ff76682b9f1 14128->14130 14133 7ff76682ba4a 14129->14133 14155 7ff76682bea8 14130->14155 14161 7ff76682b728 14131->14161 14132->14130 14136->14124 14136->14125 14209 7ff766830844 14139->14209 14153 7ff76682bf55 _set_errno_from_matherr 14148->14153 14149 7ff76682bfa6 14169 7ff766825808 14149->14169 14150 7ff76682bf8a RtlAllocateHeap 14151 7ff76682b9da 14150->14151 14150->14153 14151->14127 14151->14128 14153->14149 14153->14150 14166 7ff766828010 14153->14166 14156 7ff76682bead HeapFree 14155->14156 14157 7ff76682bedc 14155->14157 14156->14157 14158 7ff76682bec8 GetLastError 14156->14158 14157->14136 14159 7ff76682bed5 Concurrency::details::SchedulerProxy::DeleteThis 14158->14159 14160 7ff766825808 _set_errno_from_matherr 9 API calls 14159->14160 14160->14157 14195 7ff76682b600 14161->14195 14172 7ff76682804c 14166->14172 14178 7ff76682baf0 GetLastError 14169->14178 14171 7ff766825811 14171->14151 14177 7ff766824a34 EnterCriticalSection 14172->14177 14179 7ff76682bb31 FlsSetValue 14178->14179 14184 7ff76682bb14 14178->14184 14180 7ff76682bb43 14179->14180 14192 7ff76682bb21 14179->14192 14182 7ff76682bf44 _set_errno_from_matherr 5 API calls 14180->14182 14181 7ff76682bb9d SetLastError 14181->14171 14183 7ff76682bb52 14182->14183 14185 7ff76682bb70 FlsSetValue 14183->14185 14186 7ff76682bb60 FlsSetValue 14183->14186 14184->14179 14184->14192 14188 7ff76682bb8e 14185->14188 14189 7ff76682bb7c FlsSetValue 14185->14189 14187 7ff76682bb69 14186->14187 14190 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 14187->14190 14191 7ff76682b728 _set_errno_from_matherr 5 API calls 14188->14191 14189->14187 14190->14192 14193 7ff76682bb96 14191->14193 14192->14181 14194 7ff76682bea8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 14193->14194 14194->14181 14207 7ff766824a34 EnterCriticalSection 14195->14207 14243 7ff7668307fc 14209->14243 14248 7ff766824a34 EnterCriticalSection 14243->14248 16682 7ff766829154 16685 7ff766828f20 16682->16685 16692 7ff766824a34 EnterCriticalSection 16685->16692 16829 7ff76681af60 16830 7ff76681af99 16829->16830 16831 7ff76681af78 16829->16831 16831->16830 16833 7ff7668237d0 16831->16833 16834 7ff7668237de 16833->16834 16835 7ff7668237e5 16833->16835 16839 7ff766823608 16834->16839 16837 7ff7668237e3 16835->16837 16842 7ff7668235c8 16835->16842 16837->16830 16849 7ff7668234e8 16839->16849 16857 7ff76682327c EnterCriticalSection 16842->16857 16856 7ff766824a34 EnterCriticalSection 16849->16856 17860 7ff76683885f 17861 7ff766838878 17860->17861 17862 7ff76683886e 17860->17862 17864 7ff766824a88 LeaveCriticalSection 17862->17864

                                                                                                  Executed Functions

                                                                                                  Function 00007FF766818C60 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 122COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DeviceSetup$DestroyInfoList$Remove
                                                                                                  • String ID: $Driver removal failed$FxSound driver installation failed$Please specify a paramter : install or remove$Root\FXVAD$Success$Syntax: fxdevcon install <inf path>$install$remove
                                                                                                  • API String ID: 1552884366-1548843805
                                                                                                  • Opcode ID: 5cacbce7fdb70afc9de623bb55feab5698695e2e0fb7f17144c4357e18d40dac
                                                                                                  • Instruction ID: d74d7e1fb2870c573a3ab696cee09642a23b8e5881c63ceb345c283b9e6953bb
                                                                                                  • Opcode Fuzzy Hash: 5cacbce7fdb70afc9de623bb55feab5698695e2e0fb7f17144c4357e18d40dac
                                                                                                  • Instruction Fuzzy Hash: 7051A0E1A08A43D5EA61BB35EC012BBF361AF84794FD44131DA4D4B2A4EF3CE4658B20
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682C06C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF76682C820,?,?,?,?,00007FF766824AAD,?,?,?,?,00007FF76681B788), ref: 00007FF76682C1EB
                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF76682C820,?,?,?,?,00007FF766824AAD,?,?,?,?,00007FF76681B788), ref: 00007FF76682C1F7
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressFreeLibraryProc
                                                                                                  • String ID: api-ms-$ext-ms-$ios_base::failbit set
                                                                                                  • API String ID: 3013587201-4272397935
                                                                                                  • Opcode ID: 90ce76c3d5789e183d277d1c9b9ecc3a2879266a461235551c0db5cdac2e1d32
                                                                                                  • Instruction ID: 826323ab602d4f6cb01f2c04b64f2a2f3689c4008b1317559f6597bbdcc8bcc7
                                                                                                  • Opcode Fuzzy Hash: 90ce76c3d5789e183d277d1c9b9ecc3a2879266a461235551c0db5cdac2e1d32
                                                                                                  • Instruction Fuzzy Hash: D341F461B19643C1EA52EB26DC052B7A38ABF04BE0FD44535DD0D5F785EE3CE4648BA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76681C8C8 Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                  • String ID:
                                                                                                  • API String ID: 3058843127-0
                                                                                                  • Opcode ID: b9f438afba0401649940148789875f37fa25fc3ddfad57d9fea010e1fd8731c6
                                                                                                  • Instruction ID: a76de530cc75e25e6db697ee30bcd1aadfbc6ee8362405d73464869c976b570b
                                                                                                  • Opcode Fuzzy Hash: b9f438afba0401649940148789875f37fa25fc3ddfad57d9fea010e1fd8731c6
                                                                                                  • Instruction Fuzzy Hash: 78314CA1A08143C1EA52BB30DC113BBD392AF45788FC45035E54E5F3D7DE6CA8298B71
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766828C18 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                                  • String ID:
                                                                                                  • API String ID: 1703294689-0
                                                                                                  • Opcode ID: 69820d1b6aa14f4cd529ff87106b00f14374be80dc92e6562831604f876a292e
                                                                                                  • Instruction ID: 4bf1c619660eae9d63dd00d69f4acc2f58838bb8f27c4c9f7d8bc6bdd3e438a6
                                                                                                  • Opcode Fuzzy Hash: 69820d1b6aa14f4cd529ff87106b00f14374be80dc92e6562831604f876a292e
                                                                                                  • Instruction Fuzzy Hash: 51D06760B09A07D2FE583BB0DD5517AA21A5F4DB41BC01578C86A1B3A3DE2DA46D8A60
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682CBA8 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileHandleType
                                                                                                  • String ID:
                                                                                                  • API String ID: 3000768030-0
                                                                                                  • Opcode ID: 4286f1c0d31b7823e1c077a77f67fe1494a7b09971722fc1b5ed72947fb83f15
                                                                                                  • Instruction ID: 1b0f883fb9414510b52685bf3085b2cb46a024b130d08125be197da3e36c34bb
                                                                                                  • Opcode Fuzzy Hash: 4286f1c0d31b7823e1c077a77f67fe1494a7b09971722fc1b5ed72947fb83f15
                                                                                                  • Instruction Fuzzy Hash: 73319421A18B47C1D7A0AB35998017AA655FB45FB0BE40325DB6E1B3E1CF38E471D790
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766828B49 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                  • String ID:
                                                                                                  • API String ID: 3947729631-0
                                                                                                  • Opcode ID: 13d2b715926206afaca5db3d0266dd2789bd6b5ebdeaa94b62f7cffdfdefcb66
                                                                                                  • Instruction ID: ee5ea9e09657350e4df235e6018cad08f4317ec59e86dd6bc1baca26e5e0b1cc
                                                                                                  • Opcode Fuzzy Hash: 13d2b715926206afaca5db3d0266dd2789bd6b5ebdeaa94b62f7cffdfdefcb66
                                                                                                  • Instruction Fuzzy Hash: 1B219FB2A05602DEEF64AF74C8442AD73A9EB44718F844639D75C0ABC5DF38D458CBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766832EA4 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID:
                                                                                                  • API String ID: 3215553584-0
                                                                                                  • Opcode ID: 76c1d8289a632c5555ac3f4d244e84e2a89d35e61f60168d1cb1fbab7ef4d6a0
                                                                                                  • Instruction ID: afcb3a75dd9603b63827d18a85b261fb888e474eef79bb35aa2bc1a50b7c297b
                                                                                                  • Opcode Fuzzy Hash: 76c1d8289a632c5555ac3f4d244e84e2a89d35e61f60168d1cb1fbab7ef4d6a0
                                                                                                  • Instruction Fuzzy Hash: FB116A32929783C6E320BB74E85056AE6A5FF84740FC50435E64D6B696DF7CE8308FA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682BF44 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF76682BB52,?,?,?,00007FF766825811,?,?,?,?,00007FF766830FAE,?,?,00000000), ref: 00007FF76682BF99
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocateHeap
                                                                                                  • String ID:
                                                                                                  • API String ID: 1279760036-0
                                                                                                  • Opcode ID: 6379b2c65bd0b3b2ad55a001232f8e897d6bfc83adecff3030938788b245065b
                                                                                                  • Instruction ID: 9c8df6a362ece35779492c0bf49a47fb789c8bb9f2069f5f71e84d266240350c
                                                                                                  • Opcode Fuzzy Hash: 6379b2c65bd0b3b2ad55a001232f8e897d6bfc83adecff3030938788b245065b
                                                                                                  • Instruction Fuzzy Hash: 7CF04F58B5A603D2FE5877759D807B7929A5F98B84FC85430CD0D4E391EE7CE4A04EB0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Non-executed Functions

                                                                                                  Function 00007FF766815950 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 250commemoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: String$Free$Variant$AllocBlanketClearCreateInitInstanceProxy
                                                                                                  • String ID: 10.$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$Version$WQL
                                                                                                  • API String ID: 121300105-1391451428
                                                                                                  • Opcode ID: 4287cc933073fbf66d222fe55d1b0870b89548397402497fbe2d0d9785210a3a
                                                                                                  • Instruction ID: fd4412f8f3ac0f1a8c2cf8b222af435dc87179561fab06cf84f8c29098208e37
                                                                                                  • Opcode Fuzzy Hash: 4287cc933073fbf66d222fe55d1b0870b89548397402497fbe2d0d9785210a3a
                                                                                                  • Instruction Fuzzy Hash: FBB158B2609B43C6EB11AF30D8902AAB3A4FF44B88F804535DA4D5BA94DF3CD560CB61
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766815630 Relevance: 21.2, APIs: 14, Instructions: 199filepipeprocessCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Handle$Close$Create$FileInformationPipeRead$Processlstrcpyn
                                                                                                  • String ID:
                                                                                                  • API String ID: 481998804-0
                                                                                                  • Opcode ID: 4c4f10cec73d7d753677f531994f50e80f2d0610e23569e54a0042c7bee4e781
                                                                                                  • Instruction ID: 417c3494af3aaf2b6570fc4b6467f9de36222560f5aaa4dce556afb124cef1ff
                                                                                                  • Opcode Fuzzy Hash: 4c4f10cec73d7d753677f531994f50e80f2d0610e23569e54a0042c7bee4e781
                                                                                                  • Instruction Fuzzy Hash: D2916072A18B86C6EB109F75E8542AAA7B4FB88788F804135DE8D5BB54DF3CD164CB10
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF7668161B0 Relevance: 12.4, APIs: 8, Instructions: 382comCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateInstance_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID:
                                                                                                  • API String ID: 2179885484-0
                                                                                                  • Opcode ID: d93ed6c9676b63b4b319c6182a98a12869c31be6ea6884b18b9bca695c5a07ca
                                                                                                  • Instruction ID: 0e79e8d1e1c56fa8c975cfce5ad267ecfc9a2da1b0ea62f98a5add557fc74d26
                                                                                                  • Opcode Fuzzy Hash: d93ed6c9676b63b4b319c6182a98a12869c31be6ea6884b18b9bca695c5a07ca
                                                                                                  • Instruction Fuzzy Hash: 13F171B2B14A87C5EB11AB75D8442AEA371FB44BA4FD04235DEAC0BA99DF7CD090C710
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682EBEC Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID:
                                                                                                  • API String ID: 3215553584-0
                                                                                                  • Opcode ID: e945abf026ddcfb20bf71390c4bc86717e187da024ff9f74110b7522c535ef87
                                                                                                  • Instruction ID: d15c75595d9a3fb7755481f76f17050fd5075b50e3ef98c546b80511b88f80d4
                                                                                                  • Opcode Fuzzy Hash: e945abf026ddcfb20bf71390c4bc86717e187da024ff9f74110b7522c535ef87
                                                                                                  • Instruction Fuzzy Hash: 79C1B322A18687D5E760AB71984837FA79AFB81B90FC40135DA4D0B391DF7CE474CBA4
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766834CCC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorLastNameTranslate$CodePageValidValue
                                                                                                  • String ID: utf8
                                                                                                  • API String ID: 1791977518-905460609
                                                                                                  • Opcode ID: 36a26457d1f9c02225d0b6437f8a570135b8742c890c7b7a0194f055b9aaf380
                                                                                                  • Instruction ID: a5c6f8fefd0fd0826d6efebb3807077751aca02bc41ead559ed489a3b5c6ede7
                                                                                                  • Opcode Fuzzy Hash: 36a26457d1f9c02225d0b6437f8a570135b8742c890c7b7a0194f055b9aaf380
                                                                                                  • Instruction Fuzzy Hash: 00918332A08783C5EB64BFB1D8002BAA3A5EB84B84FC44131DA4D5B785DF7DE565CB60
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766835700 Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                  • String ID:
                                                                                                  • API String ID: 2591520935-0
                                                                                                  • Opcode ID: 3b2bcbf03852eb35a71cd06af6d87a5e36fea31bf397ffd42bfe6bb53e8ea097
                                                                                                  • Instruction ID: 71ac9cfb58297a3279d443b68f70560aac1395fbfa73bf43c138c793dffcda66
