Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fxsound_setup.exe

Overview

General Information

Sample Name:fxsound_setup.exe
Analysis ID:1346523
MD5:9ea725e3e3bc82249957cc00b74c4882
SHA1:3291c62ff7f044dabe2809317df09ae451384cd1
SHA256:3541df625affa384feacf3cd3d64c47d2372eab9a2055d57dde08afe7f85862c
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:50
Range:0 - 100

Signatures

Found evasive API chain (may stop execution after checking mutex)
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to open files direct via NTFS file id
Contains functionality to detect sleep reduction / modifications
Creates files inside the driver directory
Drops certificate files (DER)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Creates driver files
Binary contains a suspicious time stamp
Creates a start menu entry (Start Menu\Programs\Startup)
Launches processes in debugging mode, may be used to hinder debugging
Checks for available system drives (often done to infect USB drives)
Found large amount of non-executed APIs
May check if the current machine is a sandbox (GetTickCount - Sleep)
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
Creates files inside the system directory
PE file contains sections with non-standard names
Queries device information via Setup API
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Sample file is different than original file name gathered from version info
Enables driver privileges
Enables security privileges
Contains functionality to read device registry values (via SetupAPI)
Creates or modifies windows services

Classification

Process Tree

  • System is w10x64
  • fxsound_setup.exe (PID: 6596 cmdline: C:\Users\user\Desktop\fxsound_setup.exe MD5: 9EA725E3E3BC82249957CC00B74C4882)
    • msiexec.exe (PID: 7276 cmdline: C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.x64.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\fxsound_setup.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1700670463 " AI_EUIMSI=" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • msiexec.exe (PID: 7180 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7224 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 79E6DEEDE54CC17CA7037B4F320F9C61 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7356 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 0C65C1CCF681D8CA1F2AEB8ADA388D35 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • fxdevcon64.exe (PID: 7676 cmdline: "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove *DFX12 MD5: 87EAD9C6CD7486421E3142B2A6480F8E)
        • conhost.exe (PID: 7692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • DfxSetupDrv.exe (PID: 7776 cmdline: "C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" check MD5: EFE3CF96899C9D9CC25815F88E9466E2)
        • conhost.exe (PID: 7788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • fxdevcon64.exe (PID: 7824 cmdline: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" install "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.inf MD5: 87EAD9C6CD7486421E3142B2A6480F8E)
        • conhost.exe (PID: 7832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 8036 cmdline: schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /f MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 8044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • FxSound.exe (PID: 8084 cmdline: "C:\Program Files\FxSound LLC\FxSound\\FxSound.exe" @ MD5: 0A1E1E6B90FE62B9011393501BEF58D7)
  • svchost.exe (PID: 7896 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • drvinst.exe (PID: 7932 cmdline: DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{fcd0319a-f7d0-4a4e-b0b4-a92d9d7e4c52}\fxvad.inf" "9" "4143399a7" "000000000000016C" "WinSta0\Default" "00000000000000C4" "208" "c:\program files\fxsound llc\fxsound\drivers\win10\x64" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
    • drvinst.exe (PID: 7976 cmdline: DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:ed86ca115cc2c934:DFX_Device:14.1.0.0:root\fxvad," "4143399a7" "000000000000016C" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
  • updater.exe (PID: 8124 cmdline: "C:\Program Files\FxSound LLC\FxSound\updater.exe" /silent MD5: BC7B29CD513AEC979CEFBF30E6D68A01)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Uses 32bit PE files
Source: fxsound_setup.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 45.79.74.123:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.79.74.123:443 -> 192.168.2.4:49733 version: TLS 1.2
Creates a directory in C:\Program Files
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLCJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSoundJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\FxSound.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\DriversJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\AppsJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\updater.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxInstall.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvadntamd64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvadntx86.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvadntamd64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvadntx86.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\FactsoftJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\1.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\10.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\11.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\12.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\2.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\3.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\4.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\5.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\6.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\7.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\8.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\9.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Bold.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Medium.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Regular.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Bold.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Medium.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Regular.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Bold.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Medium.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Regular.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Medium.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Regular.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\updater.iniJump to behavior
Creates a software uninstall entry
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FxSound 1.1.20.0Jump to behavior
PE / OLE file has a valid certificate
Source: fxsound_setup.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: fxsound_setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: wininet.pdb source: fxsound_setup.exe, 00000000.00000003.1668153416.000000000552D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\Release\fxdevcon32.pdb" source: fxdevcon32.exe.1.dr
Source: Binary string: C:\Users\Vijay\Documents\Projects\FxSound\fxsound-driver\fxvad\pcmex\Release\fxvad.pdb source: fxvad.sys2.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\Updater.pdb source: updater.exe, 00000012.00000002.1859837140.00000000001D4000.00000002.00000001.01000000.0000000E.sdmp, updater.exe, 00000012.00000000.1821729596.00000000001D4000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\code32\Mains\DfxSetupDrv\Release\DfxSetupDrv.pdbNN(GCTL source: DfxSetupDrv.exe, 00000008.00000002.1744326725.000000000035A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe, 00000008.00000000.1728417446.000000000035A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe.1.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Project\x64\Release\App\FxSound.pdb source: FxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb? source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\Release\fxdevcon32.pdb source: fxdevcon32.exe.1.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\x64\Release\fxdevcon64.pdb source: fxdevcon64.exe, 00000006.00000000.1725646207.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000A.00000002.1787250018.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000A.00000000.1744778421.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: wininet.pdbUGP source: fxsound_setup.exe, 00000000.00000003.1668153416.000000000552D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\code32\Mains\DfxSetupDrv\Release\DfxSetupDrv.pdb source: DfxSetupDrv.exe, 00000008.00000002.1744326725.000000000035A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe, 00000008.00000000.1728417446.000000000035A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe.1.dr
Source: Binary string: C:\Users\Vijay\Documents\Projects\FxSound\fxsound-driver\fxvad\pcmex\x64\Release\fxvad.pdb source: drvinst.exe, 0000000D.00000003.1765962497.0000023D636B3000.00000004.00000020.00020000.00000000.sdmp, fxvad.sys1.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: fxsound_setup.exe
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\x64\Release\fxdevcon64.pdb source: fxdevcon64.exe, 00000006.00000000.1725646207.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000A.00000002.1787250018.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000A.00000000.1744778421.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdbo source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010D9310 _wcsrchr,_wcsrchr,GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection,0_2_010D9310
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010D0640 FindFirstFileW,FindClose,CloseHandle,CloseHandle,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_010D0640
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010AB1B0 FindFirstFileW,GetLastError,FindClose,0_2_010AB1B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010DA4B0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_010DA4B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010AA850 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,0_2_010AA850
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010DA8B0 FindFirstFileW,FindClose,0_2_010DA8B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010B8F30 FindFirstFileW,FindClose,FindClose,0_2_010B8F30
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0108FE80 FindFirstFileW,FindNextFileW,FindClose,0_2_0108FE80
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E07117C0 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,6_2_00007FF7E07117C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0012E2C0 GetLastError,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindClose,18_2_0012E2C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001B400D FindFirstFileExW,FindNextFileW,FindClose,FindClose,18_2_001B400D
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: FxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: http://Locationftp:juceftp://https://GetAdaptersAddressesiphlpapi.dllhttps:
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, DfxSetupDrv.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: fxsound_setup.exe, 00000000.00000003.1826659710.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1822558492.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1825332773.0000000000C8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrus
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, DfxSetupDrv.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, DfxSetupDrv.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, DfxSetupDrv.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: fxsound_setup.exe, 00000000.00000003.1826659710.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1822558492.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1825332773.0000000000C8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.di
Source: fxsound_setup.exe, 00000000.00000003.1826659710.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1822558492.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1825332773.0000000000C8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digi
Source: fxsound.x64.msi.0.dr, MSICC49.tmp.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, DfxSetupDrv.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, DfxSetupDrv.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, DfxSetupDrv.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: DfxSetupDrv.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, DfxSetupDrv.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: updater.exe, 00000012.00000003.1844172601.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858202660.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1844277230.0000000000827000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co?
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, DfxSetupDrv.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, DfxSetupDrv.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, fxvadntx86.cat0.1.dr, DfxSetupDrv.exe.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://ocsp.digicert.com0H
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://ocsp.digicert.com0I
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://ocsp.digicert.com0O
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, DfxSetupDrv.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.drString found in binary or memory: http://t2.symcb.com0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.drString found in binary or memory: http://tl.symcb.com/tl.crl0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.drString found in binary or memory: http://tl.symcb.com/tl.crt0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.drString found in binary or memory: http://tl.symcd.com0&
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, FxSound.exe.1.dr, fxdevcon32.exe.1.dr, fxvadntx86.cat0.1.dr, DfxSetupDrv.exe.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: fxdevcon64.exe, 0000000A.00000002.1786670412.0000026492D45000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1753079231.0000026492D3B000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1785091901.0000026492CBB000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786670412.0000026492D30000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1746456930.0000026492CD9000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1785554355.0000026492CBB000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1745440876.0000026492CA4000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1750468970.0000026492CF6000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1754124511.0000026492D30000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1750364754.0000026492CF6000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1754969063.0000026492D30000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1752277277.0000026492D3D000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786448508.0000026492CBB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1759276637.0000023D635A8000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1762206072.0000023D635AA000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1762304235.0000023D63653000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1762320499.0000023D6359B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1760450193.0000023D635A5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1762453362.0000023D63659000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1757848935.0000023D6359B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1757965297.0000023D635A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fxsound.com
Source: fxdevcon64.exe, 0000000A.00000003.1746508721.0000026492CC3000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1785091901.0000026492CBB000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1752231616.0000026492D54000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1746442059.0000026492CE2000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786953682.0000026494A4D000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786953682.0000026494A40000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1753955898.0000026492D57000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1754884252.0000026492CC8000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1750364754.0000026492CC8000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1754439022.0000026492CC5000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786670412.0000026492D53000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1785299209.0000026492CC8000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1785628821.0000026492D52000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1745440876.0000026492CAA000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786953682.0000026494A53000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1754686909.0000026492D53000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1752711142.0000026492D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1766071983.0000023D63633000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1757965297.0000023D635A9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1769785529.0000023D63633000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1757770641.0000023D635A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fxsound.comd
Source: updater.exe, 00000012.00000002.1860559394.00000000007BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/
Source: updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858258759.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858511359.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/fxsoundlatest
Source: updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/fxsoundlatestoad
Source: fxsound_setup.exe, 00000000.00000003.1667845398.00000000065B7000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1662154560.0000000000CB2000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1828414418.0000000002630000.00000004.00000800.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007BD000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.0000000000781000.00000004.00000020.00020000.00000000.sdmp, MSIccd31.LOG.1.drString found in binary or memory: https://download.fxsound.com/updates
Source: updater.exe, 00000012.00000002.1860559394.0000000000781000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/updatesB
Source: updater.exe, 00000012.00000002.1860559394.0000000000781000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/updatesE
Source: fxsound_setup.exe, 00000000.00000003.1824233531.0000000006557000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000002.1829373659.0000000006558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/updatesc
Source: updater.exe, 00000012.00000002.1860559394.0000000000778000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.com/updatester
Source: updater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858202660.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.fxsound.comK