                                                                                                  • Opcode Fuzzy Hash: 3b2bcbf03852eb35a71cd06af6d87a5e36fea31bf397ffd42bfe6bb53e8ea097
                                                                                                  • Instruction Fuzzy Hash: 0A715D72F18703CAEB10ABB1DC502BEA3A4AF44748FC44535CA4D6B695EF3CA465CB61
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76681CFC0 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 3140674995-0
                                                                                                  • Opcode ID: 04135d06bdb2ee54a1540bf352ed5ba28c447b2541c1c4537140bad32a894fe5
                                                                                                  • Instruction ID: d899eeb516f76c4f379c22903f5e99904dd21118791412625357bcde2f0f4651
                                                                                                  • Opcode Fuzzy Hash: 04135d06bdb2ee54a1540bf352ed5ba28c447b2541c1c4537140bad32a894fe5
                                                                                                  • Instruction Fuzzy Hash: 20313272604A83C5EB609F60E8503EEB364F744744FC4443ADA4E57A95EF7CD558CB10
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766822AA8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 1239891234-0
                                                                                                  • Opcode ID: b1c8c8f8b375ac6f319b1b11e49860d25bec8279c134c21c3cb9df2fe06294b9
                                                                                                  • Instruction ID: 2f7d61b03faf7af13d13a7205b7a6a751b3e3b71a594c24169b0d0d746ae7b4e
                                                                                                  • Opcode Fuzzy Hash: b1c8c8f8b375ac6f319b1b11e49860d25bec8279c134c21c3cb9df2fe06294b9
                                                                                                  • Instruction Fuzzy Hash: 89316F32618B82C6DB609F35EC442AEB3A4FB84758FD00136EA9D57B55EF3CD1558B10
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF7668317C0 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                  • String ID:
                                                                                                  • API String ID: 2227656907-0
                                                                                                  • Opcode ID: c2ee6243d58521a25f2fc479c352f0dfffddcbb3763257f84a3093c95167fe2c
                                                                                                  • Instruction ID: f7c484261ffcc50fab369efecc1ea0b05d323ea1fc66fe0d73808bad10a11c00
                                                                                                  • Opcode Fuzzy Hash: c2ee6243d58521a25f2fc479c352f0dfffddcbb3763257f84a3093c95167fe2c
                                                                                                  • Instruction Fuzzy Hash: 9FB19222B1964381EA60ABB5DC101BBF295EB44FE4FC44131DE9D6FB85DE3CE4618B60
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF7668311E0 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 23ad451ad47c9280789075182ca75454652736b7409ccfcbfdc3738f6058a9d4
                                                                                                  • Instruction ID: c1355f5a4c43be7ca51bb040bb779b8134908631b3bf0e39f4a2c478e3077238
                                                                                                  • Opcode Fuzzy Hash: 23ad451ad47c9280789075182ca75454652736b7409ccfcbfdc3738f6058a9d4
                                                                                                  • Instruction Fuzzy Hash: DCF06871719296CEDBD4DF78A84262A7BD0F748380FC08539D58D87B44DA3D90668F14
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766816870 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 152COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Setup$Device$Info$ClassCreateList$CallDestroyFullInstallerNamePathPropertyRegistry
                                                                                                  • String ID: $Root\FXVAD$UpdateDriverForPlugAndPlayDevicesW$newdev.dll
                                                                                                  • API String ID: 1846165353-2003217418
                                                                                                  • Opcode ID: 5031256ad75a85e4e09b9bd6346ebf7ed00857f455f515493afb37a750148a9f
                                                                                                  • Instruction ID: cb570e617ace424ff9b0c9c729674a2b621d3edc3b531510ea0f244c0f4a2950
                                                                                                  • Opcode Fuzzy Hash: 5031256ad75a85e4e09b9bd6346ebf7ed00857f455f515493afb37a750148a9f
                                                                                                  • Instruction Fuzzy Hash: E1619FB1A08683C2EB21AB25E8543EBE360FB84790FC44131DA9D57AD4DF7CD599CB60
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766815D20 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 293registrysleepCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$CloseConcurrency::cancel_current_taskCreateInstanceOpenSleepValue
                                                                                                  • String ID: DeviceState$FxSound Audio Enhancer$SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\
                                                                                                  • API String ID: 2776398970-4141637846
                                                                                                  • Opcode ID: 1ab0e312d252be52c08c94058e6ce984907a42243d809da510a881fa29a8dd14
                                                                                                  • Instruction ID: a40d7b9f55e2067a1b4352ce142d78096d2719696dcd00a0bdcb95b802e218c4
                                                                                                  • Opcode Fuzzy Hash: 1ab0e312d252be52c08c94058e6ce984907a42243d809da510a881fa29a8dd14
                                                                                                  • Instruction Fuzzy Hash: 36C1A0B2F18A43C5EE11AB75D8043AEA361AB447A8FC04331DE6D1BBD9DE7CE5918710
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF7668151F0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 275COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: " /st 10:00 /f$Update scheduled!$schtasks /create /sc daily /tn "FxSound\Update" /tr "$updater.exe /silent
                                                                                                  • API String ID: 0-1398903112
                                                                                                  • Opcode ID: 6c1df07fcf038a025bb021b8500e1dc84086515086949eeea7b73094087dbed4
                                                                                                  • Instruction ID: 8f83baa0356d444765b218a5fb3c550690ea6bab39365086bfa666abc0bf34ae
                                                                                                  • Opcode Fuzzy Hash: 6c1df07fcf038a025bb021b8500e1dc84086515086949eeea7b73094087dbed4
                                                                                                  • Instruction Fuzzy Hash: B8C191B2A18747C5EA01EB75D8443AEA321BB457A8FD04235DA6C0BBD9CF7CE094CB11
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682AD2C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo
                                                                                                  • String ID: 0$f$p$p
                                                                                                  • API String ID: 3215553584-1202675169
                                                                                                  • Opcode ID: 7641c8648b7efcd30edb5bca624bfc67ce53e5304b06a8e13b3d4dd96697a68c
                                                                                                  • Instruction ID: 4162227fc8c7af82cf8b2f430f00e727d8f055eac5eb2c0b37f3a66894e62c57
                                                                                                  • Opcode Fuzzy Hash: 7641c8648b7efcd30edb5bca624bfc67ce53e5304b06a8e13b3d4dd96697a68c
                                                                                                  • Instruction Fuzzy Hash: 98129161E0A247C6FB207A35A95467BF69BFB50758FC44031E6994B6C4DF3CE4A08FA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76681FD48 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 318COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                  • String ID: csm$csm$csm
                                                                                                  • API String ID: 849930591-393685449
                                                                                                  • Opcode ID: ca4f61dff3b8fc280efab72020162da1ad8cbccf0416b3fc8cf581f48c58a58e
                                                                                                  • Instruction ID: e3c8908bb19b819a595f76e208dc9065944a23b514d42d635c17dd92ca71375d
                                                                                                  • Opcode Fuzzy Hash: ca4f61dff3b8fc280efab72020162da1ad8cbccf0416b3fc8cf581f48c58a58e
                                                                                                  • Instruction Fuzzy Hash: 8EE1A272A08743C6EB21AF7598402AEB7A5FB59788FC00135EE4D5BB55CF38E5A0CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766816270 Relevance: 10.9, APIs: 7, Instructions: 384comCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$ClearCreateInstancePropVariant
                                                                                                  • String ID:
                                                                                                  • API String ID: 1364504209-0
                                                                                                  • Opcode ID: 666a723333afe2dcd93cd6ebccdbaab6ad92268da4100d7eeb55d9a170064dad
                                                                                                  • Instruction ID: 56e98162beeb7b6504f94deeb8b690882a4b07197f602d608c8fca781c7a69b1
                                                                                                  • Opcode Fuzzy Hash: 666a723333afe2dcd93cd6ebccdbaab6ad92268da4100d7eeb55d9a170064dad
                                                                                                  • Instruction Fuzzy Hash: FF027FB2B14B47C5EB11AB76D8442AEA371FB44BA4FD04225DEAC1BAD9DF78D090C710
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682259C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF76682284E,?,?,?,00007FF766822540,?,?,00000001,00007FF76681F1F9), ref: 00007FF766822621
                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF76682284E,?,?,?,00007FF766822540,?,?,00000001,00007FF76681F1F9), ref: 00007FF76682262F
                                                                                                  • LoadLibraryExW.KERNEL32(?,?,?,00007FF76682284E,?,?,?,00007FF766822540,?,?,00000001,00007FF76681F1F9), ref: 00007FF766822659
                                                                                                  • FreeLibrary.KERNEL32(?,?,?,00007FF76682284E,?,?,?,00007FF766822540,?,?,00000001,00007FF76681F1F9), ref: 00007FF76682269F
                                                                                                  • GetProcAddress.KERNEL32(?,?,?,00007FF76682284E,?,?,?,00007FF766822540,?,?,00000001,00007FF76681F1F9), ref: 00007FF7668226AB
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                  • String ID: api-ms-
                                                                                                  • API String ID: 2559590344-2084034818
                                                                                                  • Opcode ID: 1c53c071fc1037f82828b2d4d08191cbccca6b9509e2158446855791f23830b3
                                                                                                  • Instruction ID: 7d60be6c314ab50e582d0c7ec550ff703598424e8d36b4f9865714af5b7d59f3
                                                                                                  • Opcode Fuzzy Hash: 1c53c071fc1037f82828b2d4d08191cbccca6b9509e2158446855791f23830b3
                                                                                                  • Instruction Fuzzy Hash: D331AB22A2A643D1ED12BB62EC50576A29DBF18B60FD90535DE1D0F350DF7CE4648B60
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682B978 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value$ErrorLast
                                                                                                  • String ID:
                                                                                                  • API String ID: 2506987500-0
                                                                                                  • Opcode ID: fb4e550bf99a22131a26c2a4006765fdec2468d1ba92cb98c5d9e0e2d07275e0
                                                                                                  • Instruction ID: 1f8eed5dadc40952d1f24fb4f04719e1a389a5976c6da43f3103ce2e8749fd20
                                                                                                  • Opcode Fuzzy Hash: fb4e550bf99a22131a26c2a4006765fdec2468d1ba92cb98c5d9e0e2d07275e0
                                                                                                  • Instruction Fuzzy Hash: B3218920A0A643C2FAA4B3719D4113BE15B5F487B8FD44734E92E1E6C6EE2CB4214AB0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76683722C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                  • String ID: CONOUT$
                                                                                                  • API String ID: 3230265001-3130406586
                                                                                                  • Opcode ID: c056c7e5a93971e588737a7e7096c3cdc855db5ca779e6adab342eed491a0c4a
                                                                                                  • Instruction ID: 4881879a14920c264e7e9530e53f4d8134f82e370039cb0780a55675d2e3ec8b
                                                                                                  • Opcode Fuzzy Hash: c056c7e5a93971e588737a7e7096c3cdc855db5ca779e6adab342eed491a0c4a
                                                                                                  • Instruction Fuzzy Hash: D511DA31B18B42C6E7509BA6EC5432AA2A4FB48BE0FC04234E91E5B795DF7CD4248B14
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76681C1A0 Relevance: 9.2, APIs: 6, Instructions: 200COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiStringWide
                                                                                                  • String ID:
                                                                                                  • API String ID: 2829165498-0
                                                                                                  • Opcode ID: 38bd61bef191184f734a909da2f32b7306bcb79d2b8c5594b038505220876b37
                                                                                                  • Instruction ID: d0e73904884a0dda986b61df8923cdb24059c3fe8f0903598b4f4026ffe293a2
                                                                                                  • Opcode Fuzzy Hash: 38bd61bef191184f734a909da2f32b7306bcb79d2b8c5594b038505220876b37
                                                                                                  • Instruction Fuzzy Hash: 50816E72A08743C6EB219F61E84037AE695FF44BA8F840235EA5E5BBC5DF3CD4158B60
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766819BE8 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                  • String ID:
                                                                                                  • API String ID: 2081738530-0
                                                                                                  • Opcode ID: 25b88cca3772fad18d3be151d16eb436910067b57649ac8224c2d7cf50bf3e19
                                                                                                  • Instruction ID: 44544580851e1e66b12d41c27243ac1b46141d891d2143c4acd336618bb9888c
                                                                                                  • Opcode Fuzzy Hash: 25b88cca3772fad18d3be151d16eb436910067b57649ac8224c2d7cf50bf3e19
                                                                                                  • Instruction Fuzzy Hash: 82316375A09643C5EF16BB75EC4017AE3A0EB54BA4FC80132DA4D4F7A5DE3CE4668B20
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766820220 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                  • String ID: csm$csm$csm
                                                                                                  • API String ID: 3523768491-393685449
                                                                                                  • Opcode ID: a241bea0d555bf563b67b28f604847d48eec0c189418ebd67fcfc27d62fe9f6a
                                                                                                  • Instruction ID: f3869d675c3f57fd876dc666d557c941e3ded3b5b4a2380d65331dc6529f8746
                                                                                                  • Opcode Fuzzy Hash: a241bea0d555bf563b67b28f604847d48eec0c189418ebd67fcfc27d62fe9f6a
                                                                                                  • Instruction Fuzzy Hash: 41E1C272908783CAE721AF34D8903AEB7A5FB55748F900135DA8D5B696DF38E091CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682BAF0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetLastError.KERNEL32(?,?,?,00007FF766825811,?,?,?,?,00007FF766830FAE,?,?,00000000,00007FF7668359DF,?,?,?), ref: 00007FF76682BAFF
                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF766825811,?,?,?,?,00007FF766830FAE,?,?,00000000,00007FF7668359DF,?,?,?), ref: 00007FF76682BB35
                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF766825811,?,?,?,?,00007FF766830FAE,?,?,00000000,00007FF7668359DF,?,?,?), ref: 00007FF76682BB62
                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF766825811,?,?,?,?,00007FF766830FAE,?,?,00000000,00007FF7668359DF,?,?,?), ref: 00007FF76682BB73
                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF766825811,?,?,?,?,00007FF766830FAE,?,?,00000000,00007FF7668359DF,?,?,?), ref: 00007FF76682BB84
                                                                                                  • SetLastError.KERNEL32(?,?,?,00007FF766825811,?,?,?,?,00007FF766830FAE,?,?,00000000,00007FF7668359DF,?,?,?), ref: 00007FF76682BB9F
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value$ErrorLast
                                                                                                  • String ID:
                                                                                                  • API String ID: 2506987500-0
                                                                                                  • Opcode ID: 850620a25cc186c6d5aa04b06bd85e6e95a09bee33cab364583ca0caa063847f
                                                                                                  • Instruction ID: c3d38eb44a77c8b9bb93f1f5c932e3e4d34f19cd8ef5c78b3641b26c1266684a
                                                                                                  • Opcode Fuzzy Hash: 850620a25cc186c6d5aa04b06bd85e6e95a09bee33cab364583ca0caa063847f
                                                                                                  • Instruction Fuzzy Hash: DA114C21A0A643C1FA6477719D9603BE15B5F487B4FC40735D93E0E6DADE2CF4254AB0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF7668179A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 198COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                  • String ID: vector too long
                                                                                                  • API String ID: 73155330-2873823879
                                                                                                  • Opcode ID: 344f6a62dd7d7d4e5c57b7df5badfd375c5a814b808239213295afc975ef631f
                                                                                                  • Instruction ID: 8c6284c79625d40f4f712116d919d5636aeb9b0b4f55077993165016498d6d35
                                                                                                  • Opcode Fuzzy Hash: 344f6a62dd7d7d4e5c57b7df5badfd375c5a814b808239213295afc975ef631f
                                                                                                  • Instruction Fuzzy Hash: 9161E1A1709687C5ED15BB22D90427AE251AB04BE0FC80B35DE6D0F7D5DE6CE1A18710
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76681EFF8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                  • String ID: csm$f
                                                                                                  • API String ID: 2395640692-629598281
                                                                                                  • Opcode ID: 5e9ecdde90c3c12cd414d4761f176e9f7a051d26f800ee3e09726c53eb0aed12
                                                                                                  • Instruction ID: de94000481cb0151d6cac43014896e06aff4c74bf5e887975da5352c1989de29
                                                                                                  • Opcode Fuzzy Hash: 5e9ecdde90c3c12cd414d4761f176e9f7a051d26f800ee3e09726c53eb0aed12
                                                                                                  • Instruction Fuzzy Hash: B951B4B2A09643C6DB16EB31EC04A2AF395FB94B84FD08131DE0E4B748DF38E8518B14
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766828C7C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                  • API String ID: 4061214504-1276376045
                                                                                                  • Opcode ID: e2801b8962c173120b6250a09cd05782673051676052e0d3477918a418d61920
                                                                                                  • Instruction ID: 666c18005c745851ed197c51e8d1c681374cced227c9761feef80e9399137490
                                                                                                  • Opcode Fuzzy Hash: e2801b8962c173120b6250a09cd05782673051676052e0d3477918a418d61920
                                                                                                  • Instruction Fuzzy Hash: 43F0A471609603C1EE14AB70EC4437B9360AF48B61FC40335CA6E0A1E4DF2CD4588F20
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76681F618 Relevance: 7.8, APIs: 5, Instructions: 290COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AdjustPointer
                                                                                                  • String ID:
                                                                                                  • API String ID: 1740715915-0
                                                                                                  • Opcode ID: 1239e07b9d97155fa6a164ae5d3a799186aeacb006fcb59d0063c80e0e5fe61b
                                                                                                  • Instruction ID: 6b2bf184bbafb89c9face74f11d1129b7135a3ddcaaabfa36f12929af6f5050a
                                                                                                  • Opcode Fuzzy Hash: 1239e07b9d97155fa6a164ae5d3a799186aeacb006fcb59d0063c80e0e5fe61b
                                                                                                  • Instruction Fuzzy Hash: 85B1B9B1A09687C2EA66BB359C4053AE3D0EFA4B84FD54436DE4D0F795DE3CD4618B20
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766818690 Relevance: 7.7, APIs: 5, Instructions: 200COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_exception_copy__std_exception_destroy
                                                                                                  • String ID:
                                                                                                  • API String ID: 1087005451-0
                                                                                                  • Opcode ID: 34b0322ec451d4868bc54c8c80e1467f3c0fc5ca94703ec5cb7961075999d634
                                                                                                  • Instruction ID: 6f6b8e87030d165e35e377a099d364e7a462447f7246148e32df41847fe1f19f
                                                                                                  • Opcode Fuzzy Hash: 34b0322ec451d4868bc54c8c80e1467f3c0fc5ca94703ec5cb7961075999d634
                                                                                                  • Instruction Fuzzy Hash: E881C3A2B08B43D9FB01EBB4D8053ADB372AB54798FC04631DE5C1A796EF3891A5C750
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766819460 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ByteCharMultiWide$AllocString
                                                                                                  • String ID:
                                                                                                  • API String ID: 262959230-0
                                                                                                  • Opcode ID: bf7c9dc0997b71d2ad92a24002422879e1bb65315cf06abf4bc1308abdba6b8b
                                                                                                  • Instruction ID: 3e06a833c591be0b744d957539321c803267f8032112481eede835f99d723008
                                                                                                  • Opcode Fuzzy Hash: bf7c9dc0997b71d2ad92a24002422879e1bb65315cf06abf4bc1308abdba6b8b
                                                                                                  • Instruction Fuzzy Hash: 7641A3A1A08647C5EF15AF71D8002BAE394AF04BA4FD44634EA6E5B7D5DE3CD0618B20
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766836374 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: _set_statfp
                                                                                                  • String ID:
                                                                                                  • API String ID: 1156100317-0
                                                                                                  • Opcode ID: 2ffb4cd4f7d9e36cf2b63db92282a9528ee9d22ad656a8471120c4c59ac44d49
                                                                                                  • Instruction ID: eb12a662469da6040a159210f45785b38adf7164eb1497c7accd3739224dec09
                                                                                                  • Opcode Fuzzy Hash: 2ffb4cd4f7d9e36cf2b63db92282a9528ee9d22ad656a8471120c4c59ac44d49
                                                                                                  • Instruction Fuzzy Hash: 8A11C122E58E13C1F66435FEDD4537B9040AF54374FC40634EA6E3F6D68E6CA8E14A20
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682BBB8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • FlsGetValue.KERNEL32(?,?,?,00007FF766822A37,?,?,00000000,00007FF766822CD2,?,?,?,?,?,00007FF766822C5E), ref: 00007FF76682BBD7
                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF766822A37,?,?,00000000,00007FF766822CD2,?,?,?,?,?,00007FF766822C5E), ref: 00007FF76682BBF6
                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF766822A37,?,?,00000000,00007FF766822CD2,?,?,?,?,?,00007FF766822C5E), ref: 00007FF76682BC1E
                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF766822A37,?,?,00000000,00007FF766822CD2,?,?,?,?,?,00007FF766822C5E), ref: 00007FF76682BC2F
                                                                                                  • FlsSetValue.KERNEL32(?,?,?,00007FF766822A37,?,?,00000000,00007FF766822CD2,?,?,?,?,?,00007FF766822C5E), ref: 00007FF76682BC40
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value
                                                                                                  • String ID:
                                                                                                  • API String ID: 3702945584-0
                                                                                                  • Opcode ID: 059dc9fd2d32d1d8938a86f0bb982eebb3fd52d546959566c0048c4ebc7d0a44
                                                                                                  • Instruction ID: 799e46c72ec24b4c9cbbf2417ad40a65943aba076d0a597c9ac5cf035dda2841
                                                                                                  • Opcode Fuzzy Hash: 059dc9fd2d32d1d8938a86f0bb982eebb3fd52d546959566c0048c4ebc7d0a44
                                                                                                  • Instruction Fuzzy Hash: C1118C20E0A603C1FA9873766D8213BA14B5F847A8FC45735E83D0E6D6DE2CF4214AB1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682BA4C Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Value
                                                                                                  • String ID:
                                                                                                  • API String ID: 3702945584-0
                                                                                                  • Opcode ID: 5a9e4bac08b1be5f503661beccdcab3b4cde65c0739c0026db715b3f24f3a7cd
                                                                                                  • Instruction ID: b3a4a7c787449eeff9cebcb21c872c02f3cfadd3f8b046827e6b87944fc542d4
                                                                                                  • Opcode Fuzzy Hash: 5a9e4bac08b1be5f503661beccdcab3b4cde65c0739c0026db715b3f24f3a7cd
                                                                                                  • Instruction Fuzzy Hash: C011E810A0B207C6FAA872715C5207FA19B4F45378ED81735D93E1E2C7DE2CB4655AB1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766820938 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                  • String ID: MOC$RCC
                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                  • Opcode ID: 45c4e34ea31391c9bb8b02ac6a98fa332e9bed55f89d90ca25ba3f251d741e92
                                                                                                  • Instruction ID: 32f283c3005a36e3448026272b7b651615f007027db001b4e7071a009defa607
                                                                                                  • Opcode Fuzzy Hash: 45c4e34ea31391c9bb8b02ac6a98fa332e9bed55f89d90ca25ba3f251d741e92
                                                                                                  • Instruction Fuzzy Hash: 0791D073A08782CAE710DB75D8902AEBBA5F704788F904139EE8D1BB55DF38D1A5CB40
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682071C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CallEncodePointerTranslator
                                                                                                  • String ID: MOC$RCC
                                                                                                  • API String ID: 3544855599-2084237596
                                                                                                  • Opcode ID: 7bc02dca2d93366831682683c8fcb60ac23045fb98108a651d9bf235fc06d50f
                                                                                                  • Instruction ID: 4518055a264672669762bc2eb8f4d239dbd7400d208c40cef8ef76bc61ccb504
                                                                                                  • Opcode Fuzzy Hash: 7bc02dca2d93366831682683c8fcb60ac23045fb98108a651d9bf235fc06d50f
                                                                                                  • Instruction Fuzzy Hash: AF615E76A04A46CAE710AF75D8403AEB7B5F744B88F944225DE4D1BB94CF38D164CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766820EAC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                  • String ID: csm$csm
                                                                                                  • API String ID: 3896166516-3733052814
                                                                                                  • Opcode ID: cbf9148d52c268f66fb15721b2edf5035fa0f1c2c79bd599f71076bab8a087e6
                                                                                                  • Instruction ID: c7bb80e67be1452a917f64167e517f3e786f4795666f2160d35f27a9f46f8142
                                                                                                  • Opcode Fuzzy Hash: cbf9148d52c268f66fb15721b2edf5035fa0f1c2c79bd599f71076bab8a087e6
                                                                                                  • Instruction Fuzzy Hash: 64519E72908283C6EA64AB31984036AF695FB54B88FE44135DB8C4BAD5CF7DE470CF91
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766819E14 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn__std_exception_copy
                                                                                                  • String ID: bad locale name
                                                                                                  • API String ID: 2575539487-1405518554
                                                                                                  • Opcode ID: 4abf526b639ac6ea22c817c47533857365642cc31ec0e510a186371400347c3d
                                                                                                  • Instruction ID: f628d9a0d9e7dd75fb03fcd6afd50bc22b131220722efd48024044ad3af71147
                                                                                                  • Opcode Fuzzy Hash: 4abf526b639ac6ea22c817c47533857365642cc31ec0e510a186371400347c3d
                                                                                                  • Instruction Fuzzy Hash: E1112962505B82C9DB05AF75E880099B3A4FB18B44B985135CB4C8B31AFF38D5E0C750
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682D09C Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                  • String ID:
                                                                                                  • API String ID: 2718003287-0
                                                                                                  • Opcode ID: 0e1985d6a3192cc290af61f4b5f8db9ec614155a9767f3c2314e4d77c1e07364
                                                                                                  • Instruction ID: 77b16923ba6c039ec17eae5056991b751f3f9b8bac32148ddf66bbeca6b1172e
                                                                                                  • Opcode Fuzzy Hash: 0e1985d6a3192cc290af61f4b5f8db9ec614155a9767f3c2314e4d77c1e07364
                                                                                                  • Instruction Fuzzy Hash: 6DD10932B18A82C9E711DF75D8402ADBBB6FB04798BD04231CE4D9BB99DE38D516CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682D9E0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF76682D980), ref: 00007FF76682DB03
                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF76682D980), ref: 00007FF76682DB8D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ConsoleErrorLastMode
                                                                                                  • String ID:
                                                                                                  • API String ID: 953036326-0
                                                                                                  • Opcode ID: 1e6cc54a878dc36fb54de9a964a7e3c3d195cfbd839d7535b114edb649fc7176