Source: updater.exe, 00000012.00000003.1859200242.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858157638.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858258759.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858511359.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exe
Source: updater.exe, 00000012.00000002.1860559394.00000000007BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exeIE5
Source: updater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858202660.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.fxsound.com/
Source: updater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858202660.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.fxsound.com/B
Source: updater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858202660.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.fxsound.com/J
Source: updater.exe, 00000012.00000002.1860559394.00000000007D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.fxsound.com/cs/sgMPaBYtQvliu88/downloads3.fxsound.com/fxsound/1.1.20.0/updates.txt/dow
Source: FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://forms.gle/ATx1ayXDWRaMdiR59
Source: FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://forms.gle/ATx1ayXDWRaMdiR59:Take
Source: MSIccd31.LOG.1.drString found in binary or memory: https://forum.fxsound.com
Source: fxsound_setup.exe, 00000000.00000003.1823613645.000000000659E000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1827593471.00000000065A6000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1825157251.000000000659E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://forum.fxsound.comD
Source: fxsound_setup.exe, 00000000.00000003.1823613645.000000000657B000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1827057502.0000000006585000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1824180068.0000000006583000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://forum.fxsound.comto
Source: FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://james722808.typeform.com/to/QfEP5QrP
Source: FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://james722808.typeform.com/to/QfEP5QrPSupporthttps://www.fxsound.com/learning-centerChangelog;
Source: FxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://juce.com
Source: FxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://postman-echo.com
Source: FxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://postman-echo.comdaveHttpClient
Source: fxsound_setup.exe, 00000000.00000003.1667845398.00000000065B7000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1828414418.0000000002630000.00000004.00000800.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.0000000000781000.00000004.00000020.00020000.00000000.sdmp, MSIccd31.LOG.1.drString found in binary or memory: https://s3.amazonaws.com/downloads3.fxsound.com/fxsound/2/updates.txt
Source: fxsound_setup.exe, 00000000.00000003.1663699741.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1663666127.0000000000C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3.amazonaws.com/downloads3.fxsound.com/fxsound/2/updates.txt)c.
Source: fxsound_setup.exe, 00000000.00000003.1824233531.0000000006557000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s3.amazonaws.com/downloads3.fxsound.com/fxsound/2/updates.txtO
Source: FxSound.exe.1.drString found in binary or memory: https://sketch.com
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.drString found in binary or memory: https://www.advancedinstaller.com
Source: fxvadntx86.cat0.1.dr, fxvad.sys2.1.dr, fxvad.sys1.1.drString found in binary or memory: https://www.digicert.com/CPS0
Source: fxsound_setup.exe, 00000000.00000003.1663748027.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000002.1828323288.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1826659710.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1822558492.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1825332773.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1663666127.0000000000C8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/blog/fxsound-is-now-completely-free
Source: fxsound_setup.exe, 00000000.00000003.1667889626.00000000065A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/blog/fxsound-is-now-completely-freeu
Source: MSIccd31.LOG.1.drString found in binary or memory: https://www.fxsound.com/changelog
Source: FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://www.fxsound.com/changelog.Click
Source: fxsound_setup.exe, 00000000.00000003.1826942285.00000000065AF000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1823035243.00000000065AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/changelog335
Source: fxsound_setup.exe, 00000000.00000003.1826942285.00000000065AF000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1823035243.00000000065AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/changelog340
Source: fxsound_setup.exe, 00000000.00000003.1826942285.00000000065AF000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1823035243.00000000065AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/changelogION#
Source: fxsound_setup.exe, 00000000.00000003.1826942285.00000000065AF000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1823035243.00000000065AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/changelogIONw
Source: fxsound_setup.exe, 00000000.00000003.1826942285.00000000065AF000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1823035243.00000000065AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/changelogenter
Source: fxsound_setup.exe, 00000000.00000003.1663748027.0000000000C7F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/changelognJ
Source: MSIccd31.LOG.1.drString found in binary or memory: https://www.fxsound.com/learning-center
Source: FxSound.exe, 00000011.00000003.2149211092.000001E91B4E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fxsound.com/learning-center/installation-troubleshooting
Source: FxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://www.fxsound.com/learning-center/installation-troubleshootingFXSOUND_Oops
Source: FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://www.fxsound.com/learning-center/no-sound-with-fxsound-realtek
Source: FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://www.fxsound.com/learning-center/no-sound-with-fxsound-realtekPreset
Source: fxsound.x64.msi.0.drString found in binary or memory: https://www.fxsound.com/learning-centerARPNOMODIFYEnableUserControlARPNOREPAIRARPSYSTEMCOMPONENTARPU
Source: FxSound.exe.1.drString found in binary or memory: https://www.fxsound.com/presets
Source: FxSound.exe, 00000011.00000002.2916156691.000001E918F7D000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://www.fxsound.com/support
Source: FxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://www.paypal.com/donate/?hosted_button_id=JVNQGYXCQ2GPG
Source: FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drString found in binary or memory: https://www.paypal.com/donate/?hosted_button_id=JVNQGYXCQ2GPG1.1.20.0
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.drString found in binary or memory: https://www.thawte.com/cps0/
Source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.drString found in binary or memory: https://www.thawte.com/repository0W
Source: unknownDNS traffic detected: queries for: download.fxsound.com
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0014D1F0 GetLastError,ResetEvent,InternetQueryDataAvailable,GetLastError,GetLastError,Sleep,WaitForSingleObject,SetEvent,ResetEvent,InternetReadFile,GetLastError,GetLastError,Sleep,WaitForSingleObject,SetEvent,WriteFile,Sleep,GetFileSize,GetLastError,CloseHandle,DeleteFileW,MoveFileW,CopyFileW,GetLastError,DeleteFileW,CloseHandle,18_2_0014D1F0
Source: global trafficHTTP traffic detected: GET /updates HTTP/1.1Accept: */*User-Agent: AdvancedInstallerHost: download.fxsound.comConnection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /cs/sgMPaBYtQvliu88/downloads3.fxsound.com/fxsound/1.1.20.0/updates.txt/download HTTP/1.1Accept: */*User-Agent: AdvancedInstallerConnection: Keep-AliveCache-Control: no-cacheHost: drive.fxsound.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: fxsound_setup.exe, 00000000.00000000.1651091172.00000000011C9000.00000002.00000001.01000000.00000003.sdmp, fxsound_setup.exe, 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: FlashWindowExFlashWindowGetPackagePathKernel32.dllhttp://www.google.comTESTtin9999.tmphttp://www.yahoo.comhttp://www.example.com.partGET "filenameattachment=123POSTcharsetDLDISO-8859-1US-ASCIIutf-8utf-16FTP Server*/*AdvancedInstallerLocal Network ServerIf-Modified-Since: %s equals www.yahoo.com (Yahoo)
Source: fxsound_setup.exeString found in binary or memory: TFlashWindowExFlashWindowGetPackagePathKernel32.dllhttp://www.google.comTESTtin9999.tmphttp://www.yahoo.comhttp://www.example.com.partGET "filenameattachment=123POSTcharsetDLDISO-8859-1US-ASCIIutf-8utf-16FTP Server*/*AdvancedInstallerLocal Network ServerIf-Modified-Since: %s equals www.yahoo.com (Yahoo)
Source: unknownHTTPS traffic detected: 45.79.74.123:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 45.79.74.123:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeFile created: C:\Users\user\AppData\Local\Temp\{fcd0319a-f7d0-4a4e-b0b4-a92d9d7e4c52}\SETEDD9.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{254d53e9-31e2-8942-bfe2-4e3f26d71e4a}\SETF03A.tmpJump to dropped file
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeFile created: (copy)Jump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{254d53e9-31e2-8942-bfe2-4e3f26d71e4a}Jump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010C4CA00_2_010C4CA0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FB80800_2_00FB8080
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010FC0100_2_010FC010
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FBC1270_2_00FBC127
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FBC1160_2_00FBC116
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FB42000_2_00FB4200
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010045B00_2_010045B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00F945FE0_2_00F945FE
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_011548600_2_01154860
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FAEAF00_2_00FAEAF0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0115CBBA0_2_0115CBBA
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0108AA200_2_0108AA20
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010BCFD00_2_010BCFD0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0114CEC00_2_0114CEC0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00F930100_2_00F93010
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FBF4E00_2_00FBF4E0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FBB4610_2_00FBB461
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0115F7110_2_0115F711
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_011616390_2_01161639
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FBDAC00_2_00FBDAC0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_01167AA70_2_01167AA7
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E06F59506_2_00007FF7E06F5950
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E07131F86_2_00007FF7E07131F8
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E0704B106_2_00007FF7E0704B10
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E06F13706_2_00007FF7E06F1370
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E070EBEC6_2_00007FF7E070EBEC
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E06F23406_2_00007FF7E06F2340
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E0710B3C6_2_00007FF7E0710B3C
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E07094BC6_2_00007FF7E07094BC
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E06F56306_2_00007FF7E06F5630
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E07117C06_2_00007FF7E07117C0
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E07147286_2_00007FF7E0714728
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E0704FEC6_2_00007FF7E0704FEC
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E070A7946_2_00007FF7E070A794
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E07058FA6_2_00007FF7E07058FA
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E07100786_2_00007FF7E0710078
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: 8_2_003539B08_2_003539B0
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: 8_2_003563508_2_00356350
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001820D018_2_001820D0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0019881018_2_00198810
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0015A83018_2_0015A830
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_00152B0018_2_00152B00
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0017730018_2_00177300
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001776A018_2_001776A0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0015997018_2_00159970
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0017C11018_2_0017C110
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0014643018_2_00146430
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0015451018_2_00154510
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0013A57018_2_0013A570
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001B262918_2_001B2629
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001A88C018_2_001A88C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001BC8C018_2_001BC8C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_00168AF018_2_00168AF0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0012EB6018_2_0012EB60
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001ACF5A18_2_001ACF5A
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001A4FC518_2_001A4FC5
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0018905018_2_00189050
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0013306018_2_00133060
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001B10B018_2_001B10B0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001332C018_2_001332C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001A535318_2_001A5353
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0012F47018_2_0012F470
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001678E018_2_001678E0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001B797118_2_001B7971
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0017DB8018_2_0017DB80
Source: C:\Users\user\Desktop\fxsound_setup.exeSection loaded: lpk.dllJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sysJump to behavior
Source: fxsound_setup.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSICFD1.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4cce4a.msiJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: String function: 00F992A0 appears 55 times
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: String function: 00F97160 appears 50 times
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: String function: 00F99800 appears 58 times
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: String function: 00F97D00 appears 342 times
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: String function: 00351DE0 appears 54 times
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: String function: 00356330 appears 117 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 00124580 appears 31 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 00123660 appears 181 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 00122670 appears 157 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 0019D660 appears 55 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 001237D0 appears 195 times
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: String function: 001280D0 appears 35 times
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010EF0D0 NtdllDefWindowProc_W,0_2_010EF0D0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_01067A10 GetSystemDirectoryW,LoadLibraryExW,NtdllDefWindowProc_W,0_2_01067A10
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0104C330 NtdllDefWindowProc_W,0_2_0104C330
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FB2390 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection,0_2_00FB2390
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FA44A0 GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W,0_2_00FA44A0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FAE540 NtdllDefWindowProc_W,0_2_00FAE540
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FAE6B0 IsWindow,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_00FAE6B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FA4BC0 SysFreeString,SysAllocString,GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,NtdllDefWindowProc_W,SysFreeString,0_2_00FA4BC0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FA7190 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow,0_2_00FA7190
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010010D0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_010010D0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FA5220 NtdllDefWindowProc_W,0_2_00FA5220
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FC58F0 NtdllDefWindowProc_W,0_2_00FC58F0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FA78B0 NtdllDefWindowProc_W,0_2_00FA78B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FB7AC0 NtdllDefWindowProc_W,0_2_00FB7AC0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FA7E70 NtdllDefWindowProc_W,0_2_00FA7E70
Source: fxsound_setup.exe, 00000000.00000003.1668153416.000000000552D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs fxsound_setup.exe
Source: fxsound_setup.exeBinary or memory string: OriginalFilenameviewer.exeF vs fxsound_setup.exe
Source: fxsound_setup.exeBinary or memory string: OriginalFilenamelzmaextractor.dllF vs fxsound_setup.exe
Source: fxsound_setup.exeBinary or memory string: OriginalFilenameAICustAct.dllF vs fxsound_setup.exe
Source: fxsound_setup.exeBinary or memory string: OriginalFilenamePrereq.dllF vs fxsound_setup.exe
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeProcess token adjusted: Load DriverJump to behavior
Source: C:\Windows\System32\svchost.exeProcess token adjusted: SecurityJump to behavior
Source: fxsound_setup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: FxSound.lnk.1.drLNK file: ..\..\..\..\..\..\Program Files\FxSound LLC\FxSound\FxSound.exe
Source: Check for FxSound updates.lnk.1.drLNK file: ..\..\..\..\..\..\Program Files\FxSound LLC\FxSound\updater.exe
Source: FxSound.lnk0.1.drLNK file: ..\..\..\..\..\..\Program Files\FxSound LLC\FxSound\FxSound.exe
Source: FxSound.lnk1.1.drLNK file: ..\..\..\Program Files\FxSound LLC\FxSound\FxSound.exe
Source: C:\Users\user\Desktop\fxsound_setup.exeFile created: C:\Users\user\AppData\Roaming\FxSound LLCJump to behavior
Source: classification engineClassification label: mal42.evad.winEXE@28/103@2/1
Source: C:\Users\user\Desktop\fxsound_setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010AE5B0 FormatMessageW,GetLastError,0_2_010AE5B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00F99160 LoadResource,LockResource,SizeofResource,0_2_00F99160