                                                                                                  • Instruction ID: aec2344cd50164871da1138a8c4d955a6bc8abf14d4aecaf34e8f18b0f82c8ad
                                                                                                  • Opcode Fuzzy Hash: 1e6cc54a878dc36fb54de9a964a7e3c3d195cfbd839d7535b114edb649fc7176
                                                                                                  • Instruction Fuzzy Hash: A391F772A18653C9F750AB759C406BEABA6FF04B88FC00135DD0E6B694DE78D461CB60
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76681CEB4 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 2933794660-0
                                                                                                  • Opcode ID: a6415918608381aa18cb791df94c3198acf39896529a0f0368e298626488ad9d
                                                                                                  • Instruction ID: f859806f48e15c9dc96dd3199b2e10cc054ebeb332687c3c5443ef62d089c6e0
                                                                                                  • Opcode Fuzzy Hash: a6415918608381aa18cb791df94c3198acf39896529a0f0368e298626488ad9d
                                                                                                  • Instruction Fuzzy Hash: 90112E22A04F46CAEF109F74EC542A673A4F71D758F841A31EA6D4B794EF3CD1A88750
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF7668210E4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: __except_validate_context_record
                                                                                                  • String ID: csm$csm
                                                                                                  • API String ID: 1467352782-3733052814
                                                                                                  • Opcode ID: 9a845accedb8f8a8e0346fc5121fe73391a087ce8b2ee972439f5f8286aa885d
                                                                                                  • Instruction ID: 4a58e0e7f5b78604478c5b9ef004c164e41d036d7652ed22fa0e1fef1518d2c5
                                                                                                  • Opcode Fuzzy Hash: 9a845accedb8f8a8e0346fc5121fe73391a087ce8b2ee972439f5f8286aa885d
                                                                                                  • Instruction Fuzzy Hash: DD71B372608682C6DB609F35984477EF7A6FB05B84FA48131DB8C4BA85CE3DD5A1CB90
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF766821714 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                  • String ID: csm
                                                                                                  • API String ID: 2558813199-1018135373
                                                                                                  • Opcode ID: b78616c3f161ca8993b8f9ce14cea19e82c1d8ee0d50477be87aae47202f1a6e
                                                                                                  • Instruction ID: 73ee2407a5bb7636ce7235cff3f9f4a7b4fb1b37326d70106c04d4dd11050046
                                                                                                  • Opcode Fuzzy Hash: b78616c3f161ca8993b8f9ce14cea19e82c1d8ee0d50477be87aae47202f1a6e
                                                                                                  • Instruction Fuzzy Hash: B4513E76618B83C6D620AB35A84026EF7A5F798B90F940134EB8D4BB55CF3CD461CB10
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF7668284A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7668284D2
                                                                                                    • Part of subcall function 00007FF76682BEA8: HeapFree.KERNEL32(?,?,0236E42583480000,00007FF766833A9A,?,?,?,00007FF766833E17,?,?,00000000,00007FF766834360,?,?,00007FF76682AB22,00007FF766834293), ref: 00007FF76682BEBE
                                                                                                    • Part of subcall function 00007FF76682BEA8: GetLastError.KERNEL32(?,?,0236E42583480000,00007FF766833A9A,?,?,?,00007FF766833E17,?,?,00000000,00007FF766834360,?,?,00007FF76682AB22,00007FF766834293), ref: 00007FF76682BEC8
                                                                                                  • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF76681C839), ref: 00007FF7668284F0
                                                                                                  Strings
                                                                                                  • C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe, xrefs: 00007FF7668284DE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                  • String ID: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                  • API String ID: 3580290477-3631637693
                                                                                                  • Opcode ID: 18a2ff2341f3d6128a1b7c13e65fc5da732e727ac7582aeb1bb9bcddbd8779e6
                                                                                                  • Instruction ID: b3df66375448bf90c160178f6e26ecb4ae825be889a0c55e961c04ce78180c74
                                                                                                  • Opcode Fuzzy Hash: 18a2ff2341f3d6128a1b7c13e65fc5da732e727ac7582aeb1bb9bcddbd8779e6
                                                                                                  • Instruction Fuzzy Hash: BF418276A08B03D6EB15EF319C400BAA29AFB44784BC44035EA4E4BB55DF3CE4648BA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76682D748 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ErrorFileLastWrite
                                                                                                  • String ID: U
                                                                                                  • API String ID: 442123175-4171548499
                                                                                                  • Opcode ID: 5ae71d5ab7e6fd2cb318cfccd89b01617b602130cbde48022133e58f39338e1a
                                                                                                  • Instruction ID: 87db704c995cf6e6b65eda5ccf41d9bad093fe1158bf05687fa9e4fe409c8a16
                                                                                                  • Opcode Fuzzy Hash: 5ae71d5ab7e6fd2cb318cfccd89b01617b602130cbde48022133e58f39338e1a
                                                                                                  • Instruction Fuzzy Hash: 62418262A18A86C5DB60EF65E8443AAB765FB98784FC04131EE4D8B798EF3CD411CB50
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00007FF76681E350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF766819946), ref: 00007FF76681E394
                                                                                                  • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF766819946), ref: 00007FF76681E3DA
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.1460462049.00007FF766811000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF766810000, based on PE: true
                                                                                                  • Associated: 00000007.00000002.1460447162.00007FF766810000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460484548.00007FF766839000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460502641.00007FF76684C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                  • Associated: 00000007.00000002.1460521917.00007FF76684F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_7ff766810000_fxdevcon64.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ExceptionFileHeaderRaise
                                                                                                  • String ID: csm
                                                                                                  • API String ID: 2573137834-1018135373
                                                                                                  • Opcode ID: fab7ff32eb11efe1b8ddc5ac539c5f4c1b687a5b802cc3f22dfa6d35eb09f5ad
                                                                                                  • Instruction ID: 2b7c578bb91a6fb116447c019973b56e01d1e6ff1625615ddd043a7084300553
                                                                                                  • Opcode Fuzzy Hash: fab7ff32eb11efe1b8ddc5ac539c5f4c1b687a5b802cc3f22dfa6d35eb09f5ad
                                                                                                  • Instruction Fuzzy Hash: 79114632508B8282DB119F25E94425AF7A4FB88B84F984231DE8D0BB64DF7CD561CB00
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:9%
                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                  Signature Coverage:0%
                                                                                                  Total number of Nodes:1499
                                                                                                  Total number of Limit Nodes:7
                                                                                                  execution_graph 3189 d51095 CreateMutexW GetLastError 3192 d585ad 3189->3192 3195 d58572 3192->3195 3196 d58596 _register_onexit_function 3195->3196 3197 d5858f _crt_atexit 3195->3197 3198 d510b9 3196->3198 3197->3198 4674 d59351 __std_exception_destroy 4675 d59375 4674->4675 4676 d5936d 4674->4676 4678 d585f5 4676->4678 4681 d593c5 4678->4681 4682 d5954a free 4681->4682 4687 d552d0 4688 d552dd 4687->4688 4689 d51de0 __stdio_common_vswprintf 4688->4689 4690 d55303 4689->4690 4832 d53410 4833 d53436 4832->4833 4834 d53423 4832->4834 4834->4833 4835 d585f5 free 4834->4835 4835->4833 4836 d58810 _seh_filter_exe 4691 d58853 4694 d593ca 4691->4694 4693 d58858 4693->4693 4695 d593ed 4694->4695 4696 d593fa GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 4694->4696 4695->4696 4697 d593f1 4695->4697 4696->4697 4697->4693 4698 d586d2 4702 d591d6 SetUnhandledExceptionFilter 4698->4702 4700 d586d7 pre_c_initialization 4701 d586dc _set_new_mode 4700->4701 4702->4700 4837 d59685 4838 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4837->4838 4839 d59699 4838->4839 4840 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4839->4840 4841 d596a3 4840->4841 4842 d58a81 4843 d58aac 4842->4843 4844 d58a2b 4843->4844 4846 d588e3 4843->4846 4847 d58ad2 4843->4847 4845 d58a3d __dtol3 _except1 4844->4845 4849 d58a35 4845->4849 4848 d58900 4846->4848 4855 d58a3d __dtol3 _except1 4846->4855 4852 d58af3 4847->4852 4853 d58b09 4847->4853 4868 d58b07 4847->4868 4848->4844 4865 d5891c 4848->4865 4850 d58b52 4861 d58b8d 4850->4861 4866 d58a3d __dtol3 _except1 4850->4866 4851 d58b2b 4860 d58a3d __dtol3 _except1 4851->4860 4867 d58961 4851->4867 4856 d58a3d __dtol3 _except1 4852->4856 4854 d58a3d __dtol3 _except1 4853->4854 4858 d58b13 4854->4858 4855->4848 4857 d58afd 4856->4857 4862 d58a3d __dtol3 _except1 4857->4862 4863 d58a3d __dtol3 _except1 4858->4863 4858->4868 4859 d58a1d 4864 d58b43 4860->4864 4861->4844 4861->4867 4862->4868 4863->4868 4869 d58a3d __dtol3 _except1 4864->4869 4865->4867 4871 d58a3d __dtol3 _except1 4865->4871 4866->4861 4867->4859 4870 d58a3d __dtol3 _except1 4867->4870 4868->4850 4868->4851 4869->4867 4870->4859 4871->4867 4703 d51ec0 4704 d51ecc 4703->4704 4707 d51ed2 4703->4707 4705 d51f4b 4707->4705 4708 d51efd Sleep 4707->4708 4712 d55030 4707->4712 4732 d51db0 4707->4732 4708->4707 4709 d51f10 MessageBoxW 4708->4709 4711 d51f3a fclose 4711->4707 4713 d55052 4712->4713 4714 d5508c _wfopen_s 4712->4714 4717 d55067 4713->4717 4721 d51de0 __stdio_common_vswprintf 4713->4721 4715 d550a6 4714->4715 4716 d5512f 4714->4716 4715->4717 4720 d550aa _errno _wcserror 4715->4720 4719 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4716->4719 4718 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4717->4718 4722 d55088 4718->4722 4723 d55141 4719->4723 4724 d51de0 __stdio_common_vswprintf 4720->4724 4721->4717 4722->4707 4723->4707 4725 d550cb 4724->4725 4726 d55103 4725->4726 4727 d55145 4725->4727 4728 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4726->4728 4735 d58d3a 4727->4735 4730 d5512b 4728->4730 4730->4707 4743 d510c0 4732->4743 4734 d51dc4 __stdio_common_vfwprintf 4734->4711 4738 d58d46 IsProcessorFeaturePresent 4735->4738 4739 d58d5a 4738->4739 4742 d58c17 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4739->4742 4741 d5514a 4742->4741 4743->4734 4744 d551c0 4745 d551d3 4744->4745 4746 d551ed 4744->4746 4750 d55150 4745->4750 4748 d55150 __stdio_common_vsprintf 4746->4748 4749 d551de 4748->4749 4753 d510c0 4750->4753 4752 d55166 __stdio_common_vsprintf 4752->4749 4753->4752 4754 d59340 __std_exception_destroy 4872 d55280 4873 d5528d 4872->4873 4874 d55150 __stdio_common_vsprintf 4873->4874 4875 d552b0 4874->4875 4882 d51000 4883 d51034 4882->4883 4884 d585ad pre_c_initialization 2 API calls 4883->4884 4885 d51079 4884->4885 4886 d58603 4887 d58615 4886->4887 4888 d5861d 4886->4888 4889 d585f5 free 4887->4889 4889->4888 4755 d59648 4756 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4755->4756 4757 d59659 4756->4757 4890 d5928b _except_handler4_common 4652 d596b0 4657 d53840 4652->4657 4654 d596ba 4655 d53840 12 API calls 4654->4655 4656 d596c4 4655->4656 4660 d53870 4657->4660 4659 d53848 4659->4654 4661 d5387f mmioClose 4660->4661 4662 d538bb mmioFlush 4660->4662 4663 d5389f 4661->4663 4664 d538d7 4662->4664 4665 d538e3 mmioSetInfo 4662->4665 4663->4659 4664->4659 4666 d538f1 4665->4666 4667 d538fd mmioAscend 4665->4667 4666->4659 4667->4666 4668 d53912 mmioAscend 4667->4668 4668->4666 4669 d53921 mmioSeek mmioDescend 4668->4669 4669->4666 4670 d53941 mmioDescend 4669->4670 4671 d53975 mmioAscend 4670->4671 4672 d5395b mmioWrite mmioAscend 4670->4672 4671->4666 4673 d53988 mmioClose 4671->4673 4672->4671 4673->4663 4758 d596f0 4759 d596f9 CloseHandle 4758->4759 4760 d5970a 4758->4760 4759->4760 4773 d59670 4774 d585f5 free 4773->4774 4775 d59681 4774->4775 4776 d53270 4777 d53369 4776->4777 4778 d53282 4776->4778 4779 d53314 4778->4779 4781 d532da 4778->4781 4779->4777 4780 d51de0 __stdio_common_vswprintf 4779->4780 4780->4777 4781->4777 4782 d51de0 __stdio_common_vswprintf 4781->4782 4783 d532fe 4782->4783 3199 d586e4 3200 d586f0 ___scrt_is_nonwritable_in_current_image 3199->3200 3218 d583d3 3200->3218 3202 d586f7 3204 d58720 3202->3204 3293 d59074 IsProcessorFeaturePresent 3202->3293 3205 d58724 _initterm_e 3204->3205 3208 d5876d ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 3204->3208 3206 d58750 _initterm 3205->3206 3207 d5873f ___scrt_is_nonwritable_in_current_image ___scrt_uninitialize_crt 3205->3207 3206->3208 3209 d587c0 __p___wargv __p___argc _get_initial_wide_environment 3208->3209 3212 d587b8 _register_thread_local_exe_atexit_callback 3208->3212 3222 d51150 3209->3222 3211 d587dd 3291 d59192 GetModuleHandleW 3211->3291 3212->3209 3215 d587f1 3215->3207 3217 d587f5 _cexit 3215->3217 3216 d587eb exit 3216->3215 3217->3207 3219 d583dc 3218->3219 3297 d58eca IsProcessorFeaturePresent 3219->3297 3221 d583e8 ___scrt_uninitialize_crt 3221->3202 3299 d51f70 3222->3299 3225 d511a7 3225->3211 3228 d511c5 3229 d511e4 3228->3229 3230 d51160 MessageBoxW 3228->3230 3231 d511f5 3229->3231 3232 d51220 3229->3232 3230->3211 3327 d510d0 __acrt_iob_func 3231->3327 3333 d53720 3232->3333 3235 d51236 3237 d5123d MessageBoxW 3235->3237 3238 d5125c 3235->3238 3236 d511ff 3330 d51100 3236->3330 3237->3211 3240 d51276 3238->3240 3352 d51460 3238->3352 3241 d53720 8 API calls 3240->3241 3243 d512b2 3241->3243 3245 d512c9 3243->3245 3246 d512b9 3243->3246 3244 d51266 3244->3240 3250 d510d0 _printf 2 API calls 3244->3250 3248 d512cf 3245->3248 3249 d51309 3245->3249 3372 d51130 MessageBoxW 3246->3372 3373 d51560 3248->3373 3251 d53720 8 API calls 3249->3251 3250->3240 3254 d5131c 3251->3254 3252 d512c3 3252->3211 3255 d51333 3254->3255 3256 d51323 3254->3256 3258 d51373 3255->3258 3259 d51339 3255->3259 3397 d51130 MessageBoxW 3256->3397 3260 d53720 8 API calls 3258->3260 3398 d517d0 3259->3398 3263 d51386 3260->3263 3261 d5132d 3261->3211 3266 d5139d 3263->3266 3267 d5138d 3263->3267 3264 d512d4 3265 d510d0 _printf 2 API calls 3264->3265 3268 d51306 3265->3268 3270 d513a3 3266->3270 3271 d513d9 3266->3271 3422 d51130 MessageBoxW 3267->3422 3268->3249 3423 d51a50 3270->3423 3272 d53720 8 API calls 3271->3272 3276 d513ec 3272->3276 3273 d51397 3273->3211 3275 d5133e 3277 d510d0 _printf 2 API calls 3275->3277 3278 d513f3 3276->3278 3281 d51403 3276->3281 3279 d51370 3277->3279 3451 d51130 MessageBoxW 3278->3451 3279->3258 3287 d51213 3281->3287 3452 d51c40 3281->3452 3282 d513a8 3285 d510d0 _printf 2 API calls 3282->3285 3288 d513ca 3282->3288 3283 d513fd 3283->3211 3285->3288 3286 d5140e 3286->3287 3289 d510d0 _printf 2 API calls 3286->3289 3287->3211 3288->3271 3290 d51430 3289->3290 3290->3211 3292 d587e7 3291->3292 3292->3215 3292->3216 3294 d5908f memset memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 3293->3294 3295 d5908a 3293->3295 3296 d5917c 3294->3296 3295->3294 3296->3202 3298 d58ef0 3297->3298 3298->3221 3300 d51f8b 3299->3300 3465 d585c2 3300->3465 3302 d51faa 3303 d51fc3 SHGetSpecialFolderPathW 3302->3303 3304 d51fed 3303->3304 3305 d5200a 3303->3305 3306 d51ff3 MessageBoxW 3304->3306 3318 d520a8 3304->3318 3472 d51de0 3305->3472 3306->3318 3308 d52029 3310 d51de0 __stdio_common_vswprintf 3308->3310 3312 d52044 3310->3312 3311 d5115c 3311->3225 3311->3230 3319 d51d10 3311->3319 3475 d54fc0 3312->3475 3314 d52055 3314->3304 3315 d51de0 __stdio_common_vswprintf 3314->3315 3316 d52082 3315->3316 3317 d54fc0 7 API calls 3316->3317 3317->3304 3484 d58349 3318->3484 3320 d51d26 3319->3320 3503 d54a40 CoInitialize 3320->3503 3322 d51d4c 3323 d51d53 MessageBoxW 3322->3323 3325 d51daa 3322->3325 3326 d51100 __stdio_common_vswprintf 3322->3326 3323->3228 3325->3228 3326->3323 4474 d510c0 3327->4474 3329 d510ef __stdio_common_vfwprintf 3329->3236 4475 d510c0 3330->4475 3332 d51117 __stdio_common_vswprintf 3332->3287 3334 d53746 3333->3334 3342 d53770 3333->3342 3334->3342 3351 d53754 wcsncmp 3334->3351 4476 d562a0 3334->4476 3338 d537f7 3339 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3338->3339 3343 d53806 3339->3343 3340 d537b2 3344 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3340->3344 4480 d56330 MessageBoxW 3342->4480 3343->3235 3345 d537c0 3344->3345 3345->3235 3346 d537c4 3348 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3346->3348 3347 d562a0 towupper 3349 d53784 3347->3349 3350 d537e4 3348->3350 3349->3342 3349->3351 3350->3235 3351->3340 3351->3346 3353 d51100 __stdio_common_vswprintf 3352->3353 3354 d51487 3353->3354 3355 d526f0 MessageBoxW 3354->3355 3356 d514b7 3355->3356 3357 d514e5 3356->3357 3358 d514be MessageBoxW 3356->3358 3360 d51511 3357->3360 3361 d514ee 3357->3361 3359 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3358->3359 3363 d514e1 3359->3363 3362 d510d0 _printf 2 API calls 3360->3362 3364 d510d0 _printf 2 API calls 3361->3364 3365 d5151d 3362->3365 3363->3244 3366 d514f8 3364->3366 3368 d51100 __stdio_common_vswprintf 3365->3368 3367 d51100 __stdio_common_vswprintf 3366->3367 3369 d5150c 3367->3369 3368->3369 3370 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3369->3370 3371 d51559 3370->3371 3371->3244 3372->3252 3374 d51100 __stdio_common_vswprintf 3373->3374 3375 d51589 3374->3375 3376 d515a6 Sleep 3375->3376 3379 d51765 3375->3379 3382 d51700 MessageBoxW 3375->3382 3386 d516f7 MessageBoxW MessageBoxW 3375->3386 3389 d51100 __stdio_common_vswprintf 3375->3389 3391 d5170c MessageBoxW MessageBoxW 3375->3391 3393 d53720 8 API calls 3375->3393 3394 d516d3 3375->3394 4481 d520e0 3375->4481 4495 d55aa0 3375->4495 4517 d52c40 3375->4517 3377 d539b0 49 API calls 3376->3377 3377->3375 3380 d51100 __stdio_common_vswprintf 3379->3380 3380->3382 3381 d517ac 3383 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3381->3383 3382->3381 3384 d517bd 3383->3384 3384->3264 3386->3381 3389->3375 3391->3381 3393->3375 3395 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3394->3395 3396 d516f3 3395->3396 3396->3264 3397->3261 3399 d51100 __stdio_common_vswprintf 3398->3399 3400 d517f9 3399->3400 3401 d51816 Sleep 3400->3401 3403 d519d8 3400->3403 3405 d51100 __stdio_common_vswprintf 3400->3405 3408 d51970 MessageBoxW 3400->3408 3412 d51967 MessageBoxW MessageBoxW 3400->3412 3416 d5197c MessageBoxW MessageBoxW 3400->3416 3418 d53720 8 API calls 3400->3418 3419 d51943 3400->3419 4566 d521c0 3400->4566 4580 d554d0 3400->4580 4602 d523b0 3400->4602 3402 d539b0 49 API calls 3401->3402 3402->3400 3406 d51100 __stdio_common_vswprintf 3403->3406 3405->3400 3406->3408 3407 d51a31 3409 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3407->3409 3408->3407 3410 d51a42 3409->3410 3410->3275 3412->3407 3416->3407 3418->3400 3420 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3419->3420 3421 d51963 3420->3421 3421->3275 3422->3273 3424 d51100 __stdio_common_vswprintf 3423->3424 3425 d51a79 3424->3425 3426 d51100 __stdio_common_vswprintf 3425->3426 3435 d51aa2 3426->3435 3427 d51ac0 Sleep 3428 d539b0 49 API calls 3427->3428 3428->3435 3430 d51bda 3433 d51100 __stdio_common_vswprintf 3430->3433 3431 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3434 d51c32 3431->3434 3436 d51bd1 MessageBoxW 3433->3436 3434->3282 3435->3427 3435->3430 3435->3436 3437 d51bb2 3435->3437 3439 d51b3b 3435->3439 4619 d52900 3435->4619 3436->3431 3438 d510d0 _printf 2 API calls 3437->3438 3440 d51bbc 3438->3440 3441 d51100 __stdio_common_vswprintf 3439->3441 3442 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3440->3442 3443 d51b56 3441->3443 3444 d51bcd 3442->3444 3445 d510d0 _printf 2 API calls 3443->3445 3444->3282 3446 d51b77 3445->3446 3447 d51100 __stdio_common_vswprintf 3446->3447 3448 d51b8b 3447->3448 3449 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3448->3449 3450 d51bae 3449->3450 3450->3282 3451->3283 3453 d51100 __stdio_common_vswprintf 3452->3453 3454 d51c58 3453->3454 4640 d52fb0 3454->4640 3456 d51c7c 3457 d51ca0 3456->3457 3458 d51c83 MessageBoxW 3456->3458 3459 d51100 __stdio_common_vswprintf 3457->3459 3458->3286 3460 d51cb7 3459->3460 3461 d510d0 _printf 2 API calls 3460->3461 3462 d51cd9 3461->3462 3463 d51100 __stdio_common_vswprintf 3462->3463 3464 d51ced 3463->3464 3464->3286 3466 d585e6 malloc 3465->3466 3467 d585c7 _callnewh 3466->3467 3468 d585f3 3466->3468 3467->3466 3471 d585d4 3467->3471 3468->3302 3471->3466 3491 d5939b 3471->3491 3495 d5937e 3471->3495 3500 d510c0 3472->3500 3474 d51df9 __stdio_common_vswprintf 3474->3308 3476 d54ffc _wstat64i32 3475->3476 3477 d54fdb 3475->3477 3479 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3476->3479 3501 d56330 MessageBoxW 3477->3501 3481 d55021 3479->3481 3480 d54fea 3482 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3480->3482 3481->3314 3483 d54ff8 3482->3483 3483->3314 3485 d58354 IsProcessorFeaturePresent 3484->3485 3486 d58352 3484->3486 3488 d58c53 3485->3488 3486->3311 3502 d58c17 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 3488->3502 3490 d58d36 3490->3311 3498 d592fc 3491->3498 3493 d593a9 _CxxThrowException 3494 d593bf 3493->3494 3494->3471 3499 d592c9 3495->3499 3497 d5938c _CxxThrowException 3498->3493 3499->3497 3500->3474 3501->3480 3502->3490 3504 d54a60 3503->3504 3506 d54a78 3503->3506 3758 d56330 MessageBoxW 3504->3758 3507 d54aa7 3506->3507 3511 d51de0 __stdio_common_vswprintf 3506->3511 3509 d54add CoCreateGuid 3507->3509 3512 d51de0 __stdio_common_vswprintf 3507->3512 3508 d54a6f 3508->3322 3510 d54b38 3509->3510 3516 d54b4b 3509->3516 3513 d51de0 __stdio_common_vswprintf 3510->3513 3510->3516 3511->3507 3514 d54ad0 3512->3514 3513->3516 3514->3509 3515 d54d8e 3517 d54dff CreateMutexW 3515->3517 3525 d54eb9 3515->3525 3516->3515 3518 d51de0 __stdio_common_vswprintf 3516->3518 3519 d54e15 3517->3519 3520 d54e2e LoadLibraryW 3517->3520 3518->3515 3759 d56330 MessageBoxW 3519->3759 3523 d54e3d 3520->3523 3520->3525 3522 d54edf 3539 d539b0 3522->3539 3526 d54e56 3523->3526 3531 d51de0 __stdio_common_vswprintf 3523->3531 3524 d54e24 3524->3322 3525->3522 3530 d51de0 __stdio_common_vswprintf 3525->3530 3529 d54f42 3526->3529 3535 d51de0 __stdio_common_vswprintf 3526->3535 3528 d54f01 3532 d54f21 3528->3532 3533 d54f08 3528->3533 3529->3322 3530->3522 3531->3526 3532->3529 3538 d51de0 __stdio_common_vswprintf 3532->3538 3760 d56330 MessageBoxW 3533->3760 3537 d54ea3 3535->3537 3536 d54f17 3536->3322 3537->3322 3538->3529 3540 d539bd 3539->3540 3541 d539e6 3540->3541 3542 d53a09 3540->3542 3796 d56330 MessageBoxW 3541->3796 3543 d53a25 3542->3543 3546 d51de0 __stdio_common_vswprintf 3542->3546 3548 d54365 3543->3548 3549 d53b18 3543->3549 3593 d5441e 3543->3593 3545 d539f5 3550 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3545->3550 3546->3543 3547 d57b00 12 API calls 3552 d54467 3547->3552 3553 d542a1 3548->3553 3556 d578e0 2 API calls 3548->3556 3761 d54f60 3549->3761 3551 d53a05 3550->3551 3551->3528 3555 d5446e 3552->3555 3570 d54491 3552->3570 3558 d53c60 3553->3558 3563 d51de0 __stdio_common_vswprintf 3553->3563 4222 d56330 MessageBoxW 3555->4222 3561 d5437f 3556->3561 3557 d53b1e 3562 d53b25 3557->3562 3599 d53b48 3557->3599 3559 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3558->3559 3565 d542d9 3559->3565 3567 d54386 3561->3567 3568 d543a9 3561->3568 3797 d56330 MessageBoxW 3562->3797 3563->3558 3564 d53b58 Sleep 3766 d57b00 3564->3766 3565->3528 3566 d5447d 3572 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3566->3572 4220 d56330 MessageBoxW 3567->4220 3568->3558 3578 d573a0 7 API calls 3568->3578 3570->3553 3586 d54580 3570->3586 4223 d52be0 3570->4223 3579 d5448d 3572->3579 3574 d53b34 3576 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3574->3576 3575 d54395 3581 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3575->3581 3582 d53b44 3576->3582 3585 d543f4 3578->3585 3579->3528 3580 d57660 2 API calls 3587 d54622 3580->3587 3588 d543a5 3581->3588 3582->3528 3583 d544fc 3589 d54526 3583->3589 3590 d54503 3583->3590 3584 d54342 4219 d56330 MessageBoxW 3584->4219 3585->3593 3594 d543fb 3585->3594 3586->3558 3586->3580 3595 d5464c 3587->3595 3596 d54629 3587->3596 3588->3528 4229 d52840 3589->4229 4228 d56330 MessageBoxW 3590->4228 3593->3547 3593->3553 3593->3558 4221 d56330 MessageBoxW 3594->4221 3595->3558 3615 d578e0 2 API calls 3595->3615 4235 d56330 MessageBoxW 3596->4235 3598 d54351 3604 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3598->3604 3599->3564 3599->3584 3605 d5431f 3599->3605 3612 d54300 3599->3612 3621 d53bc6 3599->3621 3798 d526f0 3599->3798 3603 d54512 3610 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3603->3610 3611 d54361 3604->3611 4218 d56330 MessageBoxW 3605->4218 3606 d54541 3613 d54548 3606->3613 3614 d5456b 3606->3614 3607 d5440a 3616 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3607->3616 3609 d54638 3619 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3609->3619 3620 d54522 3610->3620 3611->3528 3612->3553 3623 d54306 3612->3623 4234 d56330 MessageBoxW 3613->4234 3617 d51de0 __stdio_common_vswprintf 3614->3617 3624 d54697 3615->3624 3625 d5441a 3616->3625 3617->3586 3618 d5432e 3626 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3618->3626 3627 d54648 3619->3627 3620->3528 3621->3553 3806 d56350 3621->3806 3629 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3623->3629 3630 d546c1 3624->3630 3631 d5469e 3624->3631 3625->3528 3633 d5433e 3626->3633 3627->3528 3628 d54557 3634 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3628->3634 3635 d5431b 3629->3635 3630->3558 3637 d546f3 3630->3637 4236 d56330 MessageBoxW 3631->4236 3633->3528 3639 d54567 3634->3639 3635->3528 3636 d546ad 3640 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3636->3640 3637->3630 3645 d58a9f _except1 3637->3645 3639->3528 3644 d546bd 3640->3644 3641 d53bea 3642 d53c14 3641->3642 3643 d53bf1 3641->3643 3658 d53c1e 3642->3658 4081 d57660 3642->4081 4080 d56330 MessageBoxW 3643->4080 3644->3528 3647 d54789 calloc 3645->3647 3650 d54838 3647->3650 3662 d5485b calloc 3647->3662 3648 d53c00 3653 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3648->3653 3651 d54880 3650->3651 3652 d54840 free calloc 3650->3652 3656 d54890 3651->3656 3657 d548d3 calloc 3651->3657 3652->3662 3655 d53c10 3653->3655 3654 d53c75 3659 d53c7c 3654->3659 3660 d53c9f 3654->3660 3655->3528 3664 d54898 free free calloc 3656->3664 3675 d548ef 3656->3675 3657->3675 3658->3558 3665 d51de0 __stdio_common_vswprintf 3658->3665 4093 d56330 MessageBoxW 3659->4093 3660->3658 4094 d578e0 3660->4094 3662->3651 3672 d548ba calloc 3664->3672 3665->3558 3666 d53c8b 3670 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3666->3670 3667 d54a0a 4239 d56330 MessageBoxW 3667->4239 3674 d53c9b 3670->3674 3671 d53cea 3676 d53d14 3671->3676 3677 d53cf1 3671->3677 3672->3675 3674->3528 3675->3667 3680 d570b0 7 API calls 3675->3680 3676->3658 3702 d53d52 3676->3702 4106 d56330 MessageBoxW 3677->4106 3678 d54a25 3679 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3678->3679 3682 d54a35 3679->3682 3683 d54935 3680->3683 3682->3528 3685 d5493c 3683->3685 3686 d5495f 3683->3686 3684 d53d00 3687 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3684->3687 4237 d56330 MessageBoxW 3685->4237 3686->3558 3690 d573a0 7 API calls 3686->3690 3689 d53d10 3687->3689 3689->3528 3692 d549aa 3690->3692 3691 d5494b 3693 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3691->3693 3694 d549d4 3692->3694 3695 d549b1 3692->3695 3696 d5495b 3693->3696 3694->3553 3698 d549e2 3694->3698 4238 d56330 MessageBoxW 3695->4238 3696->3528 3698->3558 3698->3667 3699 d549c0 3700 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3699->3700 3701 d549d0 3700->3701 3701->3528 3702->3558 4107 d55e20 3702->4107 3704 d53ec8 3705 d53ef2 3704->3705 3706 d53ecf 3704->3706 3712 d55e20 10 API calls 3705->3712 3720 d53f6d 3705->3720 4138 d56330 MessageBoxW 3706->4138 3708 d53ede 3709 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3708->3709 3710 d53eee 3709->3710 3710->3528 3713 d53f43 3712->3713 3714 d53f4a 3713->3714 3713->3720 4139 d56330 MessageBoxW 3714->4139 3716 d53fbf 4143 d58a9f 3716->4143 3717 d53f59 3718 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3717->3718 3721 d53f69 3718->3721 3720->3716 4140 d53060 3720->4140 3721->3528 3722 d53ffd 3723 d54033 calloc 3722->3723 3724 d54031 3722->3724 3725 d540c5 3723->3725 3730 d540e8 calloc 3723->3730 3724->3723 3726 d5410d 3725->3726 3727 d540cd free calloc 3725->3727 3728 d54160 calloc 3726->3728 3729 d5411d 3726->3729 3727->3730 3733 d5417c 3728->3733 3732 d54125 free free calloc 3729->3732 3729->3733 3730->3726 3737 d54147 calloc 3732->3737 3734 d542dd 3733->3734 3738 d541b5 3733->3738 4217 d56330 MessageBoxW 3734->4217 3737->3733 4173 d570b0 3738->4173 3739 d542ec 3741 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3739->3741 3743 d542fc 3741->3743 3742 d541c2 3744 d541ec 3742->3744 3745 d541c9 3742->3745 3743->3528 3744->3558 4195 d573a0 3744->4195 4194 d56330 MessageBoxW 3745->4194 3748 d541d8 3750 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3748->3750 3749 d54237 3751 d54261 3749->3751 3752 d5423e 3749->3752 3753 d541e8 3750->3753 3751->3553 3751->3558 4216 d56330 MessageBoxW 3752->4216 3753->3528 3755 d5424d 3756 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3755->3756 3757 d5425d 3756->3757 3757->3528 3758->3508 3759->3524 3760->3536 3762 d54f7e 3761->3762 3763 d54f6a 3761->3763 3762->3557 4240 d56330 MessageBoxW 3763->4240 3765 d54f79 3765->3557 3767 d57b3b 3766->3767 3772 d57b5d CoCreateInstance 3766->3772 4249 d56330 MessageBoxW 3767->4249 3770 d57b4a 3771 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3770->3771 3774 d57b59 3771->3774 3777 d57bf2 3772->3777 3779 d57c1b 3772->3779 3773 d5808a 3775 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3773->3775 3774->3599 3776 d580a6 3775->3776 3776->3599 3777->3773 3778 d51de0 __stdio_common_vswprintf 3777->3778 3778->3773 3779->3777 3780 d57cf8 CoTaskMemFree 3779->3780 3790 d57d80 3779->3790 3781 d57d26 PropVariantClear PropVariantClear 3780->3781 3783 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3781->3783 3784 d57d7c 3783->3784 3784->3599 3786 d57ff3 4250 d56330 MessageBoxW 3786->4250 3788 d58002 3789 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3788->3789 3791 d58012 3789->3791 3790->3773 3790->3777 3790->3786 3792 d56210 wcsstr MessageBoxW 3790->3792 3793 d57fe0 3790->3793 4241 d52570 3790->4241 3791->3599 3792->3790 3794 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3793->3794 3795 d57fef 3794->3795 3795->3599 3796->3545 3797->3574 3799 d5270e 3798->3799 3800 d526fa 3798->3800 3805 d52736 3799->3805 4253 d56330 MessageBoxW 3799->4253 4252 d56330 MessageBoxW 3800->4252 3802 d52709 3802->3599 3804 d52816 3804->3599 3805->3599 3807 d5635d 3806->3807 3808 d563dd 3807->3808 3809 d563bb 3807->3809 3811 d563fa 3808->3811 3816 d51de0 __stdio_common_vswprintf 3808->3816 4254 d56330 MessageBoxW 3809->4254 4255 d522a0 3811->4255 3813 d563ca 3815 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3813->3815 3814 d56421 3817 d56428 3814->3817 3818 d5644b 3814->3818 3819 d563d9 3815->3819 3816->3811 4260 d56330 MessageBoxW 3817->4260 4067 d56454 3818->4067 4261 d522e0 3818->4261 3819->3641 3821 d56437 3825 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3821->3825 3822 d569d9 3824 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3822->3824 3829 d570a5 3824->3829 3830 d56447 3825->3830 3826 d5648d 3827 d56494 3826->3827 3828 d564b7 3826->3828 4278 d56330 MessageBoxW 3827->4278 3832 d55e20 10 API calls 3828->3832 3829->3641 3830->3641 3835 d564cb 3832->3835 3833 d51de0 __stdio_common_vswprintf 3833->3822 3834 d564a3 3836 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3834->3836 3837 d564f5 3835->3837 3838 d564d2 3835->3838 3839 d564b3 3836->3839 4280 d560a0 3837->4280 4279 d56330 MessageBoxW 3838->4279 3839->3641 3842 d564e1 3846 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3842->3846 3843 d56509 3844 d56510 3843->3844 3845 d56533 3843->3845 4285 d56330 MessageBoxW 3844->4285 3848 d55e20 10 API calls 3845->3848 3849 d564f1 3846->3849 3851 d56547 3848->3851 3849->3641 3850 d5651f 3852 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3850->3852 3853 d56571 3851->3853 3854 d5654e 3851->3854 3855 d5652f 3852->3855 3857 d560a0 MessageBoxW 3853->3857 4286 d56330 MessageBoxW 3854->4286 3855->3641 3859 d56585 3857->3859 3858 d5655d 3862 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3858->3862 3860 d5658c 3859->3860 3861 d565af 3859->3861 4287 d56330 MessageBoxW 3860->4287 3864 d55e20 10 API calls 3861->3864 3865 d5656d 3862->3865 3867 d565c3 3864->3867 3865->3641 3866 d5659b 3868 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3866->3868 3869 d565ed 3867->3869 3870 d565ca 3867->3870 3871 d565ab 3868->3871 3873 d560a0 MessageBoxW 3869->3873 4288 d56330 MessageBoxW 3870->4288 3871->3641 3875 d56601 3873->3875 3874 d565d9 3878 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3874->3878 3876 d56608 3875->3876 3877 d5662b 3875->3877 4289 d56330 MessageBoxW 3876->4289 3880 d55e20 10 API calls 3877->3880 3881 d565e9 3878->3881 3883 d5663f 3880->3883 3881->3641 3882 d56617 3884 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3882->3884 3885 d56646 3883->3885 3886 d56669 3883->3886 3887 d56627 3884->3887 4290 d56330 MessageBoxW 3885->4290 3889 d560a0 MessageBoxW 3886->3889 3887->3641 3891 d5667d 3889->3891 3890 d56655 3894 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3890->3894 3892 d56684 3891->3892 3893 d566a7 3891->3893 4291 d56330 MessageBoxW 3892->4291 3896 d55e20 10 API calls 3893->3896 3897 d56665 3894->3897 3899 d566bb 3896->3899 3897->3641 3898 d56693 3900 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3898->3900 3901 d566e5 3899->3901 3902 d566c2 3899->3902 3903 d566a3 3900->3903 3905 d560a0 MessageBoxW 3901->3905 4292 d56330 MessageBoxW 3902->4292 3903->3641 3907 d566f9 3905->3907 3906 d566d1 3909 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3906->3909 3908 d56700 3907->3908 3914 d56723 3907->3914 4293 d56330 MessageBoxW 3908->4293 3911 d566e1 3909->3911 3911->3641 3912 d5670f 3913 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3912->3913 3915 d5671f 3913->3915 3916 d567f4 3914->3916 3918 d5676b 3914->3918 3915->3641 3917 d5683e 3916->3917 3919 d560a0 MessageBoxW 3916->3919 3952 d567e7 3917->3952 3960 d569e1 3917->3960 3969 d56884 3917->3969 4294 d55f90 3918->4294 3922 d56814 3919->3922 3921 d5677f 3923 d56786 3921->3923 3924 d567a9 3921->3924 3922->3917 3925 d5681b 