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLCJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile read: C:\Users\user\Desktop\fxsound_setup.exeJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\fxsound_setup.exe C:\Users\user\Desktop\fxsound_setup.exe
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 79E6DEEDE54CC17CA7037B4F320F9C61 C
Source: C:\Users\user\Desktop\fxsound_setup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.x64.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\fxsound_setup.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1700670463 " AI_EUIMSI="
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0C65C1CCF681D8CA1F2AEB8ADA388D35
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove *DFX12
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe "C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" check
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" install "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.inf
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{fcd0319a-f7d0-4a4e-b0b4-a92d9d7e4c52}\fxvad.inf" "9" "4143399a7" "000000000000016C" "WinSta0\Default" "00000000000000C4" "208" "c:\program files\fxsound llc\fxsound\drivers\win10\x64"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:ed86ca115cc2c934:DFX_Device:14.1.0.0:root\fxvad," "4143399a7" "000000000000016C"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /f
Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\FxSound.exe "C:\Program Files\FxSound LLC\FxSound\\FxSound.exe" @
Source: unknownProcess created: C:\Program Files\FxSound LLC\FxSound\updater.exe "C:\Program Files\FxSound LLC\FxSound\updater.exe" /silent
Source: C:\Users\user\Desktop\fxsound_setup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.x64.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\fxsound_setup.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1700670463 " AI_EUIMSI="Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 79E6DEEDE54CC17CA7037B4F320F9C61 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0C65C1CCF681D8CA1F2AEB8ADA388D35Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\FxSound.exe "C:\Program Files\FxSound LLC\FxSound\\FxSound.exe" @Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove *DFX12Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe "C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" checkJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" install "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.infJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /fJump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{fcd0319a-f7d0-4a4e-b0b4-a92d9d7e4c52}\fxvad.inf" "9" "4143399a7" "000000000000016C" "WinSta0\Default" "00000000000000C4" "208" "c:\program files\fxsound llc\fxsound\drivers\win10\x64"Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:ed86ca115cc2c934:DFX_Device:14.1.0.0:root\fxvad," "4143399a7" "000000000000016C"Jump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSICA43.tmpJump to behavior
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E06F5950 CoCreateInstance,SysAllocString,SysFreeString,CoSetProxyBlanket,SysFreeString,SysFreeString,VariantInit,VariantClear,6_2_00007FF7E06F5950
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010DB860 GetDiskFreeSpaceExW,0_2_010DB860
Source: fxsound_setup.exe, 00000000.00000003.1667845398.00000000065B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT * FROM `Property` WHERE `Property` = 'ALLUSERS'(;
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_00192F80 CreateToolhelp32Snapshot,Process32FirstW,OpenProcess,QueryFullProcessImageNameW,CloseHandle,Process32NextW,CloseHandle,GetWindowThreadProcessId,GetWindowTextW,GetWindowLongW,GetWindowLongW,GetWindowLongW,GetWindowLongW,18_2_00192F80
Source: C:\Windows\System32\drvinst.exeMutant created: \BaseNamedObjects\DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{E498B5A6-FA64-40c6-9327-9E6F15FF6546}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7832:120:WilError_03
Source: C:\Program Files\FxSound LLC\FxSound\FxSound.exeMutant created: \Sessions\1\BaseNamedObjects\Global\juceAppLock_FxSound
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7692:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8044:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7788:120:WilError_03
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCommand line argument: RICHED20.DLL18_2_0018CA40
Source: updater.exeString found in binary or memory: -startminimized
Source: updater.exeString found in binary or memory: /install
Source: updater.exeString found in binary or memory: -startappfirst
Source: updater.exeString found in binary or memory: -installready
Source: updater.exeString found in binary or memory: /installservice
Source: fxsound_setup.exeString found in binary or memory: INSERT INTO `` (`Property`, `Order`, `Value`, `Text`) VALUES (?,?,?,?) TEMPORARYComboBoxListBoxSELECT * FROM `%s` WHERE `Property`='%s' AND `Value`='%s'SELECT * FROM `%s` WHERE `Property`='%s'EditSELECT `Message` FROM `Error` WHERE `Error` = %sSELECT `Text` FROM `UIText` WHERE `Key` = '%s'tmpALLUSERS = 1ALLUSERS = 2MSIINSTALLPERUSER = 1AI_PACKAGE_TYPE = "x64"AI_PACKAGE_TYPE = "Intel64"SELECT * FROM `Control` WHERE `Dialog_` = '%s' AND `Control` = '%s'SELECT `Attributes` FROM `Control` WHERE `Dialog_` = '%s' AND `Control` = '%s'$=3WS_BORDERWS_CAPTIONWS_CHILDWS_CHILDWINDOWWS_CLIPCHILDRENWS_CLIPSIBLINGSWS_DISABLEDWS_DLGFRAMEWS_GROUPWS_HSCROLLWS_ICONICWS_SIZEBOXWS_SYSMENUWS_TABSTOPWS_THICKFRAMEWS_VISIBLEWS_VSCROLLWS_MAXIMIZEBOXWS_MAXIMIZEWS_MINIMIZEBOXWS_MINIMIZEWS_OVERLAPPEDWINDOWWS_OVERLAPPEDWS_POPUPWINDOWWS_POPUPWS_TILEDWINDOWWS_TILEDWS_EX_ACCEPTFILESWS_EX_APPWINDOWWS_EX_CLIENTEDGEWS_EX_CONTEXTHELPWS_EX_CONTROLPARENTWS_EX_DLGMODALFRAMEWS_EX_LEFTWS_EX_LEFTSCROLLBARWS_EX_LTRREADINGWS_EX_MDICHILDWS_EX_NOPARENTNOTIFYWS_EX_OVERLAPPEDWINDOWWS_EX_PALETTEWINDOWWS_EX_RTLREADINGWS_EX_STATICEDGEWS_EX_TOOLWINDOWWS_EX_TOPMOSTWS_EX_TRANSPARENTWS_EX_WINDOWEDGEWS_EX_RIGHTSCROLLBARWS_EX_RIGHTWS_EX_LAYEREDWS_EX_NOACTIVATEWS_EX_NOINHERITLAYOUTWS_EX_LAYOUTRTLWS_EX_COMPOSITEDWS_EXAI_TRIAL_MESSAGE_BODYAI_MSM_TRIAL_MESSAGE_BODYAI_APP_FILEAI_README_FILEAI_APP_ARGSAI_RUN_AS_ADMINMsiLogFileLocation[ProgramFilesFolder][LocalAppDataFolder]Programs\[ProgramFiles64Folder][CommonFilesFolder][LocalAppDataFolder]Programs\Common\[CommonFiles64Folder][WindowsFolder][LocalAppDataFolder][SystemFolder][WindowsVolume][ProgramMenuFolder][DesktopFolder][StartupFolder][TemplateFolder][AdminToolsFolder][AI_UserProgramFiles][WindowsVolume]Program Files (x86)\[AI_ProgramFiles][WindowsVolume]Program Files\MIGRATEFindRelatedProductsMigrateFeatureStatesAI_SETMIXINSTLOCATIONAPPDIRAI_RESTORE_LOCATIONSELECT `ActionProperty` FROM `Upgrade`ActionTarget`Action`='SET_APPDIR' OR `Action`='SET_SHORTCUTDIR'CustomActionSET_APPDIRSET_SHORTCUTDIRSHORTCUTDIRProgramMenuFolderAI_SH_INITEDBrowseDlgCancelDlgDiskCostDlgExitDialogMsiRMFilesInUseOutOfDiskDlgOutOfRbDiskDlgDialog_Control_(`Control_` = 'Next' OR `Control_` = 'Install') AND `Event` = 'EndDialog' AND `Argument` = 'Return'ControlEventAI_INSTALLPERUSER = "0"ALLUSERSVersionMsi >= "5.0"2MSIINSTALLPERUSERAI_NEWINSTProductLanguageAI_INTANCE_LOCATIONAI_UPGRADENoLanguageVersionStringInstallLocationAI_REPLACE_PRODUCTSAI_Replaced_Versions_ListAI_Upgrade_Replace_Question_YesBackUp_AI_Upgrade_Question_YesAI_Upgrade_Question_YesAI_Upgrade_Replace_Question_NoBackUp_AI_Upgrade_Question_NoAI_Upgrade_Question_NoYesDELETE FROM `Shortcut` WHERE `Shortcut`.`Directory_`='%s'DELETE FROM `IniFile` WHERE `IniFile`.`Section`='InternetShortcut' AND`IniFile`.`DirProperty`='%s'SELECT * FROM `%s`ShortcutIniFileAI_DESKTOP_SH0AI_STARTMENU_SHAI_QUICKLAUNCH_SHAI_STARTUP_SHAI_SHORTCUTSREGNot InstalledDesktopFolderQuickLaunch_DirStartupFolderAI_SH_DIRProductNameRiched20.dll -user -mach
Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files\FxSound LLC\FxSound\updater.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: fxsound_setup.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLCJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSoundJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\FxSound.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\DriversJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\AppsJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\updater.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxInstall.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvadntamd64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvadntx86.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvadntamd64.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86Jump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.infJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.sysJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvadntx86.catJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\FactsoftJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\1.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\10.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\11.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\12.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\2.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\3.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\4.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\5.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\6.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\7.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\8.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\Factsoft\9.facJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Bold.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Medium.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Regular.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Bold.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Medium.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Regular.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Bold.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Medium.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Regular.otfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Medium.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Regular.ttfJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\FxSound LLC\FxSound\updater.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FxSound 1.1.20.0Jump to behavior
Source: fxsound_setup.exeStatic file information: File size 46914960 > 1048576
Source: fxsound_setup.exeStatic PE information: certificate valid
Source: fxsound_setup.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x237c00
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: fxsound_setup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: fxsound_setup.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wininet.pdb source: fxsound_setup.exe, 00000000.00000003.1668153416.000000000552D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\Release\fxdevcon32.pdb" source: fxdevcon32.exe.1.dr
Source: Binary string: C:\Users\Vijay\Documents\Projects\FxSound\fxsound-driver\fxvad\pcmex\Release\fxvad.pdb source: fxvad.sys2.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\Updater.pdb source: updater.exe, 00000012.00000002.1859837140.00000000001D4000.00000002.00000001.01000000.0000000E.sdmp, updater.exe, 00000012.00000000.1821729596.00000000001D4000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\code32\Mains\DfxSetupDrv\Release\DfxSetupDrv.pdbNN(GCTL source: DfxSetupDrv.exe, 00000008.00000002.1744326725.000000000035A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe, 00000008.00000000.1728417446.000000000035A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe.1.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Project\x64\Release\App\FxSound.pdb source: FxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb? source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\Release\fxdevcon32.pdb source: fxdevcon32.exe.1.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\x64\Release\fxdevcon64.pdb source: fxdevcon64.exe, 00000006.00000000.1725646207.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000A.00000002.1787250018.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000A.00000000.1744778421.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: wininet.pdbUGP source: fxsound_setup.exe, 00000000.00000003.1668153416.000000000552D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\code32\Mains\DfxSetupDrv\Release\DfxSetupDrv.pdb source: DfxSetupDrv.exe, 00000008.00000002.1744326725.000000000035A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe, 00000008.00000000.1728417446.000000000035A000.00000002.00000001.01000000.0000000A.sdmp, DfxSetupDrv.exe.1.dr
Source: Binary string: C:\Users\Vijay\Documents\Projects\FxSound\fxsound-driver\fxvad\pcmex\x64\Release\fxvad.pdb source: drvinst.exe, 0000000D.00000003.1765962497.0000023D636B3000.00000004.00000020.00020000.00000000.sdmp, fxvad.sys1.1.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.dr
Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: fxsound_setup.exe
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\viewer.pdb source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: Binary string: C:\Users\vijay\Documents\Projects\FxSound\repo\fxsound\FxSound\Installer\DfxInstall\x64\Release\fxdevcon64.pdb source: fxdevcon64.exe, 00000006.00000000.1725646207.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000A.00000002.1787250018.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp, fxdevcon64.exe, 0000000A.00000000.1744778421.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdbo source: fxsound_setup.exe, fxsound.x64.msi.0.dr
Source: fxsound_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: fxsound_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: fxsound_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: fxsound_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: fxsound_setup.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C252C4 push ecx; retn 0000h0_3_00C252D6
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C214C5 push cs; retn 0010h0_3_00C2150A
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C276C8 push eax; ret 0_3_00C276F2
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C2F8DB push cs; ret 0_3_00C2F8E2
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C23CE1 push eax; ret 0_3_00C23CE2
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C23CE9 push edx; ret 0_3_00C23CEA
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C1ECF8 push cs; ret 0_3_00C1ED02
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C276F8 push eax; ret 0_3_00C276F2
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C25280 push ecx; retn 0000h0_3_00C25286
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C1EE83 push cs; ret 0_3_00C1EEAA
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C276B0 push cs; ret 0_3_00C276C2
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C252B9 push edx; retn 0000h0_3_00C252BA
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C21615 push ss; retn 0000h0_3_00C21616
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C23631 push ecx; ret 0_3_00C23642
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C25FEA pushad ; retn 0000h0_3_00C25FFA
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C27980 push ecx; ret 0_3_00C27992
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C29989 pushfd ; retn 0000h0_3_00C2998A
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C2F544 push edx; ret 0_3_00C2F54E
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C2F54F push edx; ret 0_3_00C2F552
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C2F751 push cs; ret 0_3_00C2F752
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C2F555 push ebx; ret 0_3_00C2F556
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C2F559 push ebx; ret 0_3_00C2F55A
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C2F55D push ebx; ret 0_3_00C2F55E
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C2F561 push edx; ret 0_3_00C2F562
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C2F567 push eax; ret 0_3_00C2F56A
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C2F565 push eax; ret 0_3_00C2F566
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C25309 push edx; retn 0000h0_3_00C2530A
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C1ED15 push ecx; ret 0_3_00C1ED1A
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_3_00C2F528 push edx; ret 0_3_00C2F542
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_011451AE push ecx; ret 0_2_011451C1
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0108B3E0 push ecx; mov dword ptr [esp], 3F800000h0_2_0108B516
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010AE740 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_010AE740
Source: shiCBDA.tmp.0.drStatic PE information: 0xC7FEC470 [Wed Apr 29 05:06:56 2076 UTC]
Source: shiCBDA.tmp.0.drStatic PE information: section name: .wpp_sf
Source: shiCBDA.tmp.0.drStatic PE information: section name: .didat
Source: FxSound.exe.1.drStatic PE information: section name: _RDATA
Source: fxdevcon64.exe.1.drStatic PE information: section name: _RDATA
Source: fxdevcon64.exe0.1.drStatic PE information: section name: _RDATA
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID0E0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID5C4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID090.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.sysJump to dropped file
Source: C:\Users\user\Desktop\fxsound_setup.exeFile created: C:\Users\user\AppData\Local\Temp\MSICC49.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\updater.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sysJump to dropped file
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeFile created: C:\Users\user\AppData\Local\Temp\{fcd0319a-f7d0-4a4e-b0b4-a92d9d7e4c52}\SETEDFA.tmpJump to dropped file
Source: C:\Users\user\Desktop\fxsound_setup.exeFile created: C:\Users\user\AppData\Local\Temp\shiCBDA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\FxSound.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID0BF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxInstall.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID11F.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{254d53e9-31e2-8942-bfe2-4e3f26d71e4a}\SETF05B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID030.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICFD1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID06F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID0E0.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID5C4.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID090.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID0BF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID11F.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{254d53e9-31e2-8942-bfe2-4e3f26d71e4a}\SETF05B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID030.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSICFD1.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID06F.tmpJump to dropped file