3922->3925 4319 d56330 MessageBoxW 3923->4319 3930 d55f90 10 API calls 3924->3930 4321 d56330 MessageBoxW 3925->4321 3926 d56bf6 3931 d56c07 3926->3931 3932 d56c2a 3926->3932 3927 d56993 3927->3822 3948 d51de0 __stdio_common_vswprintf 3927->3948 3936 d567bd 3930->3936 4343 d56330 MessageBoxW 3931->4343 3939 d56ccd 3932->3939 4344 d582f0 _time64 _localtime64 _mktime64 wcsftime 3932->4344 3934 d56795 3941 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3934->3941 3935 d5682a 3946 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3935->3946 3942 d567c4 3936->3942 3936->3952 3938 d560a0 MessageBoxW 3943 d56949 3938->3943 3944 d55f90 10 API calls 3939->3944 3940 d569e5 4324 d52f00 3940->4324 3949 d567a5 3941->3949 4320 d56330 MessageBoxW 3942->4320 3951 d56950 3943->3951 3943->3952 3953 d56cfa 3944->3953 3945 d56ac6 3954 d56af0 3945->3954 3955 d56acd 3945->3955 3956 d5683a 3946->3956 3947 d56c16 3957 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3947->3957 3948->3822 3949->3641 4322 d56330 MessageBoxW 3951->4322 3952->3926 3952->3927 3963 d56d24 3953->3963 3964 d56d01 3953->3964 3954->3952 3976 d52f00 MessageBoxW 3954->3976 4329 d56330 MessageBoxW 3955->4329 3956->3641 3966 d56c26 3957->3966 3959 d56c4c 3967 d56c76 3959->3967 3968 d56c53 3959->3968 3960->3940 3970 d560a0 MessageBoxW 3960->3970 3961 d567d3 3971 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3961->3971 3975 d56dec 3963->3975 3984 d55f90 10 API calls 3963->3984 4350 d56330 MessageBoxW 3964->4350 3966->3641 3998 d51de0 __stdio_common_vswprintf 3967->3998 4349 d56330 MessageBoxW 3968->4349 3969->3938 3978 d56a61 3970->3978 3979 d567e3 3971->3979 3972 d5695f 3980 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3972->3980 3974 d56adc 3983 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3974->3983 3981 d52570 2 API calls 3975->3981 3985 d56b18 3976->3985 3978->3940 3987 d56a68 3978->3987 3979->3641 3988 d5696f 3980->3988 3989 d56e0d 3981->3989 3982 d56d10 3990 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3982->3990 3991 d56aec 3983->3991 3992 d56d46 3984->3992 3993 d56b42 3985->3993 3994 d56b1f 3985->3994 3986 d56c62 3997 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 3986->3997 4323 d56330 MessageBoxW 3987->4323 3988->3641 4000 d56e14 3989->4000 4021 d56e37 3989->4021 4001 d56d20 3990->4001 3991->3641 4002 d56d70 3992->4002 4003 d56d4d 3992->4003 3995 d56bb4 3993->3995 3996 d56b4b 3993->3996 4330 d56330 MessageBoxW 3994->4330 4010 d560a0 MessageBoxW 3995->4010 4331 d52e40 3996->4331 4007 d56c72 3997->4007 4008 d56ca2 3998->4008 4354 d56330 MessageBoxW 4000->4354 4001->3641 4005 d55f90 10 API calls 4002->4005 4351 d56330 MessageBoxW 4003->4351 4015 d56d84 4005->4015 4007->3641 4038 d51de0 __stdio_common_vswprintf 4008->4038 4009 d56a77 4017 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4009->4017 4018 d56bc8 4010->4018 4013 d56b2e 4014 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4013->4014 4022 d56b3e 4014->4022 4023 d56dae 4015->4023 4024 d56d8b 4015->4024 4016 d56b58 4025 d56b82 4016->4025 4026 d56b5f 4016->4026 4027 d56a87 4017->4027 4018->3952 4028 d56bd3 4018->4028 4019 d56e23 4029 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4019->4029 4020 d56d5c 4030 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4020->4030 4021->3822 4032 d56ef7 4021->4032 4033 d56f2e 4021->4033 4022->3641 4036 d560a0 MessageBoxW 4023->4036 4352 d56330 MessageBoxW 4024->4352 4037 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4025->4037 4341 d56330 MessageBoxW 4026->4341 4027->3641 4342 d56330 MessageBoxW 4028->4342 4040 d56e33 4029->4040 4031 d56d6c 4030->4031 4031->3641 4355 d558a0 4032->4355 4045 d558a0 3 API calls 4033->4045 4044 d56dc2 4036->4044 4046 d56bb0 4037->4046 4038->3939 4040->3641 4042 d56d9a 4049 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4042->4049 4043 d56b6e 4050 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4043->4050 4044->3975 4051 d56dc9 4044->4051 4052 d56f3b 4045->4052 4046->3641 4047 d56be2 4053 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4047->4053 4048 d56f04 4054 d56f65 4048->4054 4055 d56f0b 4048->4055 4056 d56daa 4049->4056 4057 d56b7e 4050->4057 4353 d56330 MessageBoxW 4051->4353 4052->4054 4059 d56f42 4052->4059 4060 d56bf2 4053->4060 4054->3822 4054->4067 4370 d556b0 4054->4370 4368 d56330 MessageBoxW 4055->4368 4056->3641 4057->3641 4369 d56330 MessageBoxW 4059->4369 4060->3641 4062 d56dd8 4065 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4062->4065 4064 d56f1a 4068 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4064->4068 4069 d56de8 4065->4069 4066 d56f51 4070 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4066->4070 4067->3822 4067->3833 4072 d56f2a 4068->4072 4069->3641 4073 d56f61 4070->4073 4072->3641 4073->3641 4074 d56fd1 4074->4067 4075 d56fd8 4074->4075 4389 d56330 MessageBoxW 4075->4389 4077 d56fe7 4078 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4077->4078 4079 d56ff7 4078->4079 4079->3641 4080->3648 4082 d57680 4081->4082 4083 d5766b 4081->4083 4086 d57693 4082->4086 4089 d57717 4082->4089 4437 d56330 MessageBoxW 4083->4437 4085 d5767a 4085->3654 4087 d51de0 __stdio_common_vswprintf 4086->4087 4092 d5784b 4086->4092 4088 d57704 4087->4088 4088->3654 4090 d51de0 __stdio_common_vswprintf 4089->4090 4089->4092 4091 d57771 4090->4091 4091->3654 4092->3654 4093->3666 4095 d578eb 4094->4095 4098 d57900 4094->4098 4438 d56330 MessageBoxW 4095->4438 4097 d578fa 4097->3671 4099 d57914 4098->4099 4103 d579b0 4098->4103 4100 d51de0 __stdio_common_vswprintf 4099->4100 4102 d57ae0 4099->4102 4101 d5799d 4100->4101 4101->3671 4102->3671 4103->4102 4104 d51de0 __stdio_common_vswprintf 4103->4104 4105 d57a20 4104->4105 4105->3671 4106->3684 4108 d55e2d 4107->4108 4109 d55e65 4108->4109 4110 d55e44 4108->4110 4111 d55e6e 4109->4111 4112 d55e98 4109->4112 4439 d56330 MessageBoxW 4110->4439 4114 d51de0 __stdio_common_vswprintf 4111->4114 4117 d51de0 __stdio_common_vswprintf 4112->4117 4126 d55eee 4112->4126 4116 d55e93 4114->4116 4115 d55e53 4118 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4115->4118 4440 d58200 4116->4440 4117->4116 4120 d55e61 4118->4120 4120->3704 4122 d55f6e 4124 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4122->4124 4123 d55ee7 4125 d55ef5 4123->4125 4123->4126 4127 d55f7d 4124->4127 4128 d55f3f 4125->4128 4131 d55f18 4125->4131 4456 d56330 MessageBoxW 4126->4456 4127->3704 4129 d51de0 __stdio_common_vswprintf 4128->4129 4130 d55f4a 4129->4130 4132 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4130->4132 4133 d51de0 __stdio_common_vswprintf 4131->4133 4134 d55f5b 4132->4134 4135 d55f2a 4133->4135 4134->3704 4136 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4135->4136 4137 d55f3b 4136->4137 4137->3704 4138->3708 4139->3717 4460 d53050 4140->4460 4142 d53076 __stdio_common_vswscanf 4142->3716 4144 d58aac 4143->4144 4145 d58a2b 4144->4145 4147 d588e3 4144->4147 4148 d58ad2 4144->4148 4146 d58a3d __dtol3 _except1 4145->4146 4150 d58a35 4146->4150 4149 d58900 4147->4149 4461 d58a3d 4147->4461 4151 d58b07 4148->4151 4154 d58af3 4148->4154 4155 d58b09 4148->4155 4149->4145 4158 d5891c 4149->4158 4150->3722 4152 d58b52 4151->4152 4153 d58b2b 4151->4153 4164 d58b8d 4152->4164 4169 d58a3d __dtol3 _except1 4152->4169 4163 d58a3d __dtol3 _except1 4153->4163 4167 d58961 4153->4167 4159 d58a3d __dtol3 _except1 4154->4159 4156 d58a3d __dtol3 _except1 4155->4156 4161 d58b13 4156->4161 4158->4167 4172 d58a3d __dtol3 _except1 4158->4172 4160 d58afd 4159->4160 4165 d58a3d __dtol3 _except1 4160->4165 4161->4151 4166 d58a3d __dtol3 _except1 4161->4166 4162 d58a1d 4162->3722 4168 d58b43 4163->4168 4164->4145 4164->4167 4165->4151 4166->4151 4167->3722 4167->4162 4171 d58a3d __dtol3 _except1 4167->4171 4170 d58a3d __dtol3 _except1 4168->4170 4169->4164 4170->4167 4171->4162 4172->4167 4174 d570d5 4173->4174 4175 d570be 4173->4175 4179 d57175 4174->4179 4182 d570e8 4174->4182 4465 d56330 MessageBoxW 4175->4465 4177 d570cd 4177->3742 4178 d57381 4178->3742 4466 d55d20 memset GetModuleHandleW GetProcAddress 4179->4466 4182->4178 4184 d51de0 __stdio_common_vswprintf 4182->4184 4183 d57189 4469 d56330 MessageBoxW 4183->4469 4185 d57160 4184->4185 4185->3742 4187 d57198 4187->3742 4188 d571a1 4189 d571c7 4188->4189 4193 d572bd 4188->4193 4189->4178 4190 d51de0 __stdio_common_vswprintf 4189->4190 4191 d57207 4190->4191 4191->3742 4192 d58a9f _except1 4192->4178 4193->4178 4193->4192 4194->3748 4196 d573c5 4195->4196 4197 d573ae 4195->4197 4199 d5742d 4196->4199 4200 d573d8 4196->4200 4470 d56330 MessageBoxW 4197->4470 4201 d55d20 4 API calls 4199->4201 4203 d57641 4200->4203 4206 d51de0 __stdio_common_vswprintf 4200->4206 4204 d5743a 4201->4204 4202 d573bd 4202->3749 4203->3749 4205 d57441 4204->4205 4210 d57459 4204->4210 4471 d56330 MessageBoxW 4205->4471 4208 d57418 4206->4208 4208->3749 4209 d57450 4209->3749 4211 d5747f 4210->4211 4215 d57575 4210->4215 4211->4203 4212 d51de0 __stdio_common_vswprintf 4211->4212 4213 d574bf 4212->4213 4213->3749 4214 d58a9f _except1 4214->4203 4215->4203 4215->4214 4216->3755 4217->3739 4218->3618 4219->3598 4220->3575 4221->3607 4222->3566 4224 d52bea 4223->4224 4227 d52bfe 4223->4227 4472 d56330 MessageBoxW 4224->4472 4226 d52bf9 4226->3583 4227->3583 4228->3603 4230 d5284a 4229->4230 4233 d5285e 4229->4233 4473 d56330 MessageBoxW 4230->4473 4232 d52859 4232->3606 4233->3606 4234->3628 4235->3609 4236->3636 4237->3691 4238->3699 4239->3678 4240->3765 4242 d5257c 4241->4242 4246 d52593 4241->4246 4251 d56330 MessageBoxW 4242->4251 4244 d5258b 4244->3790 4245 d52600 4245->3790 4246->4245 4247 d51de0 __stdio_common_vswprintf 4246->4247 4248 d5266c 4247->4248 4248->3790 4249->3770 4250->3788 4251->4244 4252->3802 4253->3804 4254->3813 4256 d522be 4255->4256 4257 d522aa 4255->4257 4256->3814 4390 d56330 MessageBoxW 4257->4390 4259 d522b9 4259->3814 4260->3821 4262 d5231f 4261->4262 4263 d522fe 4261->4263 4265 d55e20 10 API calls 4262->4265 4391 d56330 MessageBoxW 4263->4391 4267 d52333 4265->4267 4266 d5230d 4268 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4266->4268 4269 d5233a 4267->4269 4273 d5235b 4267->4273 4270 d5231b 4268->4270 4392 d56330 MessageBoxW 4269->4392 4270->3826 4272 d52349 4274 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4272->4274 4276 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4273->4276 4275 d52357 4274->4275 4275->3826 4277 d523a7 4276->4277 4277->3826 4278->3834 4279->3842 4281 d560b3 4280->4281 4284 d560c7 4280->4284 4393 d56330 MessageBoxW 4281->4393 4283 d560c2 4283->3843 4284->3843 4285->3850 4286->3858 4287->3866 4288->3874 4289->3882 4290->3890 4291->3898 4292->3906 4293->3912 4295 d55f9d 4294->4295 4296 d55fd5 4295->4296 4297 d55fb4 4295->4297 4298 d55fde 4296->4298 4299 d56008 4296->4299 4394 d56330 MessageBoxW 4297->4394 4301 d51de0 __stdio_common_vswprintf 4298->4301 4305 d51de0 __stdio_common_vswprintf 4299->4305 4316 d56060 4299->4316 4304 d56003 4301->4304 4302 d55fc3 4303 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4302->4303 4306 d55fd1 4303->4306 4309 d51de0 __stdio_common_vswprintf 4304->4309 4305->4304 4306->3921 4308 d56088 4310 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4308->4310 4311 d56045 4309->4311 4312 d56097 4310->4312 4395 d580b0 4311->4395 4312->3921 4314 d56059 4315 d56067 4314->4315 4314->4316 4317 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4315->4317 4421 d56330 MessageBoxW 4316->4421 4318 d56075 4317->4318 4318->3921 4319->3934 4320->3961 4321->3935 4322->3972 4323->4009 4325 d52f0a 4324->4325 4328 d52f1e 4324->4328 4428 d56330 MessageBoxW 4325->4428 4327 d52f19 4327->3945 4328->3945 4329->3974 4330->4013 4332 d52e4c 4331->4332 4337 d52e63 4331->4337 4429 d56330 MessageBoxW 4332->4429 4334 d52ecf 4334->4016 4335 d52e5b 4335->4016 4336 d52f00 MessageBoxW 4336->4337 4337->4334 4337->4336 4338 d52ed8 4337->4338 4430 d56330 MessageBoxW 4338->4430 4340 d52ee7 4340->4016 4341->4043 4342->4047 4343->3947 4345 d58343 4344->4345 4346 d5832d 4344->4346 4345->3959 4431 d56330 MessageBoxW 4346->4431 4348 d5833c 4348->3959 4349->3986 4350->3982 4351->4020 4352->4042 4353->4062 4354->4019 4356 d558c3 4355->4356 4357 d558ac 4355->4357 4359 d558d6 4356->4359 4360 d558f4 CoCreateInstance 4356->4360 4361 d55a82 4356->4361 4432 d56330 MessageBoxW 4357->4432 4359->4048 4363 d55910 4360->4363 4433 d56330 MessageBoxW 4361->4433 4362 d558bb 4362->4048 4366 d51de0 __stdio_common_vswprintf 4363->4366 4367 d55a5e 4363->4367 4365 d55a91 4365->4048 4366->4367 4367->4048 4368->4064 4369->4066 4371 d556d3 4370->4371 4372 d556bc 4370->4372 4374 d560a0 MessageBoxW 4371->4374 4434 d56330 MessageBoxW 4372->4434 4376 d556ea 4374->4376 4375 d556cb 4375->4074 4377 d556f1 4376->4377 4378 d55709 4376->4378 4435 d56330 MessageBoxW 4377->4435 4380 d55868 4378->4380 4382 d557c7 CoCreateInstance 4378->4382 4384 d55711 4378->4384 4385 d55731 4378->4385 4436 d56330 MessageBoxW 4380->4436 4381 d55700 4381->4074 4382->4385 4387 d557e3 4382->4387 4384->4074 4385->4384 4388 d51de0 __stdio_common_vswprintf 4385->4388 4386 d5587d 4386->4074 4387->4074 4388->4384 4389->4077 4390->4259 4391->4266 4392->4272 4393->4283 4394->4302 4396 d580d1 4395->4396 4397 d580bb 4395->4397 4399 d580d9 4396->4399 4404 d580f0 4396->4404 4422 d56330 MessageBoxW 4397->4422 4423 d56330 MessageBoxW 4399->4423 4400 d580ca 4400->4314 4402 d580e8 4402->4314 4403 d58114 RegCreateKeyExW 4406 d58165 4403->4406 4407 d5817d RegSetValueExW 4403->4407 4404->4403 4408 d581da 4404->4408 4424 d56330 MessageBoxW 4406->4424 4410 d58195 4407->4410 4411 d581ad RegCloseKey 4407->4411 4427 d56330 MessageBoxW 4408->4427 4425 d56330 MessageBoxW 4410->4425 4415 d581d2 4411->4415 4416 d581ba 4411->4416 4413 d58174 4413->4314 4415->4314 4426 d56330 MessageBoxW 4416->4426 4417 d581e9 4417->4314 4418 d581a4 4418->4314 4420 d581c9 4420->4314 4421->4308 4422->4400 4423->4402 4424->4413 4425->4418 4426->4420 4427->4417 4428->4327 4429->4335 4430->4340 4431->4348 4432->4362 4433->4365 4434->4375 4435->4381 4436->4386 4437->4085 4438->4097 4439->4115 4441 d58214 4440->4441 4448 d58229 4440->4448 4457 d56330 MessageBoxW 4441->4457 4443 d58231 RegOpenKeyExW 4446 d582c7 4443->4446 4447 d58288 RegQueryValueExW 4443->4447 4444 d58223 4444->4123 4446->4123 4447->4446 4449 d582a5 RegCloseKey 4447->4449 4448->4443 4450 d582d2 4448->4450 4449->4446 4451 d582b2 4449->4451 4459 d56330 MessageBoxW 4450->4459 4458 d56330 MessageBoxW 4451->4458 4454 d582e1 4454->4123 4455 d582c1 4455->4123 4456->4122 4457->4444 4458->4455 4459->4454 4460->4142 4462 d58a55 _except1 4461->4462 4463 d58a4d 4461->4463 4464 d58a7d 4462->4464 4463->4462 4463->4464 4464->4149 4465->4177 4467 d55d7e GetSystemInfo 4466->4467 4468 d55d76 4466->4468 4467->4468 4468->4183 4468->4188 4469->4187 4470->4202 4471->4209 4472->4226 4473->4232 4474->3329 4475->3332 4477 d562ab 4476->4477 4478 d53769 4477->4478 4479 d56300 towupper 4477->4479 4478->3342 4478->3347 4479->4478 4479->4479 4480->3338 4482 d51100 __stdio_common_vswprintf 4481->4482 4483 d5210a 4482->4483 4484 d52c40 3 API calls 4483->4484 4485 d5213a 4484->4485 4487 d53720 8 API calls 4485->4487 4492 d52141 MessageBoxW 4485->4492 4489 d52183 4487->4489 4488 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4490 d52165 4488->4490 4491 d52193 4489->4491 4489->4492 4490->3375 4493 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4491->4493 4492->4488 4494 d521ad 4493->4494 4494->3375 4496 d55ab5 4495->4496 4497 d55acc 4495->4497 4535 d56330 MessageBoxW 4496->4535 4536 d56130 4497->4536 4500 d55ac4 4500->3375 4501 d55ae3 4502 d55b02 4501->4502 4503 d55aea 4501->4503 4504 d55b0a 4502->4504 4512 d55b1f 4502->4512 4545 d55450 4502->4545 4544 d56330 MessageBoxW 4503->4544 4504->3375 4506 d55af9 4506->3375 4508 d51de0 __stdio_common_vswprintf 4510 d55b57 4508->4510 4510->3375 4511 d55c00 4513 d55c5e PropVariantClear 4511->4513 4514 d55c1a PropVariantClear 4511->4514 4512->4508 4515 d55c6b 4512->4515 4513->4515 4516 d55c2d 4514->4516 4515->3375 4516->4513 4516->4515 4518 d52c55 4517->4518 4521 d52c6c 4517->4521 4564 d56330 MessageBoxW 4518->4564 4520 d52c64 4520->3375 4522 d56130 MessageBoxW 4521->4522 4523 d52cc1 4522->4523 4524 d52cc8 4523->4524 4529 d52ce1 4523->4529 4565 d56330 MessageBoxW 4524->4565 4526 d52ce9 4526->3375 4527 d52cd7 4527->3375 4528 d52e28 4528->3375 4529->4526 4530 d52d37 4529->4530 4534 d52def PropVariantClear 4529->4534 4530->4528 4531 d51de0 __stdio_common_vswprintf 4530->4531 4532 d52d77 4531->4532 4532->3375 4534->4528 4535->4500 4537 d56143 4536->4537 4539 d56157 4536->4539 4551 d56330 MessageBoxW 4537->4551 4541 d56178 4539->4541 4552 d56330 MessageBoxW 4539->4552 4540 d56152 4540->4501 4541->4501 4543 d561e5 4543->4501 4544->4506 4546 d554af 4545->4546 4547 d5546a CoTaskMemAlloc 4545->4547 4546->4511 4546->4512 4547->4546 4549 d554a3 4547->4549 4553 d55c80 4549->4553 4551->4540 4552->4543 4554 d55c90 4553->4554 4555 d55c8b 4553->4555 4556 d55c97 _errno _invalid_parameter_noinfo 4554->4556 4557 d55cb1 4554->4557 4555->4546 4556->4546 4558 d55cd3 memset 4557->4558 4559 d55cc1 memcpy 4557->4559 4560 d55ce3 _errno _invalid_parameter_noinfo 4558->4560 4561 d55cff 4558->4561 4559->4546 4562 d55cf5 4560->4562 4561->4562 4563 d55d03 _errno _invalid_parameter_noinfo 4561->4563 4562->4546 4563->4546 4564->4520 4565->4527 4567 d51100 __stdio_common_vswprintf 4566->4567 4568 d521ea 4567->4568 4569 d523b0 3 API calls 4568->4569 4570 d5221a 4569->4570 4571 d52221 MessageBoxW 4570->4571 4573 d53720 8 API calls 4570->4573 4574 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4571->4574 4575 d52263 4573->4575 4576 d52245 4574->4576 4575->4571 4577 d52273 4575->4577 4576->3400 4578 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4577->4578 4579 d5228d 4578->4579 4579->3400 4581 d554e5 4580->4581 4582 d554fc 4580->4582 4615 d56330 MessageBoxW 4581->4615 4584 d56130 MessageBoxW 4582->4584 4586 d55513 4584->4586 4585 d554f4 4585->3400 4587 d5551a 4586->4587 4592 d55532 4586->4592 4616 d56330 MessageBoxW 4587->4616 4589 d5553a 4589->3400 4590 d55529 4590->3400 4591 d5569b 4591->3400 4592->4589 4593 d55450 9 API calls 4592->4593 4598 d5554f 4592->4598 4595 d555e7 4593->4595 4594 d51de0 __stdio_common_vswprintf 4596 d55587 4594->4596 4597 d55630 4595->4597 4595->4598 4596->3400 4599 d5568e PropVariantClear 4597->4599 4600 d5564a PropVariantClear 4597->4600 4598->4591 4598->4594 4599->4591 4601 d5565d 4600->4601 4601->4591 4601->4599 4603 d523d0 4602->4603 4604 d523bb 4602->4604 4607 d5250b 4603->4607 4613 d52414 4603->4613 4617 d56330 MessageBoxW 4604->4617 4606 d523ca 4606->3400 4608 d52534 4607->4608 4610 d51100 __stdio_common_vswprintf 4607->4610 4618 d56330 MessageBoxW 4608->4618 4610->4608 4611 d52550 4611->3400 4612 d524f7 4612->3400 4613->4612 4614 d51de0 __stdio_common_vswprintf 4613->4614 4614->4612 4615->4585 4616->4590 4617->4606 4618->4611 4620 d52933 4619->4620 4630 d52929 4619->4630 4622 d51de0 __stdio_common_vswprintf 4620->4622 4631 d5294f 4620->4631 4622->4631 4623 d52ba5 4627 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4623->4627 4624 d52983 4628 d55e20 10 API calls 4624->4628 4625 d52aea 4626 d55e20 10 API calls 4625->4626 4626->4630 4629 d52bb5 4627->4629 4628->4630 4629->3435 4639 d56330 MessageBoxW 4630->4639 4631->4624 4631->4625 4631->4630 4633 d52a05 4631->4633 4632 d52b70 4634 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4632->4634 4633->4632 4636 d51de0 __stdio_common_vswprintf 4633->4636 4635 d52b8c 4634->4635 4635->3435 4637 d52b58 4636->4637 4638 d51de0 __stdio_common_vswprintf 4637->4638 4638->4632 4639->4623 4641 d52fd0 4640->4641 4642 d52fba 4640->4642 4644 d55d20 4 API calls 4641->4644 4650 d56330 MessageBoxW 4642->4650 4646 d52fe7 4644->4646 4645 d52fc9 4645->3456 4648 d53005 4646->4648 4651 d56330 MessageBoxW 4646->4651 4648->3456 4649 d52ffd 4649->3456 4650->4645 4651->4649 4903 d58824 4904 d59192 GetModuleHandleW 4903->4904 4905 d5882c 4904->4905 4906 d58830 _exit 4905->4906 4907 d58838 4905->4907 4906->4907 4908 d5883e _c_exit 4907->4908 4909 d58843 ___scrt_is_nonwritable_in_current_image 4907->4909 4908->4909 4910 d58626 _set_app_type 4933 d59466 4910->4933 4912 d58633 _set_fmode __p__commode 4913 d58645 pre_c_initialization 4912->4913 4934 d5840c 4913->4934 4915 d586c2 4916 d59074 ___scrt_fastfail 6 API calls 4915->4916 4917 d586c9 ___scrt_initialize_default_local_stdio_options 4916->4917 4918 d5864e __RTC_Initialize 4918->4915 4919 d585ad pre_c_initialization 2 API calls 4918->4919 4920 d58667 pre_c_initialization 4919->4920 4921 d5866c _configure_wide_argv 4920->4921 4921->4915 4922 d58678 4921->4922 4943 d5946c InitializeSListHead 4922->4943 4924 d5867d pre_c_initialization 4925 d58686 __setusermatherr 4924->4925 4926 d58691 pre_c_initialization 4924->4926 4925->4926 4944 d59478 _controlfp_s 4926->4944 4928 d586a0 pre_c_initialization 4929 d586a5 _configthreadlocale 4928->4929 4930 d586b1 ___scrt_uninitialize_crt 4929->4930 4931 d586b5 _initialize_wide_environment 4930->4931 4932 d586ba pre_c_initialization 4930->4932 4931->4932 4933->4912 4935 d5841a 4934->4935 4937 d5841f ___scrt_initialize_onexit_tables 4934->4937 4936 d5849b 4935->4936 4935->4937 4938 d59074 ___scrt_fastfail 6 API calls 4936->4938 4939 d5843b 4937->4939 4941 d5842c _initialize_onexit_table 4937->4941 4940 d584a2 4938->4940 4939->4918 4941->4939 4942 d5843f _initialize_onexit_table 4941->4942 4942->4939 4943->4924 4945 d59491 4944->4945 4946 d59490 4944->4946 4947 d59074 ___scrt_fastfail 6 API calls 4945->4947 4946->4928 4948 d59498 4947->4948 4788 d530e0 4789 d530ee 4788->4789 4792 d53149 4788->4792 4790 d51de0 __stdio_common_vswprintf 4789->4790 4791 d5310b 4789->4791 4790->4791 4791->4792 4793 d51de0 __stdio_common_vswprintf 4791->4793 4793->4792 4949 d588a0 4953 d588cb 4949->4953 4950 d58a2b 4951 d58a3d __dtol3 _except1 4950->4951 4954 d58a35 4951->4954 4952 d58900 4952->4950 4956 d5891c 4952->4956 4953->4950 4953->4952 4955 d58a3d __dtol3 _except1 4953->4955 4955->4952 4959 d58a3d __dtol3 _except1 4956->4959 4960 d58961 4956->4960 4957 d58a1d 4958 d58a3d __dtol3 _except1 4958->4957 4959->4960 4960->4957 4960->4958 4961 d55320 4962 d55333 4961->4962 4963 d5534d 4961->4963 4964 d55150 __stdio_common_vsprintf 4962->4964 4965 d55150 __stdio_common_vsprintf 4963->4965 4966 d5533e 4964->4966 4965->4966 4967 d55220 4968 d55236 4967->4968 4969 d55250 4967->4969 4970 d51de0 __stdio_common_vswprintf 4968->4970 4971 d51de0 __stdio_common_vswprintf 4969->4971 4972 d55241 4970->4972 4971->4972 4973 d51e20 4974 d51ea3 4973->4974 4975 d51e42 4973->4975 4977 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4974->4977 4984 d553e0 4975->4984 4979 d51eb0 4977->4979 4978 d51e54 4978->4974 4980 d51e5b MessageBoxW 4978->4980 4982 d58349 __ehhandler$??1UMSThreadProxy@details@Concurrency@@UAE@XZ 5 API calls 4980->4982 4983 d51e7f 4982->4983 4985 d553fe 4984->4985 4986 d553ea 4984->4986 4988 d55405 4985->4988 4989 d55419 MultiByteToWideChar 4985->4989 4997 d56330 MessageBoxW 4986->4997 4998 d56330 MessageBoxW 4988->4998 4992 d55442 4989->4992 4993 d5542e 4989->4993 4990 d553f9 4990->4978 4992->4978 4999 d56330 MessageBoxW 4993->4999 4994 d55414 4994->4978 4996 d5543d 4996->4978 4997->4990 4998->4994 4999->4996 4794 d591e2 4795 d59217 4794->4795 4797 d591f2 4794->4797 4796 d5921d terminate 4797->4795 4797->4796 5012 d592ae 5015 d59314 __std_exception_copy 5012->5015 5014 d592bc 5015->5014

                                                                                                  Executed Functions

                                                                                                  Function 00D539B0 Relevance: 59.6, APIs: 11, Strings: 28, Instructions: 1097COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.1475765664.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.1475751268.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475798874.0000000000D5E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475818930.0000000000D7D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_d50000_DfxSetupDrv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message
                                                                                                  • String ID: ..\..\UTIL\sndDevices\sndDevicesReInit.cpp$103$113$123$129$157$168$178$231$241$305$309$319$347$349$371$382$458$462$472$487$497$File %s, Line %d :: sndDevices Error Code: %d $default_buffer_size$sndDevicesReInit():: Capture Device - %s$sndDevicesReInit():: Returns OKAY$sndDevicesReInit():: sndDevicesReInit() enters$user_buffer_size
                                                                                                  • API String ID: 2030045667-3352290319
                                                                                                  • Opcode ID: 64e9892fab280c0f2e3f543ba515e2e56bb1acef31c5a633f40e17fcd53c8cf1
                                                                                                  • Instruction ID: df4d4f977b35dcb70ceef691eed79d9c4ca9cd2176293d1b4b1a8330984871cb
                                                                                                  • Opcode Fuzzy Hash: 64e9892fab280c0f2e3f543ba515e2e56bb1acef31c5a633f40e17fcd53c8cf1
                                                                                                  • Instruction Fuzzy Hash: 6692D671600616ABEF249F28DC41BA9B3A4FF44317F04435AED19A72D0EB71599CCBB2
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00D51150 Relevance: 61.5, APIs: 8, Strings: 27, Instructions: 257windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                    • Part of subcall function 00D51F70: new.LIBCMT ref: 00D51FA5
                                                                                                    • Part of subcall function 00D51F70: SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000001), ref: 00D51FE3
                                                                                                    • Part of subcall function 00D51F70: MessageBoxW.USER32(00000000,DfxSetupDrvSlout.cpp,137,00000000), ref: 00D51FFA
                                                                                                  • MessageBoxW.USER32(00000000,DfxSetupDrv.cpp,00D5BE88,00000000), ref: 00D5116D
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.1475765664.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.1475751268.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475798874.0000000000D5E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475818930.0000000000D7D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_d50000_DfxSetupDrv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message$FolderPathSpecial
                                                                                                  • String ID: 109$126$Another instance detected. Exiting.$DFX driver is not found$DfxSetupDrv.cpp$DfxSetupDrvInit() returns NOT_OKAY$DfxSetupDrvInit() returns OKAY$DoCheck() returns NOT_OKAY$DoCheck() returns OKAY$DoGetDefaultBufferSize() returns NOT_OKAY$DoGetDefaultBufferSize() returns OKAY$DoGetGuid() returns NOT_OKAY$DoGetGuid() returns OKAY$DoSetIcon() returns NOT_OKAY$DoSetIcon() returns OKAY$DoSetName() returns NOT_OKAY$DoSetName() returns OKAY$Failed$Please specify a paramter: check, setname or seticon$Please specify a paramter: check, setname or seticon$Success$_tmain enters$check$defaultbuffersize$getguid$seticon$setname
                                                                                                  • API String ID: 1910897208-1948129278
                                                                                                  • Opcode ID: af124a53329befa49b3aa0c86ccdc7ca3ce68aaf08b7cb280e54347ed83adb18
                                                                                                  • Instruction ID: 747b963874cf2c802f845971064b2ee59af33e05e47d24956e6efe207fc51eae
                                                                                                  • Opcode Fuzzy Hash: af124a53329befa49b3aa0c86ccdc7ca3ce68aaf08b7cb280e54347ed83adb18
                                                                                                  • Instruction Fuzzy Hash: A181A439780704AFEE10ABA89C07F697764EF44B57F040196FE05DB2D1EBA1994C8BB1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00D54A40 Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 316COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 448 d54a40-d54a5e CoInitialize 449 d54a60-d54a77 call d56330 448->449 450 d54a78-d54a93 448->450 452 d54a95-d54a97 450->452 453 d54ab4-d54abb 450->453 452->453 455 d54a99-d54aaf call d51de0 452->455 456 d54add-d54b36 CoCreateGuid 453->456 457 d54abd-d54ac0 453->457 455->453 458 d54b58-d54bdd call d53450 call d53710 * 2 456->458 459 d54b38-d54b3b 456->459 457->456 461 d54ac2-d54ad8 call d51de0 457->461 474 d54be0-d54c11 458->474 459->458 462 d54b3d-d54b53 call d51de0 459->462 461->456 462->458 474->474 475 d54c13-d54d7a 474->475 476 d54da1-d54df9 475->476 477 d54d7c-d54d7e 475->477 479 d54dff-d54e13 CreateMutexW 476->479 480 d54eb9 476->480 477->476 478 d54d80-d54d9b call d51de0 477->478 478->476 482 d54e15-d54e2d call d56330 479->482 483 d54e2e-d54e37 LoadLibraryW 479->483 484 d54ec3-d54eca 480->484 483->484 489 d54e3d-d54e3f 483->489 487 d54eec-d54efc call d539b0 484->487 488 d54ecc-d54ecf 484->488 495 d54f01-d54f06 487->495 488->487 491 d54ed1-d54ee7 call d51de0 488->491 492 d54e41-d54e5e call d51de0 489->492 493 d54e63-d54e7a 489->493 491->487 492->493 496 d54e80-d54e83 493->496 497 d54f4f-d54f57 493->497 501 d54f21-d54f2d 495->501 502 d54f08-d54f20 call d56330 495->502 496->497 503 d54e89-d54eb8 call d51de0 496->503 501->497 508 d54f2f-d54f32 501->508 508->497 511 d54f34-d54f4a call d51de0 508->511 511->497
                                                                                                  APIs
                                                                                                  • CoInitialize.OLE32(00000000), ref: 00D54A53
                                                                                                  • CoCreateGuid.OLE32(?), ref: 00D54AE4
                                                                                                    • Part of subcall function 00D56330: MessageBoxW.USER32(00000000,?,?,00000000), ref: 00D5633D
                                                                                                  Strings
                                                                                                  • sndDevicesInit():: sndDevicesInit() enters, xrefs: 00D54A9C
                                                                                                  • 189, xrefs: 00D54E15
                                                                                                  • sndDevicesInit():: Setting PT handles, xrefs: 00D54B40
                                                                                                  • 210, xrefs: 00D54F08
                                                                                                  • sndDevicesInit():: calling sndDevicesReInit, xrefs: 00D54ED4
                                                                                                  • sndDevicesInit():: Calling CoCreateGuid(), xrefs: 00D54AC5
                                                                                                  • sndDevicesInit():: Returns OKAY, xrefs: 00D54F37
                                                                                                  • File %s, Line %d :: sndDevices Error Code: %d , xrefs: 00D54E98
                                                                                                  • Unable to load dll: %s, xrefs: 00D54E4B
                                                                                                  • ..\..\UTIL\sndDevices\sndDevicesInit.cpp, xrefs: 00D54A65, 00D54E1A, 00D54E90, 00D54F0D
                                                                                                  • sndDevicesInit():: Setting GUID ID vars, xrefs: 00D54D83
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.1475765664.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.1475751268.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475798874.0000000000D5E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475818930.0000000000D7D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_d50000_DfxSetupDrv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateGuidInitializeMessage
                                                                                                  • String ID: ..\..\UTIL\sndDevices\sndDevicesInit.cpp$189$210$File %s, Line %d :: sndDevices Error Code: %d $Unable to load dll: %s$sndDevicesInit():: Setting PT handles$sndDevicesInit():: Calling CoCreateGuid()$sndDevicesInit():: Returns OKAY$sndDevicesInit():: Setting GUID ID vars$sndDevicesInit():: calling sndDevicesReInit$sndDevicesInit():: sndDevicesInit() enters
                                                                                                  • API String ID: 1778405144-2769858541
                                                                                                  • Opcode ID: 59f1d761e7e6c10e4b364ee59a10d452afe4e0b3975e4160c1ff75111bbbe288
                                                                                                  • Instruction ID: 366c24f3e7557497c0696cf9461283974972cc9afb3a1a2220b1c0a2ee595ce9
                                                                                                  • Opcode Fuzzy Hash: 59f1d761e7e6c10e4b364ee59a10d452afe4e0b3975e4160c1ff75111bbbe288
                                                                                                  • Instruction Fuzzy Hash: 3BE129B1601A02AFD718CF68D845BD6F7A4FF14306F14432AED2C97291E77165A8CBE2
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00D51F70 Relevance: 22.8, APIs: 3, Strings: 10, Instructions: 98windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  APIs
                                                                                                  • new.LIBCMT ref: 00D51FA5
                                                                                                    • Part of subcall function 00D585C2: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00D51FAA,00000C08,F40E6ECC,00000000,?,00D59685,000000FF,?,00D5115C), ref: 00D585E9
                                                                                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000001), ref: 00D51FE3
                                                                                                  • MessageBoxW.USER32(00000000,DfxSetupDrvSlout.cpp,137,00000000), ref: 00D51FFA
                                                                                                    • Part of subcall function 00D51DE0: __stdio_common_vswprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,7FFFFFFF,?,00000000,?,?,00D524F7,?,sndDevicesGetDeviceName() returns OKAY with result flag %i), ref: 00D51DFE
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.1475765664.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.1475751268.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475798874.0000000000D5E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475818930.0000000000D7D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_d50000_DfxSetupDrv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: FolderMessagePathSpecial__stdio_common_vswprintfmalloc
                                                                                                  • String ID: %s\%s$%s\%s\%d\Tmp$114$125$137$C:\Users\user\AppData\Local\DFX\23\Tmp\trace_dfxsetupdrv.txt$DFX$DfxSetupDrvSlout.cpp$trace_dfxsetupdrv.txt$trace_on.txt
                                                                                                  • API String ID: 2926142510-3248928323
                                                                                                  • Opcode ID: 4e87682561da17ca9e9ad59aee191c52b90a9fac1139afa32f3cd339646689b4
                                                                                                  • Instruction ID: d6127b54e1b729237fb1eb61c15eda2168a1b3824a10bc91255f0220af849b2b
                                                                                                  • Opcode Fuzzy Hash: 4e87682561da17ca9e9ad59aee191c52b90a9fac1139afa32f3cd339646689b4
                                                                                                  • Instruction Fuzzy Hash: B6313272A54318AEDF10EB549C42FE976ACEB04B42F404566BD15E22C0DBB4968C8B71