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /f
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSoundJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FxSound.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound\Check for FxSound updates.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound\FxSound.lnkJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FxSound.lnkJump to behavior
Source: C:\Windows\System32\drvinst.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FXVAD

Hooking and other Techniques for Hiding and Protection

barindex
Tries to open files direct via NTFS file id
Source: C:\Windows\System32\drvinst.exeFile opened: C:\Windows\System32\drivers
Source: C:\Windows\System32\drvinst.exeFile opened: C:\Windows\System32\drivers
Source: C:\Windows\System32\drvinst.exeFile opened: C:\Windows\System32\drivers
Source: C:\Users\user\Desktop\fxsound_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FxSound LLC\FxSound\FxSound.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FxSound LLC\FxSound\FxSound.exeProcess information set: NOGPFAULTERRORBOX

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeEvasive API call chain: CreateMutex,DecisionNodes,Sleep
Contains functionality to detect sleep reduction / modifications
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0013F5F018_2_0013F5F0
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeAPI coverage: 4.8 %
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeAPI coverage: 5.5 %
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0013F5F018_2_0013F5F0
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID0E0.tmpJump to dropped file
Source: C:\Users\user\Desktop\fxsound_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiCBDA.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID11F.tmpJump to dropped file
Source: C:\Windows\System32\drvinst.exeDropped PE file which has not been started: C:\Windows\System32\DriverStore\Temp\{254d53e9-31e2-8942-bfe2-4e3f26d71e4a}\SETF05B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID030.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSID06F.tmpJump to dropped file
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{fcd0319a-f7d0-4a4e-b0b4-a92d9d7e4c52}\SETEDFA.tmpJump to dropped file
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E06F8C60 SetupDiGetClassDevsW,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyW,SetupDiEnumDeviceInfo,SetupDiDestroyDeviceInfoList,SetupDiRemoveDevice,SetupDiDestroyDeviceInfoList,6_2_00007FF7E06F8C60
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010D9310 _wcsrchr,_wcsrchr,GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection,0_2_010D9310
Source: updater.exe, 00000012.00000002.1860559394.0000000000781000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: updater.exe, 00000012.00000002.1860559394.00000000007D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_011419D1 VirtualQuery,GetSystemInfo,0_2_011419D1
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010D0640 FindFirstFileW,FindClose,CloseHandle,CloseHandle,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_010D0640
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010AB1B0 FindFirstFileW,GetLastError,FindClose,0_2_010AB1B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010DA4B0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_010DA4B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010AA850 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,0_2_010AA850
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010DA8B0 FindFirstFileW,FindClose,0_2_010DA8B0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010B8F30 FindFirstFileW,FindClose,FindClose,0_2_010B8F30
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0108FE80 FindFirstFileW,FindNextFileW,FindClose,0_2_0108FE80
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E07117C0 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,6_2_00007FF7E07117C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0012E2C0 GetLastError,GetLastError,GetLastError,FindFirstFileW,GetLastError,FindClose,18_2_0012E2C0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001B400D FindFirstFileExW,FindNextFileW,FindClose,FindClose,18_2_001B400D
Source: C:\Users\user\Desktop\fxsound_setup.exeFile Volume queried: C:\Users\user\AppData\Roaming FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile Volume queried: C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile Volume queried: C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeFile Volume queried: C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010AE740 LoadLibraryW,GetProcAddress,FreeLibrary,0_2_010AE740
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_011441D9 mov esi, dword ptr fs:[00000030h]0_2_011441D9
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0115E93F mov eax, dword ptr fs:[00000030h]0_2_0115E93F
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0115E8FB mov eax, dword ptr fs:[00000030h]0_2_0115E8FB
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_0114FDF7 mov ecx, dword ptr fs:[00000030h]0_2_0114FDF7
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001AA021 mov ecx, dword ptr fs:[00000030h]18_2_001AA021
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0019B4B4 mov esi, dword ptr fs:[00000030h]18_2_0019B4B4
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001B3D58 mov eax, dword ptr fs:[00000030h]18_2_001B3D58
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\FxSound.exe "C:\Program Files\FxSound LLC\FxSound\\FxSound.exe" @Jump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_01149913 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_01149913
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010DD260 CreateFileW,GetLastError,OutputDebugStringW,OutputDebugStringW,SetFilePointer,FlushFileBuffers,WriteFile,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,OutputDebugStringW,WriteFile,WriteFile,FlushFileBuffers,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,0_2_010DD260
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_01144245 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,0_2_01144245
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FCAEA0 __set_se_translator,SetUnhandledExceptionFilter,0_2_00FCAEA0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_01144CCD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_01144CCD
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_01149913 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_01149913
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_00FCD8C0 __set_se_translator,SetUnhandledExceptionFilter,0_2_00FCD8C0
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E06FD168 SetUnhandledExceptionFilter,6_2_00007FF7E06FD168
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E0702AA8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF7E0702AA8
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E06FC4D8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00007FF7E06FC4D8
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E06FCFC0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00007FF7E06FCFC0
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: 8_2_00358C17 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00358C17
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: 8_2_00359074 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00359074
Source: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exeCode function: 8_2_003591D6 SetUnhandledExceptionFilter,8_2_003591D6
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0019CC13 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,18_2_0019CC13
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0019D270 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_0019D270
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0019D403 SetUnhandledExceptionFilter,18_2_0019D403
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_001A1813 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,18_2_001A1813
Source: C:\Users\user\Desktop\fxsound_setup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\fxsound llc\fxsound 1.1.20.0\install\fxsound.x64.msi" ai_setupexepath=c:\users\user\desktop\fxsound_setup.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1700670463 " ai_euimsi="
Source: C:\Users\user\Desktop\fxsound_setup.exeProcess created: C:\Windows\SysWOW64\msiexec.exe c:\windows\system32\msiexec.exe" /i "c:\users\user\appdata\roaming\fxsound llc\fxsound 1.1.20.0\install\fxsound.x64.msi" ai_setupexepath=c:\users\user\desktop\fxsound_setup.exe setupexedir=c:\users\user\desktop\ exe_cmd_line="/exenoupdates /forcecleanup /wintime 1700670463 " ai_euimsi="Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove *DFX12Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe "C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" checkJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" install "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.infJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /fJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010ACF90 GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,GetLastError,FindCloseChangeNotification,0_2_010ACF90
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: 18_2_0014DE30 LocalFree,LocalFree,LocalFree,GetLastError,SetEntriesInAclW,LocalAlloc,GetLastError,InitializeSecurityDescriptor,GetLastError,LocalFree,SetSecurityDescriptorDacl,GetLastError,LocalFree,CreateFileW,SetFilePointer,LocalFree,LocalFree,LocalFree,18_2_0014DE30
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,0_2_010D30D0
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_00007FF7E0715180
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: GetLocaleInfoW,6_2_00007FF7E07153CC
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,6_2_00007FF7E0714CCC
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: GetLocaleInfoW,6_2_00007FF7E070C430
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: GetLocaleInfoW,6_2_00007FF7E07155D4
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_00007FF7E0715524
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_00007FF7E0715700
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: EnumSystemLocalesW,6_2_00007FF7E070BFF0
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: EnumSystemLocalesW,6_2_00007FF7E07150E8
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: EnumSystemLocalesW,6_2_00007FF7E0715018
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: EnumSystemLocalesW,18_2_001B01BA
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,18_2_001B0664
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: EnumSystemLocalesW,18_2_001B6A1E
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: EnumSystemLocalesW,18_2_001B6A69
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: EnumSystemLocalesW,18_2_001B6B04
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,18_2_001B6B8F
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,18_2_001B6DE2
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,18_2_001B6F0B
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,18_2_001B7011
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,18_2_001B70E0
Source: C:\Program Files\FxSound LLC\FxSound\updater.exeCode function: GetLocaleInfoW,GetLocaleInfoW,18_2_0012B6B0
Source: C:\Users\user\Desktop\fxsound_setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeQueries volume information: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvadntamd64.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{254d53e9-31e2-8942-bfe2-4e3f26d71e4a}\fxvadNTAMD64.cat VolumeInformationJump to behavior
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E06F8C60 SetupDiGetClassDevsW,SetupDiEnumDeviceInfo,SetupDiGetDeviceRegistryPropertyW,SetupDiEnumDeviceInfo,SetupDiDestroyDeviceInfoList,SetupDiRemoveDevice,SetupDiDestroyDeviceInfoList,6_2_00007FF7E06F8C60
Source: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exeCode function: 6_2_00007FF7E07111E0 cpuid 6_2_00007FF7E07111E0
Source: C:\Users\user\Desktop\fxsound_setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010DD180 GetLocalTime,0_2_010DD180
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010E81C0 GetUserNameW,GetUserNameW,GetLastError,GetUserNameW,GetEnvironmentVariableW,GetEnvironmentVariableW,RegDeleteValueW,RegCloseKey,RegCloseKey,RegQueryInfoKeyW,RegCloseKey,RegCloseKey,RegDeleteKeyW,RegCloseKey,RegDeleteValueW,RegCloseKey,0_2_010E81C0
Source: C:\Users\user\Desktop\fxsound_setup.exeCode function: 0_2_010E98C0 CreateNamedPipeW,CreateFileW,0_2_010E98C0

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
1
Replication Through Removable Media		11
Native API		1
LSASS Driver		1
LSASS Driver		1
Disable or Modify Tools		OS Credential Dumping1
System Time Discovery		1
Replication Through Removable Media		1
Archive Collected Data		Exfiltration Over Other Network Medium2
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
Default Accounts13
Command and Scripting Interpreter		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth11
Encrypted Channel		SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
Domain Accounts1
Scheduled Task/Job		21
Windows Service		21
Windows Service		2
Obfuscated Files or Information		Security Account Manager1
Account Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Non-Application Layer Protocol		Data Encrypted for ImpactDNS ServerEmail Addresses
Local AccountsCron1
Scheduled Task/Job		12
Process Injection		1
Timestomp		NTDS4
File and Directory Discovery		Distributed Component Object ModelInput CaptureTraffic Duplication3
Application Layer Protocol		Data DestructionVirtual Private ServerEmployee Names
Cloud AccountsLaunchd2
Registry Run Keys / Startup Folder		1
Scheduled Task/Job		1
DLL Side-Loading		LSA Secrets46
System Information Discovery		SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
Replication Through Removable MediaScheduled TaskRC Scripts2
Registry Run Keys / Startup Folder		1
File Deletion		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
External Remote ServicesSystemd TimersStartup ItemsStartup Items33
Masquerading		DCSync141
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
Process Injection		Proc Filesystem2
Process Discovery		Cloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
Exploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedExfiltration Over Symmetric Encrypted Non-C2 ProtocolWeb ProtocolsInternal DefacementMalvertisingNetwork Topology

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1346523 Sample: fxsound_setup.exe Startdate: 22/11/2023 Architecture: WINDOWS Score: 42 68 drive.fxsound.com 2->68 70 download.fxsound.com 2->70 72 Found evasive API chain (may stop execution after checking mutex) 2->72 74 Contains functionality to detect sleep reduction / modifications 2->74 9 msiexec.exe 150 115 2->9         started        12 svchost.exe 2 2->12         started        14 fxsound_setup.exe 26 2->14         started        16 updater.exe 2->16         started        signatures3 process4 dnsIp5 52 C:\Program Files\FxSound LLC\...\updater.exe, PE32 9->52 dropped 54 C:\Program Files\...\DfxSetupDrv.exe, PE32 9->54 dropped 56 C:\Windows\Installer\MSID5C4.tmp, PE32 9->56 dropped 62 19 other files (none is malicious) 9->62 dropped 19 msiexec.exe 9->19         started        22 msiexec.exe 9->22         started        24 FxSound.exe 9->24         started        26 drvinst.exe 12->26         started        28 drvinst.exe 8 12 12->28         started        58 C:\Users\user\AppData\Local\...\shiCBDA.tmp, PE32+ 14->58 dropped 60 C:\Users\user\AppData\Local\...\MSICC49.tmp, PE32 14->60 dropped 31 msiexec.exe 5 14->31         started        66 drive.fxsound.com 45.79.74.123, 443, 49731, 49733 LINODE-APLinodeLLCUS United States 16->66 file6 process7 file8 76 Uses schtasks.exe or at.exe to add and modify task schedules 19->76 33 fxdevcon64.exe 9 9 22->33         started        36 DfxSetupDrv.exe 3 22->36         started        38 fxdevcon64.exe 1 22->38         started        40 schtasks.exe 22->40         started        78 Tries to open files direct via NTFS file id 26->78 64 C:\Windows\System32\...\SETF05B.tmp, PE32+ 28->64 dropped signatures9 process10 file11 50 C:\Users\user\AppData\Local\...\SETEDFA.tmp, PE32+ 33->50 dropped 42 conhost.exe 33->42         started        44 conhost.exe 36->44         started        46 conhost.exe 38->46         started        48 conhost.exe 40->48         started        process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
fxsound_setup.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\FxSound LLC\FxSound\Apps\DfxInstall.dll0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sys0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.sys0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.sys0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.sys0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\FxSound.exe0%ReversingLabs
C:\Program Files\FxSound LLC\FxSound\updater.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\MSICC49.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\shiCBDA.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\{fcd0319a-f7d0-4a4e-b0b4-a92d9d7e4c52}\SETEDFA.tmp0%ReversingLabs
C:\Windows\Installer\MSICFD1.tmp0%ReversingLabs
C:\Windows\Installer\MSID030.tmp0%ReversingLabs
C:\Windows\Installer\MSID06F.tmp0%ReversingLabs
C:\Windows\Installer\MSID090.tmp0%ReversingLabs
C:\Windows\Installer\MSID0BF.tmp0%ReversingLabs
C:\Windows\Installer\MSID0E0.tmp0%ReversingLabs
C:\Windows\Installer\MSID11F.tmp0%ReversingLabs
C:\Windows\Installer\MSID5C4.tmp0%ReversingLabs
C:\Windows\System32\DriverStore\Temp\{254d53e9-31e2-8942-bfe2-4e3f26d71e4a}\SETF05B.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://sketch.com0%URL Reputationsafe
https://forms.gle/ATx1ayXDWRaMdiR590%Avira URL Cloudsafe
https://download.fxsound.comK0%Avira URL Cloudsafe
http://microsoft.co?0%Avira URL Cloudsafe
https://forum.fxsound.comto0%Avira URL Cloudsafe
https://forms.gle/ATx1ayXDWRaMdiR59:Take0%Avira URL Cloudsafe
https://forum.fxsound.comD0%Avira URL Cloudsafe
http://crl3.di0%Avira URL Cloudsafe
http://crl3.digi0%Avira URL Cloudsafe
https://postman-echo.comdaveHttpClient0%Avira URL Cloudsafe
http://www.fxsound.comd0%Avira URL Cloudsafe
http://Locationftp:juceftp://https://GetAdaptersAddressesiphlpapi.dllhttps:0%Avira URL Cloudsafe
https://postman-echo.com0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
download.fxsound.com
45.79.74.123
truefalse
    		high
    drive.fxsound.com
    		45.79.74.123
    		truefalse
      		high