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00D57B00 Relevance: 16.2, APIs: 4, Strings: 5, Instructions: 442comCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 542 d57b00-d57b39 543 d57b5d-d57b66 542->543 544 d57b3b-d57b5c call d56330 call d58349 542->544 545 d57bc8-d57bf0 CoCreateInstance 543->545 546 d57b68-d57b6e 543->546 549 d57bf2-d57c03 545->549 550 d57c1b-d57c2e 545->550 546->545 548 d57b70-d57b74 546->548 553 d57b76-d57b82 548->553 554 d57bbc-d57bc2 548->554 555 d58097-d580a9 call d58349 549->555 556 d57c09-d57c0c 549->556 562 d57c30-d57c41 550->562 563 d57c59-d57c62 550->563 560 d57b85-d57b89 553->560 554->545 556->555 561 d57c12-d57c16 556->561 565 d57b90-d57b9f 560->565 566 d58077-d58092 call d51de0 561->566 562->555 567 d57c47-d57c4a 562->567 568 d57c64-d57c67 563->568 569 d57c69-d57c7b 563->569 565->565 570 d57ba1-d57bb7 565->570 566->555 567->555 572 d57c50-d57c54 567->572 568->569 573 d57ca6-d57cb5 568->573 569->573 577 d57c7d-d57c8e 569->577 570->560 574 d57bb9 570->574 572->566 579 d57cb7-d57cc8 573->579 580 d57ce0-d57cf2 573->580 574->554 577->555 581 d57c94-d57c97 577->581 579->555 582 d57cce-d57cd1 579->582 583 d57d80-d57d93 580->583 584 d57cf8-d57d24 CoTaskMemFree 580->584 581->555 585 d57c9d-d57ca1 581->585 582->555 586 d57cd7-d57cdb 582->586 592 d57d95-d57da6 583->592 593 d57dbe-d57dc3 583->593 587 d57d26-d57d2c 584->587 588 d57d33-d57d38 584->588 585->566 586->566 587->588 590 d57d47-d57d4c 588->590 591 d57d3a-d57d40 588->591 595 d57d4e-d57d54 590->595 596 d57d5b-d57d7f PropVariantClear * 2 call d58349 590->596 591->590 592->555 598 d57dac-d57daf 592->598 599 d57dc5-d57dcb 593->599 600 d57dcf-d57dd4 593->600 595->596 598->555 603 d57db5-d57db9 598->603 599->600 600->555 604 d57dda-d57dfd 600->604 603->566 606 d57e00-d57e16 604->606 608 d57e1c-d57e2e 606->608 609 d58058-d58069 606->609 613 d57e34-d57e44 608->613 614 d58037-d58048 608->614 609->555 610 d5806b-d5806e 609->610 610->555 612 d58070-d58072 610->612 612->566 618 d58016-d58027 613->618 619 d57e4a-d57e69 613->619 614->555 615 d5804a-d5804d 614->615 615->555 617 d5804f-d58056 615->617 617->566 618->555 620 d58029-d5802c 618->620 623 d57e83-d57e97 619->623 624 d57e6b-d57e71 619->624 620->555 621 d5802e-d58035 620->621 621->566 627 d57ec0-d57ecc call d52570 623->627 628 d57e99-d57ea7 623->628 625 d57e73-d57e81 624->625 625->623 625->625 631 d57ed1-d57ed6 627->631 629 d57eb0-d57ebe 628->629 629->627 629->629 632 d57ff3-d58015 call d56330 call d58349 631->632 633 d57edc-d57eec 631->633 635 d57ef0-d57ef6 633->635 637 d57f16-d57f18 635->637 638 d57ef8-d57efb 635->638 642 d57f1b-d57f1d 637->642 640 d57f12-d57f14 638->640 641 d57efd-d57f05 638->641 640->642 641->637 644 d57f07-d57f10 641->644 645 d57f25-d57f43 call d56210 642->645 646 d57f1f 642->646 644->635 644->640 649 d57f65-d57f6c 645->649 650 d57f45-d57f63 call d56210 645->650 646->645 652 d57f74-d57f7a 649->652 653 d57f6e 649->653 650->649 650->652 655 d57fb5-d57fba 652->655 656 d57f7c-d57faf 652->656 653->652 657 d57fbc-d57fc2 655->657 658 d57fc9-d57fda 655->658 656->655 657->658 658->606 659 d57fe0-d57ff2 call d58349 658->659
                                                                                                  APIs
                                                                                                  • CoCreateInstance.OLE32(0000040B,00000000,00000017,0000041B,00000000), ref: 00D57BE8
                                                                                                    • Part of subcall function 00D56330: MessageBoxW.USER32(00000000,?,?,00000000), ref: 00D5633D
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.1475765664.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.1475751268.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475798874.0000000000D5E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475818930.0000000000D7D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_d50000_DfxSetupDrv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateInstanceMessage
                                                                                                  • String ID: ..\..\UTIL\sndDevices\sndDevices_GetAll.cpp$163$DFX Audio Enhancer$File %s, Line %d :: sndDevices Error Code: %d $FxSound Audio Enhancer
                                                                                                  • API String ID: 1586254677-2556373033
                                                                                                  • Opcode ID: f64ef58c542192d1d14c255204947a8c5a390017aa7df11370fc16e8a79884d8
                                                                                                  • Instruction ID: 3db2b37745aa6c2ebee6ff1ff77418077ec6b8d447dca36103e088bd804a7350
                                                                                                  • Opcode Fuzzy Hash: f64ef58c542192d1d14c255204947a8c5a390017aa7df11370fc16e8a79884d8
                                                                                                  • Instruction Fuzzy Hash: 6F024F71A0420AEFDF14CF68D845FEAB7B4FF44316F244259ED19A7290DB71A849CBA0
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00D51D10 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49windowCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 663 d51d10-d51d47 call d54a40 666 d51d4c-d51d51 663->666 667 d51d70-d51d75 666->667 668 d51d53-d51d55 666->668 670 d51d77-d51da8 call d51100 667->670 671 d51daa-d51daf 667->671 669 d51d5a-d51d6f MessageBoxW 668->669 670->669
                                                                                                  APIs
                                                                                                    • Part of subcall function 00D54A40: CoInitialize.OLE32(00000000), ref: 00D54A53
                                                                                                  • MessageBoxW.USER32(00000000,DfxSetupDrvInit.cpp,00D5C7B0,00000000), ref: 00D51D61
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.1475765664.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.1475751268.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475798874.0000000000D5E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475818930.0000000000D7D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_d50000_DfxSetupDrv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: InitializeMessage
                                                                                                  • String ID: DFX driver is not found$DfxSetupDrvInit.cpp$DfxSetupDrv_InitSlout() returned OK$SndDevices Error Number: %d
                                                                                                  • API String ID: 2132078583-1327086870
                                                                                                  • Opcode ID: 130e53f5fc5a3437a28b953c7d0ae57a45367530184397a40e18fa7e48aa1a2b
                                                                                                  • Instruction ID: a4be3c4ae41c73dd9d466294bacc2343dd68dd52a87df4559ea5c1fedba928c0
                                                                                                  • Opcode Fuzzy Hash: 130e53f5fc5a3437a28b953c7d0ae57a45367530184397a40e18fa7e48aa1a2b
                                                                                                  • Instruction Fuzzy Hash: C1018434380304BFEE14AB649D43F2937B4EB04B07F0001A6FE08DB2E1D6A2A94C8B75
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00D54FC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 675 d54fc0-d54fd9 676 d54ffc-d5501c _wstat64i32 call d58349 675->676 677 d54fdb-d54ffb call d56330 call d58349 675->677 681 d55021-d55024 676->681
                                                                                                  APIs
                                                                                                  • _wstat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(?,?,00000000,?,00D52055,C:\Users\user\AppData\Local\DFX\23\Tmp\trace_dfxsetupdrv.txt,?,C:\Users\user\AppData\Local\DFX\23\Tmp\trace_dfxsetupdrv.txt,%s\%s,?,trace_dfxsetupdrv.txt,?,%s\%s\%d\Tmp,?,DFX,00000017), ref: 00D55001
                                                                                                    • Part of subcall function 00D56330: MessageBoxW.USER32(00000000,?,?,00000000), ref: 00D5633D
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.1475765664.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.1475751268.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475798874.0000000000D5E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475818930.0000000000D7D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_d50000_DfxSetupDrv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message_wstat64i32
                                                                                                  • String ID: ..\..\UTIL\FILE\FileGeneral.cpp$176
                                                                                                  • API String ID: 324922379-4008799150
                                                                                                  • Opcode ID: 70aa783bc9d5ee6a152927013a8785851e31c033b0d7ca0ea6c579e3251a4c5a
                                                                                                  • Instruction ID: b293b614bf7701e0ed88d4bcbd8346a9e5fdd22656efefacb34f04986ff1d30f
                                                                                                  • Opcode Fuzzy Hash: 70aa783bc9d5ee6a152927013a8785851e31c033b0d7ca0ea6c579e3251a4c5a
                                                                                                  • Instruction Fuzzy Hash: EAF09C716502089B5F04EFBDAC165AD73A4EF18722B40025EFC09D7290EE306A1887B1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00D51095 Relevance: 3.0, APIs: 2, Instructions: 10synchronizationCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 719 d51095-d510b4 CreateMutexW GetLastError call d585ad 721 d510b9-d510ba 719->721
                                                                                                  APIs
                                                                                                  • CreateMutexW.KERNELBASE(00000000,00000000), ref: 00D51099
                                                                                                  • GetLastError.KERNEL32 ref: 00D510A4
                                                                                                    • Part of subcall function 00D585AD: __onexit.LIBCMT ref: 00D585B3
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.1475765664.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.1475751268.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475798874.0000000000D5E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475818930.0000000000D7D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_d50000_DfxSetupDrv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateErrorLastMutex__onexit
                                                                                                  • String ID:
                                                                                                  • API String ID: 1477868898-0
                                                                                                  • Opcode ID: 8ebf6eeb0addd317b491beacb7f8806a76606b8caaeefab08551a85fa2bec414
                                                                                                  • Instruction ID: b11d08232da08338c60b32369d890a441a93ac2f7d66921b49f223bc33e5760f
                                                                                                  • Opcode Fuzzy Hash: 8ebf6eeb0addd317b491beacb7f8806a76606b8caaeefab08551a85fa2bec414
                                                                                                  • Instruction Fuzzy Hash: 6BC08C709513008BCF202FB8AC4EB143AA0AB04B13F200007FE0ACA3E8EB7440C88F32
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Non-executed Functions

                                                                                                  Function 00D517D0 Relevance: 38.7, APIs: 6, Strings: 16, Instructions: 179windowsleepCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1139 d517d0-d51814 call d51100 1143 d51816-d51844 Sleep call d539b0 1139->1143 1146 d51a1d-d51a1f 1143->1146 1147 d5184a-d51852 1143->1147 1150 d51a24-d51a2b MessageBoxW 1146->1150 1148 d519d8-d51a1b call d51100 1147->1148 1149 d51858-d5188e call d51100 call d521c0 1147->1149 1148->1150 1163 d51894-d5189a 1149->1163 1164 d519b0-d519b2 1149->1164 1153 d51a31-d51a45 call d58349 1150->1153 1166 d518c0-d51909 call d51100 call d523b0 1163->1166 1167 d5189c-d518ba call d554d0 1163->1167 1165 d519b7-d519d6 MessageBoxW * 2 1164->1165 1165->1153 1176 d51985-d51987 1166->1176 1177 d5190b-d5192a call d53720 1166->1177 1167->1166 1172 d51967-d5196e 1167->1172 1172->1165 1178 d5198c-d519ab MessageBoxW * 2 1176->1178 1181 d5197c-d51983 1177->1181 1182 d5192c-d51939 1177->1182 1178->1153 1181->1178 1183 d51970-d51977 1182->1183 1184 d5193b-d5193d 1182->1184 1183->1150 1184->1143 1185 d51943-d51966 call d58349 1184->1185
                                                                                                  APIs
                                                                                                    • Part of subcall function 00D51100: __stdio_common_vswprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,00000000,?,?,00D52534,?,00000200,sndDevicesGetDeviceName() returns NOT_OKAY with result flag %i,000000FE), ref: 00D5111C
                                                                                                  • Sleep.KERNEL32(00000258,?,?,00000000), ref: 00D5181B
                                                                                                  • MessageBoxW.USER32(00000000,DfxSetupDrv.cpp,245,00000000), ref: 00D51A2B
                                                                                                    • Part of subcall function 00D521C0: MessageBoxW.USER32(00000000,DfxSetupDrvTask.cpp,122,00000000), ref: 00D5222F
                                                                                                  • MessageBoxW.USER32(00000000,DfxSetupDrvTask.cpp,00D5C98C,00000000), ref: 00D519C4
                                                                                                  • MessageBoxW.USER32(00000000,DfxSetupDrv.cpp,256,00000000), ref: 00D519D4
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.1475765664.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.1475751268.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475798874.0000000000D5E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475818930.0000000000D7D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_d50000_DfxSetupDrv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message$Sleep__stdio_common_vswprintf
                                                                                                  • String ID: 119$122$245$252$256$259$264$DFX driver is not found$DfxSetupDrv.cpp$DfxSetupDrvCheckDfxDriverName():: Enter$DfxSetupDrvSetDfxDriverName():: Enter$DfxSetupDrvTask.cpp$DoSetName():: Enters$DoSetName():: Returns OKAY$FxSound Speakers$SndDevices Error Number: %d
                                                                                                  • API String ID: 2598689815-2817182255
                                                                                                  • Opcode ID: 94530f078dbada2df92fb63d43b80f2a6a99bb45754e94515934517bc4f1b823
                                                                                                  • Instruction ID: 028500479c8675d12b9b29400c5bae8be1d598f33a6f55c538f2978f3e4b2fa8
                                                                                                  • Opcode Fuzzy Hash: 94530f078dbada2df92fb63d43b80f2a6a99bb45754e94515934517bc4f1b823
                                                                                                  • Instruction Fuzzy Hash: 9C518374790308BFEF14A7649D47F693774EB04B07F0000A6FE15AB1D2EAA1A94C8E75
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%

                                                                                                  Function 00D554D0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 154COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000009.00000002.1475765664.0000000000D51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00D50000, based on PE: true
                                                                                                  • Associated: 00000009.00000002.1475751268.0000000000D50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475782221.0000000000D5A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475798874.0000000000D5E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  • Associated: 00000009.00000002.1475818930.0000000000D7D000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_9_2_d50000_DfxSetupDrv.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: Message
                                                                                                  • String ID: ..\..\UTIL\sndDevices\sndDevicesSet.cpp$209$214$File %s, Line %d :: sndDevices Error Code: %d
                                                                                                  • API String ID: 2030045667-466686756
                                                                                                  • Opcode ID: 42620eb2c5e00bca715a4a2011880ab789b9e73234cd0412d918b3f3f0743267
                                                                                                  • Instruction ID: cd361ccd04b96c0bc4103ad65361051af9332ec325d83ef42bd2b9349121ec79
                                                                                                  • Opcode Fuzzy Hash: 42620eb2c5e00bca715a4a2011880ab789b9e73234cd0412d918b3f3f0743267
                                                                                                  • Instruction Fuzzy Hash: 1F51B071200606EFDF25CF68E814BA9B3A4EF40327F54435AED19A72E0E7719918CBA1
                                                                                                  Uniqueness

                                                                                                  Uniqueness Score: -1.00%