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://drive.fxsound.com/cs/sgMPaBYtQvliu88/downloads3.fxsound.com/fxsound/1.1.20.0/updates.txt/downloadfalse
        		high
        https://download.fxsound.com/updatesfalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://www.fxsound.com/learning-centerMSIccd31.LOG.1.drfalse
            		high
            http://www.fxsound.comfxdevcon64.exe, 0000000A.00000002.1786670412.0000026492D45000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1753079231.0000026492D3B000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1785091901.0000026492CBB000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786670412.0000026492D30000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1746456930.0000026492CD9000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1785554355.0000026492CBB000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1745440876.0000026492CA4000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1750468970.0000026492CF6000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1754124511.0000026492D30000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1750364754.0000026492CF6000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1754969063.0000026492D30000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1752277277.0000026492D3D000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786448508.0000026492CBB000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1759276637.0000023D635A8000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1762206072.0000023D635AA000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1762304235.0000023D63653000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1762320499.0000023D6359B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1760450193.0000023D635A5000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1762453362.0000023D63659000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1757848935.0000023D6359B000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1757965297.0000023D635A3000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exeIE5updater.exe, 00000012.00000002.1860559394.00000000007BD000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://www.fxsound.com/changelogION#fxsound_setup.exe, 00000000.00000003.1826942285.00000000065AF000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1823035243.00000000065AF000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://www.fxsound.com/learning-center/installation-troubleshootingFXSOUND_OopsFxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                    		high
                    http://crl3.difxsound_setup.exe, 00000000.00000003.1826659710.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1822558492.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1825332773.0000000000C8E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://www.fxsound.com/learning-centerARPNOMODIFYEnableUserControlARPNOREPAIRARPSYSTEMCOMPONENTARPUfxsound.x64.msi.0.drfalse
                      		high
                      https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exeupdater.exe, 00000012.00000003.1859200242.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858157638.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858258759.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858511359.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007D5000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://forms.gle/ATx1ayXDWRaMdiR59:TakeFxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://sketch.comFxSound.exe.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.fxsound.com/presetsFxSound.exe.1.drfalse
                          		high
                          http://crl3.digifxsound_setup.exe, 00000000.00000003.1826659710.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1822558492.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1825332773.0000000000C8E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.fxsound.com/learning-center/no-sound-with-fxsound-realtekFxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                            		high
                            https://www.fxsound.com/changelog340fxsound_setup.exe, 00000000.00000003.1826942285.00000000065AF000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1823035243.00000000065AF000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://s3.amazonaws.com/downloads3.fxsound.com/fxsound/2/updates.txt)c.fxsound_setup.exe, 00000000.00000003.1663699741.0000000000C93000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1663666127.0000000000C8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://drive.fxsound.com/cs/sgMPaBYtQvliu88/downloads3.fxsound.com/fxsound/1.1.20.0/updates.txt/dowupdater.exe, 00000012.00000002.1860559394.00000000007D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://drive.fxsound.com/Jupdater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858202660.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://james722808.typeform.com/to/QfEP5QrPSupporthttps://www.fxsound.com/learning-centerChangelog;FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                      		high
                                      https://www.fxsound.com/supportFxSound.exe, 00000011.00000002.2916156691.000001E918F7D000.00000004.00000020.00020000.00000000.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                        		high
                                        https://james722808.typeform.com/to/QfEP5QrPFxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                          		high
                                          https://www.fxsound.com/blog/fxsound-is-now-completely-freeufxsound_setup.exe, 00000000.00000003.1667889626.00000000065A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://drive.fxsound.com/Bupdater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858202660.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.paypal.com/donate/?hosted_button_id=JVNQGYXCQ2GPGFxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                                		high
                                                https://www.fxsound.com/blog/fxsound-is-now-completely-freefxsound_setup.exe, 00000000.00000003.1663748027.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000002.1828323288.0000000000CA6000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1826659710.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1822558492.0000000000C6F000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1825332773.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1663666127.0000000000C8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://download.fxsound.com/updatesterupdater.exe, 00000012.00000002.1860559394.0000000000778000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://forum.fxsound.comMSIccd31.LOG.1.drfalse
                                                      		high
                                                      https://s3.amazonaws.com/downloads3.fxsound.com/fxsound/2/updates.txtOfxsound_setup.exe, 00000000.00000003.1824233531.0000000006557000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://download.fxsound.com/fxsoundlatestupdater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858258759.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858511359.00000000007E8000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://forms.gle/ATx1ayXDWRaMdiR59FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://download.fxsound.com/updater.exe, 00000012.00000002.1860559394.00000000007BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://download.fxsound.com/updatescfxsound_setup.exe, 00000000.00000003.1824233531.0000000006557000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000002.1829373659.0000000006558000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.fxsound.com/learning-center/no-sound-with-fxsound-realtekPresetFxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                                                		high
                                                                https://www.fxsound.com/changelogIONwfxsound_setup.exe, 00000000.00000003.1826942285.00000000065AF000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1823035243.00000000065AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://forum.fxsound.comDfxsound_setup.exe, 00000000.00000003.1823613645.000000000659E000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1827593471.00000000065A6000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1825157251.000000000659E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.fxsound.com/changelogMSIccd31.LOG.1.drfalse
                                                                    		high
                                                                    https://www.fxsound.com/changelognJfxsound_setup.exe, 00000000.00000003.1663748027.0000000000C7F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://drive.fxsound.com/updater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858202660.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://download.fxsound.comKupdater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858202660.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.fxsound.com/changelog.ClickFxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                                                          		high
                                                                          http://microsoft.co?updater.exe, 00000012.00000003.1844172601.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858511359.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1858202660.00000000007F0000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1844277230.0000000000827000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.thawte.com/cps0/fxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.drfalse
                                                                            		high
                                                                            https://www.fxsound.com/changelogenterfxsound_setup.exe, 00000000.00000003.1826942285.00000000065AF000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1823035243.00000000065AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.paypal.com/donate/?hosted_button_id=JVNQGYXCQ2GPG1.1.20.0FxSound.exe, 00000011.00000000.1802280251.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe, 00000011.00000002.2917820911.00007FF604A2B000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                                                                		high
                                                                                http://www.fxsound.comdfxdevcon64.exe, 0000000A.00000003.1746508721.0000026492CC3000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1785091901.0000026492CBB000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1752231616.0000026492D54000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1746442059.0000026492CE2000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786953682.0000026494A4D000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786953682.0000026494A40000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1753955898.0000026492D57000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1754884252.0000026492CC8000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1750364754.0000026492CC8000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1754439022.0000026492CC5000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786670412.0000026492D53000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1785299209.0000026492CC8000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1785628821.0000026492D52000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1745440876.0000026492CAA000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000002.1786953682.0000026494A53000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1754686909.0000026492D53000.00000004.00000020.00020000.00000000.sdmp, fxdevcon64.exe, 0000000A.00000003.1752711142.0000026492D54000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1766071983.0000023D63633000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1757965297.0000023D635A9000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1769785529.0000023D63633000.00000004.00000020.00020000.00000000.sdmp, drvinst.exe, 0000000D.00000003.1757770641.0000023D635A9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.thawte.com/repository0Wfxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.drfalse
                                                                                  		high
                                                                                  https://download.fxsound.com/updatesBupdater.exe, 00000012.00000002.1860559394.0000000000781000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://download.fxsound.com/fxsoundlatestoadupdater.exe, 00000012.00000002.1860559394.00000000007F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://forum.fxsound.comtofxsound_setup.exe, 00000000.00000003.1823613645.000000000657B000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1827057502.0000000006585000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1824180068.0000000006583000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://www.advancedinstaller.comfxsound_setup.exe, fxsound.x64.msi.0.dr, MSICC49.tmp.0.drfalse
                                                                                        		high
                                                                                        https://www.fxsound.com/learning-center/installation-troubleshootingFxSound.exe, 00000011.00000003.2149211092.000001E91B4E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://download.fxsound.com/updatesEupdater.exe, 00000012.00000002.1860559394.0000000000781000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://s3.amazonaws.com/downloads3.fxsound.com/fxsound/2/updates.txtfxsound_setup.exe, 00000000.00000003.1667845398.00000000065B7000.00000004.00000020.00020000.00000000.sdmp, updater.exe, 00000012.00000003.1828414418.0000000002630000.00000004.00000800.00020000.00000000.sdmp, updater.exe, 00000012.00000002.1860559394.0000000000781000.00000004.00000020.00020000.00000000.sdmp, MSIccd31.LOG.1.drfalse
                                                                                              		high
                                                                                              https://juce.comFxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                                                                                		high
                                                                                                https://postman-echo.comdaveHttpClientFxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://www.fxsound.com/changelog335fxsound_setup.exe, 00000000.00000003.1826942285.00000000065AF000.00000004.00000020.00020000.00000000.sdmp, fxsound_setup.exe, 00000000.00000003.1823035243.00000000065AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://Locationftp:juceftp://https://GetAdaptersAddressesiphlpapi.dllhttps:FxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		low
                                                                                                  https://postman-echo.comFxSound.exe, 00000011.00000002.2917820911.00007FF604A54000.00000002.00000001.01000000.0000000B.sdmp, FxSound.exe.1.drfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown

                                                                                                  World Map of Contacted IPs

                                                                                                  • No. of IPs < 25%
                                                                                                  • 25% < No. of IPs < 50%
                                                                                                  • 50% < No. of IPs < 75%
                                                                                                  • 75% < No. of IPs

                                                                                                  Public IPs

                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                  45.79.74.123
                                                                                                  		download.fxsound.comUnited States
                                                                                                  		63949LINODE-APLinodeLLCUSfalse

                                                                                                  General Information

                                                                                                  Joe Sandbox Version:38.0.0 Ammolite
                                                                                                  Analysis ID:1346523
                                                                                                  Start date and time:2023-11-22 17:29:38 +01:00
                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                  Overall analysis duration:0h 8m 46s
                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                  Report type:full
                                                                                                  Cookbook file name:default.jbs
                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                  Number of analysed new started processes analysed:24
                                                                                                  Number of new started drivers analysed:0
                                                                                                  Number of existing processes analysed:0
                                                                                                  Number of existing drivers analysed:0
                                                                                                  Number of injected processes analysed:0
                                                                                                  Technologies:
                                                                                                  • HCA enabled
                                                                                                  • EGA enabled
                                                                                                  • AMSI enabled
                                                                                                  Analysis Mode:default
                                                                                                  Analysis stop reason:Timeout
                                                                                                  Sample file name:fxsound_setup.exe
                                                                                                  Detection:MAL
                                                                                                  Classification:mal42.evad.winEXE@28/103@2/1
                                                                                                  EGA Information:
                                                                                                  • Successful, ratio: 80%
                                                                                                  HCA Information:Failed
                                                                                                  Cookbook Comments:
                                                                                                  • Found application associated with file extension: .exe

                                                                                                  Warnings

                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                  • Execution Graph export aborted for target FxSound.exe, PID 8084 because there are no executed function
                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                  • VT rate limit hit for: fxsound_setup.exe

                                                                                                  Simulations

                                                                                                  Behavior and APIs

                                                                                                  TimeTypeDescription
                                                                                                  16:30:44Task SchedulerRun new task: Update path: "C:\Program Files\FxSound LLC\FxSound\updater.exe" s>/silent

                                                                                                  Joe Sandbox View / Context

                                                                                                  IPs

                                                                                                  No context

                                                                                                  Domains

                                                                                                  No context

                                                                                                  ASNs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  LINODE-APLinodeLLCUSBEM00263.docxGet hashmaliciousFormBookBrowse
                                                                                                  • 45.33.6.223
                                                                                                  009c487a.exeGet hashmaliciousFormBookBrowse
                                                                                                  • 45.33.6.223
                                                                                                  Rgi3BxJNQJ.exeGet hashmaliciousGurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, Xmrig, zgRATBrowse
                                                                                                  • 139.162.232.28
                                                                                                  U6SJBLxT2Z.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                  • 45.33.23.183
                                                                                                  http://www.propertynoise.co.nzGet hashmaliciousUnknownBrowse
                                                                                                  • 172.105.178.19
                                                                                                  https://playervisual.com/tom/?37915841Get hashmaliciousUnknownBrowse
                                                                                                  • 45.79.7.19
                                                                                                  https://playervisual.com/tom/?37915841Get hashmaliciousUnknownBrowse
                                                                                                  • 45.79.7.19
                                                                                                  https://playervisual.com/tom/?37915841Get hashmaliciousUnknownBrowse
                                                                                                  • 45.79.7.19
                                                                                                  PGeBff2Pio.exeGet hashmaliciousSodinokibi, TrojanRansomBrowse
                                                                                                  • 45.33.30.174
                                                                                                  GoogleCrashHandler64.exeGet hashmaliciousNanominer, XmrigBrowse
                                                                                                  • 172.105.211.250
                                                                                                  GoogleCrashHandler64.exeGet hashmaliciousNanominer, XmrigBrowse
                                                                                                  • 172.105.211.250
                                                                                                  SecuriteInfo.com.Win32.RATX-gen.10863.32284.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                  • 45.33.104.46
                                                                                                  SecuriteInfo.com.Trojan.Inject4.59820.15812.20006.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                  • 45.33.104.46
                                                                                                  137-AGROCHLOPECKI_OFFER_list.xlsGet hashmaliciousFormBookBrowse
                                                                                                  • 45.33.6.223
                                                                                                  https://app.box.com/s/66xk2tdm22emcw1byhrb0qse73en82rpGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 50.116.10.131
                                                                                                  approval_order_PO.docx.docGet hashmaliciousRemcosBrowse
                                                                                                  • 45.33.42.226
                                                                                                  https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=gweninglis.com.au/hsg/dlajklshj/ukjwyskw02#d29qY2llY2gudXJiYW5jenlrQGtnaG0uY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                  • 172.104.63.236
                                                                                                  https://brelif.net/acd/ab4/tac.phpGet hashmaliciousUnknownBrowse
                                                                                                  • 139.162.78.222
                                                                                                  SecuriteInfo.com.Win32.PWSX-gen.1807.23407.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                  • 45.33.104.46

                                                                                                  JA3 Fingerprints

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  37f463bf4616ecd445d4a1937da06e19rRFQ0588904.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                  • 45.79.74.123
                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                  • 45.79.74.123
                                                                                                  justificante_de_pago.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                  • 45.79.74.123
                                                                                                  psHlH7cF5E.exeGet hashmaliciousDjvu, Glupteba, RedLine, SmokeLoader, Vidar, XmrigBrowse
                                                                                                  • 45.79.74.123
                                                                                                  123.ps1Get hashmaliciousUnknownBrowse
                                                                                                  • 45.79.74.123
                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                  • 45.79.74.123
                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                  • 45.79.74.123
                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                  • 45.79.74.123
                                                                                                  11_23_Helion_AM_Ersatzspeditionsauftrag.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                  • 45.79.74.123
                                                                                                  Informazione_Agenzia.exeGet hashmaliciousRemcosBrowse
                                                                                                  • 45.79.74.123
                                                                                                  Informa_Agenzia_Entrate.exeGet hashmaliciousRemcosBrowse
                                                                                                  • 45.79.74.123
                                                                                                  info_agenzia.exeGet hashmaliciousRemcosBrowse
                                                                                                  • 45.79.74.123
                                                                                                  E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                  • 45.79.74.123
                                                                                                  A_E_direzion.exeGet hashmaliciousRemcosBrowse
                                                                                                  • 45.79.74.123
                                                                                                  Agenzia_delle_Entrate.exeGet hashmaliciousRemcosBrowse
                                                                                                  • 45.79.74.123
                                                                                                  AE_inform.exeGet hashmaliciousRemcosBrowse
                                                                                                  • 45.79.74.123
                                                                                                  Agenzia_control.exeGet hashmaliciousRemcosBrowse
                                                                                                  • 45.79.74.123
                                                                                                  file.exeGet hashmaliciousDarkTortilla, Djvu, Glupteba, Raccoon Stealer v2, RedLine, SmokeLoader, VidarBrowse
                                                                                                  • 45.79.74.123
                                                                                                  New_Square_Document#46788%678.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                  • 45.79.74.123
                                                                                                  Important_Document@#$%.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                  • 45.79.74.123

                                                                                                  Dropped Files

                                                                                                  No context

                                                                                                  Created / dropped Files

                                                                                                  (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10590
                                                                                                  Entropy (8bit):7.254430659006022
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:1OgjZ7OPJCbngEw9JPgXkhYCClQBcA5E8qnajEzHbC:18UuLh3Cl+x5E8l4zu
                                                                                                  MD5:ACDAAE5D1219E7703285C42F774BE54D
                                                                                                  SHA1:47DF82D8C843BF1ADC098A26E9E3E27217B3104D
                                                                                                  SHA-256:25C8DAE186155D20F74FEEDEFB4F84161E4215925B8FD0C898F68F3E50EBCD7D
                                                                                                  SHA-512:83B663222FB22B1760EA8551D19557F3F2905BFAC205B380B23DD7F2A65A37B851A3C3C345E4A768B76700BB891B97C96A0DBBB58D81358993293AD1EB3E300A
                                                                                                  Malicious:false
                                                                                                  Preview:0.)Z..*.H........)K0.)G...1.0...`.H.e......0.....+.....7......0...0...+.....7.....7.M&...A.f..B....210319161347Z0...+.....7.....0..?0....#..6yS{.I..^o.Q{.A.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0.... Kt=..].....&...m.ng..,.....Q...|1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... Kt=..].....&...m.ng..,.....Q...|0... ..\...{...*p$..B.F.C8..C.p....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..\...{...*p$..B.F.C8..C.p....0.....w7=-{x|<....8....O.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s......C0..?0....+.....7......0.....S.u.

                                                                                                  C:\Config.Msi\4cce4c.rbs

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:modified
                                                                                                  Size (bytes):19455
                                                                                                  Entropy (8bit):5.805768256272565
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:UZsrtD0eThIJrhyKcHZbjrmlVk9FEk9FA9/0:U2rh0eThIJrY9MVk96k9Gc
                                                                                                  MD5:6205B541349D70CDF003D09F6493AECC
                                                                                                  SHA1:57421FEFD355047DF8507D822DE05679D4C12360
                                                                                                  SHA-256:8BD9311D99F88734288829C71EFA0E7294CD25DD70569A79DDA77EB5B2DE6EC3
                                                                                                  SHA-512:3229557F65D889E38C2ABA6A291849C89515396AEA1B8A037273C74F3C7052000AF9609DDA22F3CA69B2822BD8DDF34962EAF8A91029AD19EB5BB9DB9B8E00C0
                                                                                                  Malicious:false
                                                                                                  Preview:...@IXOS.@.....@.vW.@.....@.....@.....@.....@.....@......&.{14600665-0165-49E8-8017-D1BD6A290335}..FxSound..fxsound.x64.msi.@.....@.....@.....@......fxsound.exe..&.{D5DE046A-A59D-4852-B552-7C613C8DBEAF}.....@.....@.....@.....@.......@.....@.....@.......@......FxSound......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{215927B7-6543-4106-B941-F33B96B65E3B}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{82E872A6-8D59-4785-92C3-8BBFF79EB0E4}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{E6F40D13-6200-4931-A7A2-6142F7821778}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{EE536E27-12E6-4F20-A3E7-6A073AED85CB}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{FF4D6223-08FD-4830-A07F-C3307A8FA1B5}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{F8459A73-F385-4ED6-809A-50204A74B04F}&.{14600665-0165-49E8-8017-D1BD6A290335}.@......&.{D56B8D69-2366-40AF-BA27-0E50E5434C55}&.{14600665-0165-49

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Apps\DfxInstall.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):128920
                                                                                                  Entropy (8bit):6.533310057171278
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:u2XK2Ncn8sLtc666YCM/QVMmFbeN/dor5jwMLhynDU:NcttcyYP4tEor2ehynQ
                                                                                                  MD5:4EF82B076F26BBCEB356A3E226CF5238
                                                                                                  SHA1:525D5CA0001909F576120ADC8926B8C12A6106C7
                                                                                                  SHA-256:8A43BCC9DC92D121EF173D728F68BC77C937A0A136C949FD85802C6E0CD26879
                                                                                                  SHA-512:D849F895F8C41D28FF85BE5B8F3DC4E70F35A4289B91728D60C155DC53D855C6C4BE881C6B18C02C9D6A21A7C2116CE6674C09F61F1B97964895E30C9EB538F5
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................>......>......>........................................e..................Rich...........PE..L......e...........!...$.4...................P............................... ............@....................................x........................)..............p...........................H...@............P...............................text...|3.......4.................. ..`.rdata...q...P...r...8..............@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):66968
                                                                                                  Entropy (8bit):6.423656272557826
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:z9XQDo3evkZGiX4WU5LraxxpHC2F6oDE6496io2lcefUKIto2qfAF0EaFY2yOFa5:hXWo3e8wiX4WU5LraTpHC2F6oDR491o3
                                                                                                  MD5:EFE3CF96899C9D9CC25815F88E9466E2
                                                                                                  SHA1:1EC6B385A1F142C6AD7E92FFB8CFA8CF9FC7E415
                                                                                                  SHA-256:F29777FE088459C3F5B96384590FD0E1A2F3D947FB19ED866FB8F28F7D954143
                                                                                                  SHA-512:8544A35F70461C30A5C5004CB469315FAFB2DD17034AEE41F7127E3010703008ACAA78FBF26DD02E748A88BB39AEB41154F84CA10F6530FB032A7B536DE0335E
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........'.j.t.j.t.j.t../t.j.t.4.u.j.t.4.u.j.t.4.u.j.t.4.u.j.t\4.u.j.t...u.j.t...u.j.t...u.j.t.j.tEj.t\4.u.j.t\4Ct.j.t\4.u.j.tRich.j.t........................PE..L.....&`....................."......S.............@.......................................@.....................................@........................)..........`...p...............................@............................................text............................... ..`.rdata...=.......>..................@..@.data...x...........................@....gfids..P...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):209896
                                                                                                  Entropy (8bit):6.180609423723243
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:+ug+dP/Gc/vj7lxXdE/WgetVLFWPLFKmTRY81WVdSWRWiBQ:+6P/BzzC+getVLFWPZQlc
                                                                                                  MD5:B94BDE258AFA7DA0A9CD3FEB22A64EDD
                                                                                                  SHA1:D3867CEF5939CF4F73EAEC32EBD72D354C40B534
                                                                                                  SHA-256:3C44390B0C3CA51707EB977373788C155AF5F8197E3CE6D61F2775AF5B204FFF
                                                                                                  SHA-512:A74B6754544C6A188D59A24449271DF2519A7E54AD88F55F7CBDC50D8B7F2FE24297D0E84A39AA6E6CB3607926D9C49293B0F4092E3158E2353AE4C308EEBB8C
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.w...w...w..Q....w..Q...{w..Q....w...*...w...*...w...*...w...*...w..8.(..w...w..Aw...*...w...*...w...wt..w...*...w..Rich.w..........................PE..L......^.............................G............@..................................u....@..................................7..x........................#...`.......(..p............................)..@............................................text............................... ..`.rdata..............................@..@.data...03...P.......8..............@....gfids...............D..............@..@.rsrc................F..............@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon64.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):239592
                                                                                                  Entropy (8bit):6.003536434480152
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:fWGh+NCEVePaUS11HF7isSN1W1q7KZXB/W5Sho8VRnK/qZWRWf:+tNCOrUS17VSNwqOnK/du
                                                                                                  MD5:4EAC440540483593DB5EDE2F7203417B
                                                                                                  SHA1:9C09D1CF19C6B7AED59D263EC560460475AEAA5D
                                                                                                  SHA-256:0DC27FF7BFB0D75FC6FCE439BC1AF557E68A18DED441DDEA8705DB6BF8DF9A4F
                                                                                                  SHA-512:874FD7A73226D74D5EE664FEAFBF29BB0DDF474891D43BB8CBE397CF9751A53CFECC1A981D3E39E25DA7228E0089B28170E603F14DE6455F9FFFFF0B4729CD68
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........=v^.S%^.S%^.S%.~.%[.S%.~.%..S%.~.%S.S%=.P$V.S%=.V$x.S%=.W$K.S%0.V$U.S%...%Q.S%^.R%..S%0.Z$V.S%0..%_.S%^..%_.S%0.Q$_.S%Rich^.S%................PE..d..."..^.........."..................N.........@....................................L.....`.....................................................x....0...................#..............p...........................0................................................text............................... ..`.rdata..|...........................@..@.data....=..........................@....pdata..............................@..@.gfids....... ......................@..@.rsrc........0......................@..@.reloc...............|..............@..B........................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):269720
                                                                                                  Entropy (8bit):6.3385709845453615
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:wrRV8AjsaX6xJMmp/LyFEJ3tI8TD9BTzxlKohK4z+5AtH:C/OTMuTyeJGI9Bpso8KH
                                                                                                  MD5:87EAD9C6CD7486421E3142B2A6480F8E
                                                                                                  SHA1:64A7C04194E6CB5D467FFDD95A7E5BF25A6FD814
                                                                                                  SHA-256:52298E9EE19A8DF4BA59DFE89B7A51D6424DBA73B0FC2622D07FC6E7B9112681
                                                                                                  SHA-512:1F551258D8F538F6AE69125D724D905A2A00AE84900AFDA83299159AF008F1A6252B1A2CD005523BADA669B3677C7E8C6B44E3BF2DD6CFA63996DD047E354D96
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n............}......}.....w.....w......w.....}.b...}.......A..Hv....Hv....Hv=....Hv.....Rich...........................PE..d.....b.........."......|..........D..........@.............................P......}e....`.........................................................0..........4#.......)...@.......o..p...........................Pn..@............................................text....z.......|.................. ..`.rdata...........0..................@..@.data....*..........................@....pdata..4#.......$..................@..@_RDATA..\.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.inf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Windows setup INFormation
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5334
                                                                                                  Entropy (8bit):5.628759224235533
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:3q9BSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3qzSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                  MD5:328087CAF99B50D988A304BEEEA3FCE8
                                                                                                  SHA1:23FFEF913679537BB049008F5E6F8E517BB24192
                                                                                                  SHA-256:BA175CFDDD91B87BDDA3F1DF2A70249E1742E846B843381EB0438B70F91A110A
                                                                                                  SHA-512:D006E8DE0F9258A3EE75723E458D635586040702C1357630F199CF5740C7E29D87FEFD4B869A897BDD26B67FAD134E6BF35A2C01C3A00ACC8BF20181D7DA1AA3
                                                                                                  Malicious:false
                                                                                                  Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/17/2021,14.1.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.sys

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):326656
                                                                                                  Entropy (8bit):2.91036654915667
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:3Ft4aLqpAogNTiqwu2CvcCjikibqqqqqqqqqqqqqqqqqqqaFgNj////////////l:T45A/N8Cfjik6scccoFtr
                                                                                                  MD5:EAF913C1DE47C2421669B662EDAA5A6A
                                                                                                  SHA1:53524526E1898A90FA98AE02E662B9C0E6DC2848
                                                                                                  SHA-256:425629B6309000013E8CD1A9B827BEE365D21C9F743873AADD0C3BC96A999D2A
                                                                                                  SHA-512:BB674FEB73751172A1ACE65AAB89C5EBF952A07F7AF0F3EC1DADF357FF693230CF08910AE273E8335EEC35E5827DA6405272D05C161987DF679199935AF21A76
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................X.......X.R.....X.......Rich....................PE..d....@R`.........."......6..........0..........@............................. ......cM....`A....................................................<........|...@...........$..........8)..8...........................p)............... ...............................text...)........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@.......(..............@..HPAGE....J'...P...(...,.............. ..`INIT.................T.............. ..b.rsrc....|.......~...X..............@..B.reloc..............................@..B........................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvadntamd64.cat

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10590
                                                                                                  Entropy (8bit):7.254430659006022
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:1OgjZ7OPJCbngEw9JPgXkhYCClQBcA5E8qnajEzHbC:18UuLh3Cl+x5E8l4zu
                                                                                                  MD5:ACDAAE5D1219E7703285C42F774BE54D
                                                                                                  SHA1:47DF82D8C843BF1ADC098A26E9E3E27217B3104D
                                                                                                  SHA-256:25C8DAE186155D20F74FEEDEFB4F84161E4215925B8FD0C898F68F3E50EBCD7D
                                                                                                  SHA-512:83B663222FB22B1760EA8551D19557F3F2905BFAC205B380B23DD7F2A65A37B851A3C3C345E4A768B76700BB891B97C96A0DBBB58D81358993293AD1EB3E300A
                                                                                                  Malicious:false
                                                                                                  Preview:0.)Z..*.H........)K0.)G...1.0...`.H.e......0.....+.....7......0...0...+.....7.....7.M&...A.f..B....210319161347Z0...+.....7.....0..?0....#..6yS{.I..^o.Q{.A.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0.... Kt=..].....&...m.ng..,.....Q...|1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... Kt=..].....&...m.ng..,.....Q...|0... ..\...{...*p$..B.F.C8..C.p....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..\...{...*p$..B.F.C8..C.p....0.....w7=-{x|<....8....O.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s......C0..?0....+.....7......0.....S.u.

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxdevcon32.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):216472
                                                                                                  Entropy (8bit):6.58720462389318
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Q0BoIohQyb1eSbUPWU7jTufjAOena7kWcoyt:iIsQybqWU7yjJpyt
                                                                                                  MD5:5CA5F72D8A7A6C1A265AA0E349BAEB59
                                                                                                  SHA1:1BDA4CA3D6541FEE025CB93664BEFF8A22C7356A
                                                                                                  SHA-256:9F07E799804897D2A9C1297322B66D753A9134A1BCA1CF7F13DC5834377A5381
                                                                                                  SHA-512:FFBD33AFB1D84B5225151F9B22BE914E8F2BB43D92D0A4C46818F796A997149505F610F38C1803910A476757352B18EB9AB8E6A227A5A60276FE62AC51E62BC2
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.C...-...-...-.......-...)...-.q.)...-.q.....-.q.(.B.-...(..-...,...-...,..-..$...-..-...-......-../...-.Rich..-.........................PE..L.....b............................q........0....@..........................`......X.....@.........................p.......H........0...............$...)...@......p...p...............................@............0...............................text...,........................... ..`.rdata.......0......................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.inf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Windows setup INFormation
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5334
                                                                                                  Entropy (8bit):5.628759224235533
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:3q9BSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3qzSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                  MD5:328087CAF99B50D988A304BEEEA3FCE8
                                                                                                  SHA1:23FFEF913679537BB049008F5E6F8E517BB24192
                                                                                                  SHA-256:BA175CFDDD91B87BDDA3F1DF2A70249E1742E846B843381EB0438B70F91A110A
                                                                                                  SHA-512:D006E8DE0F9258A3EE75723E458D635586040702C1357630F199CF5740C7E29D87FEFD4B869A897BDD26B67FAD134E6BF35A2C01C3A00ACC8BF20181D7DA1AA3
                                                                                                  Malicious:false
                                                                                                  Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/17/2021,14.1.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvad.sys

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):322560
                                                                                                  Entropy (8bit):2.8824956385159206
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:mwrXoME2X1k56OBvZTwJikibqqqqqqqqqqqqqqqqqqqaFgNj///////////////y:VfE2X1Ng2ik6sccco3tq
                                                                                                  MD5:C05A2F8F443C7D756F594B583D7C820F
                                                                                                  SHA1:0DA76FA1BA7CF5E631C8AC25E9A3C3BA105C5381
                                                                                                  SHA-256:7BA582F2B468502E7DFF903069A7A5E177479C92B483EB9EDBF683A85B423CB9
                                                                                                  SHA-512:5069C8D568D463324CF426D9CD14994D3E4912EA7921D4F9EAE3F3BFA6C6022AA4D9BD6834690A97C74DDBDA1ADFFE6F587FD631251ED53E663BC3E54A2238BF
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5..q...q...q...e..p...e..t...q...o...e..u.......{....._.p.......p...Richq...................PE..L....@R`.................2..........0p....... ....@.................................Z.....@E................................`p..<........|...............$...........&..8............................'............... ...............................text............................... ..h.rdata..X.... ......................@..H.data........0......................@...PAGE..... ...@..."... .............. ..`INIT....h....p.......B.............. ..b.rsrc....|.......~...F..............@..B.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x86\fxvadntx86.cat

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10581
                                                                                                  Entropy (8bit):7.255569051169796
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:OOggMgObJC+ngEw9JPgXkhYCVyLHIMvN/qnajyCRe:OdNuLh3k/lmCo
                                                                                                  MD5:CC51E0BF07678A35F8CE058E2A674B18
                                                                                                  SHA1:F44CF566246C83C37177403439E8C203A672B543
                                                                                                  SHA-256:15D3EB929843C1A3D5AEAFC6D93E673906ABBB95208DF95009BA8962AC6AD11C
                                                                                                  SHA-512:EFD4A37255F375278B9AC9E9B1FE86A0B198B90E9F8E9494AD2D49A060B6C99905C69B7773439ED80CF48A673F3B6349B5657602D4456D50A2DC49118133139C
                                                                                                  Malicious:false
                                                                                                  Preview:0.)Q..*.H........)B0.)>...1.0...`.H.e......0.....+.....7......0...0...+.....7.....9lN.A..H. ..>.....210319161347Z0...+.....7.....0..?0....#..6yS{.I..^o.Q{.A.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0.... HYu.dQ...a.....s:1'm. .}X..+xi1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... HYu.dQ...a.....s:1'm. .}X..+xi0... ..\...{...*p$..B.F.C8..C.p....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..\...{...*p$..B.F.C8..C.p....0.......d\-.u......];...u1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s......!0...0....+.....7......0.....S.u.

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxdevcon64.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):269720
                                                                                                  Entropy (8bit):6.338509183501062
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:crRV8AjsaX6xJMmp/LyFEJ3tI8TD9BTzxlKohK4z+5Atw:+/OTMuTyeJGI9Bpso8Kw
                                                                                                  MD5:225F1417E8EA755755A3C0E58F9FD09A
                                                                                                  SHA1:55B5165B0EB06441EF26FD16F66E1BE9D4EF8BFF
                                                                                                  SHA-256:F86FB7F2585BAF2D22FC35A70A34BCB724EB0B1B9C9D8D1BE7013E919AFE28AD
                                                                                                  SHA-512:B37E510FC8DE5D2E644A0D46E5AB81A8461E4A391F5F5F520B13D650832A977DA3A18F2DA9BF317D0FB34968E5CE58BB948B73210538F535707DB1DA227F1C27
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n............}......}.....w.....w......w.....}.b...}.......A..Hv....Hv....Hv=....Hv.....Rich...........................PE..d.....b.........."......|..........D..........@.............................P.......&....`.........................................................0..........4#.......)...@.......o..p...........................Pn..@............................................text....z.......|.................. ..`.rdata...........0..................@..@.data....*..........................@....pdata..4#.......$..................@..@_RDATA..\.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.inf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Windows setup INFormation
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5334
                                                                                                  Entropy (8bit):5.628596767870037
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:3quSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3quSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                  MD5:82D8CBA970FF0CF924F8C750E4470873
                                                                                                  SHA1:F2EDC8BD8FCAF38976DC8E718D5D3ACE3BE82792
                                                                                                  SHA-256:042C6B79DFF1FDA007776F7EA14CAF4E7665F0A2A3F00644966EFDA6478B4939
                                                                                                  SHA-512:02B2E5FD829DE9C0C7841319376ABF2F2B89064CE59AEE8EC6B8F886DB25D7ADE4F05E1B5B3BBC76F0DE660F91C9799314B85A418DEBBB5A66ABE928A31C9B54
                                                                                                  Malicious:false
                                                                                                  Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/22/2021,14.2.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvad.sys

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):326120
                                                                                                  Entropy (8bit):2.895336145016568
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:pAm4aLqpAogNTiqwu2CvcijikibqqqqqqqqqqqqqqqqqqqaFgNj////////////9:P45A/N8C/jik6scccR
                                                                                                  MD5:36F645D44476652DD078287D05499BC5
                                                                                                  SHA1:287A7AD815F60691942B0BF533B39C20AD43300D
                                                                                                  SHA-256:DAB6F4A9A68821FE8CC4B11AF19CC5FDE71E67FB9275E39E2ABDA680E477446B
                                                                                                  SHA-512:4CC4F625661EE755B44D94B8F4C91F7FFDB6DAF6DA39CD6147C5465C7448EB9620A0E71BAC6414AE2BBB99CE8CD379B03A98D70863CC384BE83F70BA00254FF5
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e..!...!...!...5.. ...5..$...!...9...5..#...5..".....+....u. ..... ...Rich!...................PE..d...L.X`.........."......6..........0..........@............................. .......6....`A....................................................<........|...@...........!..........8)..8...........................p)............... ...............................text...)........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@.......(..............@..HPAGE....J'...P...(...,.............. ..`INIT.................T.............. ..b.rsrc....|.......~...X..............@..B.reloc..............................@..B........................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x64\fxvadntamd64.cat

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9568
                                                                                                  Entropy (8bit):7.231189475826073
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:VrIMfdZubhlYZputZscF8Bd1LoZo6wTBZHklE8:nFZQYZCZsHLoilht8
                                                                                                  MD5:381CF31B9363FB10C0E4DD4FA3847A74
                                                                                                  SHA1:8B360D53A6D63E1A32A650BD7326EFED17BEBEA5
                                                                                                  SHA-256:82EC9E6E7EC723052CB1D608A39DC41D501818027837730D0D9F3B42DBE750C8
                                                                                                  SHA-512:8DCBB28C2A35BE40B984F614B094B29E27F41AC0F679CD74BC39BDB3DEDAE129A53EBB95069D62B12FC355A2088FF74D643AE5E3CB7E1B216FB89CFFAB8EEE77
                                                                                                  Malicious:false
                                                                                                  Preview:0.%\..*.H........%M0.%I...1.0...`.H.e......0.....+.....7......0...0...+.....7.......L.7F.E..i...cY..210322123238Z0...+.....7.....0...0..w.RB.5.2.0.9.5.B.A.D.2.A.4.7.9.4.8.0.A.E.1.9.8.C.3.C.7.4.A.6.F.C.9.E.9.1.E.E.6.1.6...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+......... ...yH....Jo.....0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0..o.RF.2.E.D.C.8.B.D.8.F.C.A.F.3.8.9.7.6.D.C.8.E.7.1.8.D.5.D.3.A.C.E.3.B.E.8.2.7.9.2...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0E..+.....7...17050...+.....7.......0!0...+..............v.q.]:.;.'.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......0..0(..+.....7.....0....O.S........7.X.6.4...00..+.....7...."0 ...H.W.I.D.2........f.x.v.a.d...0:..+.....7....,0*.

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxdevcon32.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):216472
                                                                                                  Entropy (8bit):6.587544616995315
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Z0BoIohQyb1eSbUPWU7jTufjAOena7kWcoyV:FIsQybqWU7yjJpyV
                                                                                                  MD5:939B76A79E780C43D9C93B4ED10F74E7
                                                                                                  SHA1:89A177E350055B45C9C5E20E2FA4BB61F1B02078
                                                                                                  SHA-256:0F03F95818362877E5D6293590AA5B5368AFDD895939B9918D786153BDB6DCC5
                                                                                                  SHA-512:253DAF7C95A02237AEADE781B7F5E6B0086A170574DAFE5793798AA936F70BDA36221B08597B3F08B9644D4F70922A6882563D2F2BE67E14ADC6B268D9C176CB
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.C...-...-...-.......-...)...-.q.)...-.q.....-.q.(.B.-...(..-...,...-...,..-..$...-..-...-......-../...-.Rich..-.........................PE..L.....b............................q........0....@..........................`............@.........................p.......H........0...............$...)...@......p...p...............................@............0...............................text...,........................... ..`.rdata.......0......................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.inf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Windows setup INFormation
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5334
                                                                                                  Entropy (8bit):5.628596767870037
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:3quSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3quSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                  MD5:82D8CBA970FF0CF924F8C750E4470873
                                                                                                  SHA1:F2EDC8BD8FCAF38976DC8E718D5D3ACE3BE82792
                                                                                                  SHA-256:042C6B79DFF1FDA007776F7EA14CAF4E7665F0A2A3F00644966EFDA6478B4939
                                                                                                  SHA-512:02B2E5FD829DE9C0C7841319376ABF2F2B89064CE59AEE8EC6B8F886DB25D7ADE4F05E1B5B3BBC76F0DE660F91C9799314B85A418DEBBB5A66ABE928A31C9B54
                                                                                                  Malicious:false
                                                                                                  Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/22/2021,14.2.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvad.sys

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):322024
                                                                                                  Entropy (8bit):2.869696033678278
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:foXmL+F+U1Da96r9rWikibqqqqqqqqqqqqqqqqqqqaFgNj/////////////////b:w/YU1D34ik6scccR
                                                                                                  MD5:31B1A479F995A4A3EFF6E11BACC34400
                                                                                                  SHA1:11587B7105E94891470273D35C77EBC3ECAF1EBC
                                                                                                  SHA-256:A507119631F73432B9E98D8D33815FFED90156C3BFB7E5E81666591D46CE460F
                                                                                                  SHA-512:8AAF5E0919370163691B38F5B754C9391DEE12AFB8157CACE51ECE19503B20D96D220948D8ACE262778FD4EB98C48D5FF5B247C53E831CB793FACECAFEBE73C7
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5..ql..ql..ql..e...pl..e...tl..ql..ll..e...ul......{l...._.pl......pl..Richql..........PE..L...b.X`.................2..........0p....... ....@.................................2.....@E................................xp..<........|...............!...........&..8............................'..@............ ..|............................text...g........................... ..h.rdata..X.... ......................@..H.data........0......................@...PAGE..... ...@..."... .............. ..`INIT....r....p.......B.............. ..b.rsrc....|.......~...F..............@..B.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Drivers\win7\x86\fxvadntx86.cat

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):9569
                                                                                                  Entropy (8bit):7.230532185757443
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:9fIMbdZubhlYZputZscF8Bd1LciivWBZHkWDVjO:ThZQYZCZsHLcDshFjO
                                                                                                  MD5:94015CF4A09898205476CEE29F2B75FA
                                                                                                  SHA1:9F847A10277C4CAF45A83FA0F53F5D525302AE39
                                                                                                  SHA-256:1A453865D234167FBE486F62D632373107994C634D9619E6D310C1DD3B5037E5
                                                                                                  SHA-512:A4B34E39DEB20BE3C1F27B3913EEC1B15454D5437EA41DB1C745CA9DAE35765588849FC05957CA27F2D1DDC309C023EC5013F7F7E8D08750003BE6AE299F59D4
                                                                                                  Malicious:false
                                                                                                  Preview:0.%]..*.H........%N0.%J...1.0...`.H.e......0.....+.....7......0...0...+.....7...... iX..xG..P.>D9...210322123242Z0...+.....7.....0...0..w.R3.3.3.B.F.5.C.F.4.B.0.B.4.A.8.3.4.9.0.1.F.9.3.F.A.2.0.9.4.9.F.F.7.6.3.5.C.A.7.0...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........3;..K.J.I..?..I.v5.p0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0..o.RF.2.E.D.C.8.B.D.8.F.C.A.F.3.8.9.7.6.D.C.8.E.7.1.8.D.5.D.3.A.C.E.3.B.E.8.2.7.9.2...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0E..+.....7...17050...+.....7.......0!0...+..............v.q.]:.;.'.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}.......0..0(..+.....7.....0....O.S........7.X.8.6...00..+.....7...."0 ...H.W.I.D.2........f.x.v.a.d...0:..+.....7....,0*.

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\1.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):944
                                                                                                  Entropy (8bit):4.77740089112828
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:qElw1IoJ3RVyGt5djvBp0HOAppzttw5kuUBwDR:CKiyG5djzUtCt
                                                                                                  MD5:F27EA21512686DA8E8C90E0A4D0F5616
                                                                                                  SHA1:3231A236C4D517197E28413EED3F5AC74D557CD7
                                                                                                  SHA-256:B9FF4BAD7F89D0FDB9032B6AEA475A04FAC8C1EEC39020FA00DB3CD72B91E1FB
                                                                                                  SHA-512:45911C28BC677C223BAAF46B6CF1E12EDCE56BF9584FC3317535D8B3BE1AE0F402847C7DDD2D1E7E6DFC01C4C24D04965DC475B9419A85D7A703685335559DB9
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..General..0: Double Params Flag..1: Total number of elements..50: Main 0..20: Main 1..0: Main 2..0: Main 3..60: Main 4..60: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..0: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115: CF.. 0: Boost/Cut..Band 3.. 250: CF.. 1: Boost/Cut..Band 4.. 450: CF.. 2: Boost/Cut..Band 5.. 630: CF.. 0: Boost/Cut..Band 6.. 1250: CF.. -1: Boost/Cut..Band 7.. 2700: CF.. 0: Boost/Cut..Band 8.. 5300: CF.. -1: Boost/Cut..Band 9.. 7500: CF.. -2: Boost/Cut..Band 10.. 13000: CF.. 0: Boost/Cut

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\10.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):963
                                                                                                  Entropy (8bit):4.8567723479487075
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:q/vw1IcJOhRVyWWt5djvBp0TOAwUCJaSSOpNBlpA:coKryb5djzcL
                                                                                                  MD5:10A1B6C5A17F64D377394251C816FD73
                                                                                                  SHA1:3A54DBCB969269F9B4B63A0A72FEC51F9C1F2FD7
                                                                                                  SHA-256:5DA7F6318249417A1EDF02D133ED5543334389CE42E75CB904A311C680EF0D33
                                                                                                  SHA-512:DC32487CC4488F114C03605702F496AFF597797D1469FC246561F6C9055A4691B5E3AF6D1BCFFCAD6344310B1C1FEA27F70473D2C7A1F6BE6711D37047227C41
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..Movies..0: Double Params Flag..1: Total number of elements..60: Main 0..50: Main 1..0: Main 2..0: Main 3..85: Main 4..35: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. 0: Boost/Cut..Band 3.. 250: CF.. 2: Boost/Cut..Band 4.. 396.85: CF.. 0: Boost/Cut..Band 5.. 734.867: CF.. 2: Boost/Cut..Band 6.. 1360.79: CF.. 2: Boost/Cut..Band 7.. 2519.84: CF.. 1: Boost/Cut..Band 8.. 5350: CF.. -1: Boost/Cut..Band 9.. 8640.48: CF.. 0: Boost/Cut..Band 10.. 13800: CF.. 2: Boost/Cut..

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\11.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):961
                                                                                                  Entropy (8bit):4.855292559830285
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:q+w1IZBSRVyWWt5djvBp0TOAppUCJnpQSOpNBNpA:oKIyb5djzMl
                                                                                                  MD5:038E70D0B0223598B6F11890C7A39DA1
                                                                                                  SHA1:E790CA1456F895C6EF3A112BCEA575FC1F3A1006
                                                                                                  SHA-256:D05ED165422959C5F6B4C2B25FBE84B3BB0AA9BBDB72A6B0123BCB7CC2FB3CEA
                                                                                                  SHA-512:02BF6CD53AE7D2F1B9DE9868454A8937D72A787227496FE2D07F75AA296AA3FE71464E0ED610EF974E73C0F3E8B51939CE43C6563F2CDA958B7A7964DF42FBF9
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..TV..0: Double Params Flag..1: Total number of elements..50: Main 0..50: Main 1..0: Main 2..20: Main 3..60: Main 4..45: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. 0: Boost/Cut..Band 3.. 250: CF.. 1: Boost/Cut..Band 4.. 396.85: CF.. 0: Boost/Cut..Band 5.. 734.867: CF.. 1: Boost/Cut..Band 6.. 1360.79: CF.. 0: Boost/Cut..Band 7.. 2519.84: CF.. 1: Boost/Cut..Band 8.. 5350: CF.. -1: Boost/Cut..Band 9.. 8640.48: CF.. -1: Boost/Cut..Band 10.. 13800: CF.. 2: Boost/Cut..

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\12.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):955
                                                                                                  Entropy (8bit):4.810538314108478
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:qCw1ImJqRVyXt5djvBp0qOA14/7Woh5fMBjfA:2KZyd5djzSSwx3
                                                                                                  MD5:EEC389C321A0F4E18D568D9EB52D4A4A
                                                                                                  SHA1:46555A411D1DBE75B4994B0D9C44C21B72243EDD
                                                                                                  SHA-256:33E8695F8DEDD7E7F4ED640C8F6412C1898D2A06489AAD41C09F0326BDC08DB7
                                                                                                  SHA-512:B61D04D025CF4CC2B1FE8CB5881F57BB0C2DD0B3FAB2F47548D433D6EE2B2419838379DAF115FDD9F0C797C9DE8366C21A6DBA1BAB7C6F1E5CC9F2AFA656BBB4
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..Transcription..0: Double Params Flag..1: Total number of elements..100: Main 0..0: Main 1..0: Main 2..0: Main 3..115: Main 4..75: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..0: Integer[1]..0: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 86: CF.. -12: Boost/Cut..Band 3.. 250: CF.. 7: Boost/Cut..Band 4.. 293: CF.. 2: Boost/Cut..Band 5.. 615: CF.. -1: Boost/Cut..Band 6.. 1320: CF.. 7: Boost/Cut..Band 7.. 3430: CF.. 0: Boost/Cut..Band 8.. 4630: CF.. 10: Boost/Cut..Band 9.. 6360: CF.. 3: Boost/Cut..Band 10.. 11770: CF.. -12: Boost/Cut..

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\2.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):959
                                                                                                  Entropy (8bit):4.801168282589878
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:q3vw1IyvjRVyWWt5djvBp0COASiepELDYB0iA:JKUyb5djzV
                                                                                                  MD5:EE618C4C177068C08DACDFC8411D5610
                                                                                                  SHA1:726B0F02F137361D658EE0A45FE4C8AD64F83C87
                                                                                                  SHA-256:690ED5C16C33B8EFD0ED7C7AEF90F71E6DF3F20C2A44114E98CF8CF7355DBED8
                                                                                                  SHA-512:D1C6652D14ED28DC5D71D0017CE975F57F247E5134033384B50B0FF094C407CDB11E0AF4518A900025E4B56131F25AAC300E8702F4D6E7E267FDA44B93B8985F
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..Music..0: Double Params Flag..1: Total number of elements..50: Main 0..35: Main 1..0: Main 2..35: Main 3..20: Main 4..60: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 110.0: CF.. 2: Boost/Cut..Band 3.. 250.0: CF.. 2: Boost/Cut..Band 4.. 370.0: CF.. 1: Boost/Cut..Band 5.. 650.0: CF.. 0: Boost/Cut..Band 6.. 1200.0: CF.. 0: Boost/Cut..Band 7.. 2130.0: CF.. 0: Boost/Cut..Band 8.. 4550.0: CF.. -1: Boost/Cut..Band 9.. 6850.0: CF.. 0: Boost/Cut..Band 10.. 16000: CF.. 2: Boost/Cut..

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\3.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):965
                                                                                                  Entropy (8bit):4.861329835911262
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:qYnw1IcEmJNPRVyXedjvBp0qOAOUAJtGJ7KxBr7cA:rwKcLLyudjzg
                                                                                                  MD5:8A3BB2B9767A3FD8397C2783F3EE1A65
                                                                                                  SHA1:8802B8F2FB027A8AF228548BA70D577138057EED
                                                                                                  SHA-256:77720ED67150B2C854A36F2F8002913E98788A9634BE0FC1540A19CA1423BFB6
                                                                                                  SHA-512:50184F85557C1CFAAAB4DC37693FB6AA854EE22E7D1061CA1780F16BDD57912F9726891A060AD74934E08DE4199BBD6B7E94914E42DD05BED9194012BF85DDBD
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..Voice..0: Double Params Flag..1: Total number of elements..72: Main 0..0: Main 1..0: Main 2..0: Main 3..95: Main 4..0: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..0: Integer[1]..0: Integer[2]..1: Integer[3]..0: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. -4: Boost/Cut..Band 3.. 214.311: CF.. -2: Boost/Cut..Band 4.. 396.85: CF.. 2: Boost/Cut..Band 5.. 734.867: CF.. 4: Boost/Cut..Band 6.. 1360.79: CF.. 5: Boost/Cut..Band 7.. 3430.8: CF.. 3: Boost/Cut..Band 8.. 5250.0: CF.. 3: Boost/Cut..Band 9.. 6300: CF.. 5: Boost/Cut..Band 10.. 11770: CF.. -11: Boost/Cut..

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\4.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):963
                                                                                                  Entropy (8bit):4.827256471188213
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:qBJw1IsJzlLRVyWWt5djvBp0rOAbUAJ4QSOpApBEiA:COKayb5djzhu
                                                                                                  MD5:54307B58B9FD001E1910F98FDB25D966
                                                                                                  SHA1:1DBDBE2906679A4C97FE294D90BBBAEB4EB4019E
                                                                                                  SHA-256:FC6CD10E51D33A70E74091A662054989D97CDE5AE705475C8D80F681708FF07F
                                                                                                  SHA-512:15D185CD1B740DC726AE9A77F0F650DE05E0C74F76DBF10E5BACA4124CDADDD30636D814CE051B4B0D3979CB4ED493C00925AE52B505FEBA9CEFAA528FAFD8CD
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..Volume Boost..0: Double Params Flag..1: Total number of elements..32: Main 0..20: Main 1..0: Main 2..0: Main 3..103: Main 4..35: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 101: CF.. 3: Boost/Cut..Band 3.. 240: CF.. 2: Boost/Cut..Band 4.. 396.85: CF.. 2: Boost/Cut..Band 5.. 734.867: CF.. 0: Boost/Cut..Band 6.. 1360.79: CF.. 0: Boost/Cut..Band 7.. 2519.84: CF.. 1: Boost/Cut..Band 8.. 4670: CF.. 1: Boost/Cut..Band 9.. 11760: CF.. 2: Boost/Cut..Band 10.. 16000: CF.. 2: Boost/Cut..

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\5.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):966
                                                                                                  Entropy (8bit):4.857342274064095
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:qpRw1IRJOhRVyXt5djvBp0d5OAhHWiQSHvEGBaqA:kmKSyd5djzYL87
                                                                                                  MD5:471670C3295D3BBFED92E693981C30E1
                                                                                                  SHA1:23274FA49B6CCA00CA92CFF619B04EE657E4D97B
                                                                                                  SHA-256:F961856C2FEF99BCC9ABDA07BF3B1F19C9B16685208EA0E28CD4ED3F39778418
                                                                                                  SHA-512:54A54D9B8FFBE2B22F6151445D9F50941C738F112678DEDD5114D14503E4088CE77DF2D6428DB6E95DB6031A78E4F6444D8F8BA8ECEC360408EBEF9771D002E3
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..Gaming..0: Double Params Flag..1: Total number of elements..35: Main 0..0: Main 1..0: Main 2..0: Main 3..85: Main 4..35: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..0: Integer[1]..0: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 128.75: CF.. 0: Boost/Cut..Band 3.. 238.311: CF.. 2: Boost/Cut..Band 4.. 444.0: CF.. 2: Boost/Cut..Band 5.. 805.0: CF.. 2: Boost/Cut..Band 6.. 1360.79: CF.. 0: Boost/Cut..Band 7.. 2519.84: CF.. -1: Boost/Cut..Band 8.. 4400.12: CF.. -1: Boost/Cut..Band 9.. 7930.48: CF.. 2: Boost/Cut..Band 10.. 12570: CF.. 2: Boost/Cut..

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\6.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):982
                                                                                                  Entropy (8bit):4.857216071020656
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:qAZIRw1IDluRVyWWt5djvBp0TOAVUCJ4QS7TBlOA:DimKSyb5djzRT
                                                                                                  MD5:3817D6E5582793099881320401DFDDD7
                                                                                                  SHA1:AC6CDB82AE160EB3E6A55B338A7332B8CAC3DD1D
                                                                                                  SHA-256:59024B05F345CBB6332A581C916676D685913F0EBD1A8D0D8ECAD395D9D11E3B
                                                                                                  SHA-512:DF55BEEA1F116F5B6996DFE0212A115582CDAE1B110726D94462F4D3D1E20FE0D1400591A9CCB966B2865A0EFCEF913FE03048C7BD60A974B6074FBF492B9403
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..Classic Processing..0: Double Params Flag..1: Total number of elements..60: Main 0..35: Main 1..0: Main 2..60: Main 3..60: Main 4..70: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. 0: Boost/Cut..Band 3.. 214.311: CF.. 0: Boost/Cut..Band 4.. 396.85: CF.. 0: Boost/Cut..Band 5.. 734.867: CF.. 0: Boost/Cut..Band 6.. 1360.79: CF.. 0: Boost/Cut..Band 7.. 2519.84: CF.. 0: Boost/Cut..Band 8.. 4666.12: CF.. 0: Boost/Cut..Band 9.. 8640.48: CF.. 0: Boost/Cut..Band 10.. 13500: CF.. 0: Boost/Cut..

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\7.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):984
                                                                                                  Entropy (8bit):4.890210143884036
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:qIZIRw1IIvxtCRVyZWt5djvBp0fOAQpU5pJeWSEfBNMvpA:/imKDyo5djz91i
                                                                                                  MD5:16F49CF8417B0E368FAEB40CB70F3239
                                                                                                  SHA1:CE95736E467389C60F5C23BEA0DFFCCE547D529D
                                                                                                  SHA-256:0CC4E260945485F45D2BEEAEC9D7FF8F8EAE92FBD7C094AED4B39ABCDFBA07B3
                                                                                                  SHA-512:08BFC9B87D9C28DB55EBFCEF8D00748B7F351538AB224A03F97E263928079CAB6C0755B4740F1F6481AB547103557148C4AA607969A25FD97E0E86CE039D4AA8
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..Light Processing..0: Double Params Flag..1: Total number of elements..25: Main 0..0: Main 1..0: Main 2..35: Main 3..5: Main 4..20: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..0: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. -1: Boost/Cut..Band 3.. 214.311: CF.. 1: Boost/Cut..Band 4.. 396.85: CF.. 1: Boost/Cut..Band 5.. 734.867: CF.. -1: Boost/Cut..Band 6.. 1360.79: CF.. -1: Boost/Cut..Band 7.. 2519.84: CF.. -2: Boost/Cut..Band 8.. 4666.12: CF.. -1: Boost/Cut..Band 9.. 8640.48: CF.. -1: Boost/Cut..Band 10.. 13600: CF.. 1: Boost/Cut..

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\8.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):971
                                                                                                  Entropy (8bit):4.857752267847404
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:qXwJw1I4v5RVyWWt5djvBp0d8O8wtZpFSHfBNpVA:TOK8yb5djztRO
                                                                                                  MD5:C4EF8C129665163D28601E229493892A
                                                                                                  SHA1:3737A43F1A503166E063A44DEF48152C5DEF1EFF
                                                                                                  SHA-256:4A22A50C3AA77F6E887CD9E30DE1D381BEF900D5391EC84AD3154546FD1399A8
                                                                                                  SHA-512:3257A8A3EACA06AA89FB4A26139F5908DAACFEC34C6613D94F78B458184BF41E52561F99A9B0CA6580DC8D7EB845F47EC30033C72C3CCF9F4410E2331C514466
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..Bass Boost..0: Double Params Flag..1: Total number of elements..30: Main 0..35: Main 1..0: Main 2..35: Main 3..20: Main 4..75: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..1: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 98.0: CF.. 3: Boost/Cut..Band 3.. 158.3: CF.. 3: Boost/Cut..Band 4.. 345.0: CF.. 2: Boost/Cut..Band 5.. 541.867: CF.. 1: Boost/Cut..Band 6.. 1170.0: CF.. -1: Boost/Cut..Band 7.. 2519.84: CF.. -1: Boost/Cut..Band 8.. 4666.12: CF.. -1: Boost/Cut..Band 9.. 8640.48: CF.. -1: Boost/Cut..Band 10.. 14650: CF.. 0: Boost/Cut..

                                                                                                  C:\Program Files\FxSound LLC\FxSound\Factsoft\9.fac

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):978
                                                                                                  Entropy (8bit):4.8615388361461545
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:qjw1I9JaRVyGt5djvBp0TOAVUCJnpfpSOpHBlpA:pKcyG5djzr1
                                                                                                  MD5:D6712E9A03F84CA656BCB54815D11287
                                                                                                  SHA1:73D3CCD471460C24465597985329BC864B52C29A
                                                                                                  SHA-256:FBF25A50A996204B8F732E43ADF5ED8DB4FF6EAE6AA19C5832461B96AC71A016
                                                                                                  SHA-512:85DA0E65B9B0C18469165391343396DA5A3E9E153793FD6CCCF979F427C097A38DA5A439A7B10CBD5481A10E5435C1117BACEDFFB7B44F6C6872E40BCDE92483
                                                                                                  Malicious:false
                                                                                                  Preview:CLASS1 : Effect Type..9: Version..Streaming Video..0: Double Params Flag..1: Total number of elements..35: Main 0..35: Main 1..0: Main 2..0: Main 3..54: Main 4..35: Main 5..0: Element Number.. 0: Param 0.. 0: Param 1.. 0: Param 2.. 0: Param 3.. 0: Param 4.. 0: Param 5.. 0: Param 6..7: Number of Application Dependent Integers..0: Number of Application Dependent Reals..0: Number of Application Dependent Strings..1: Integer[0]..1: Integer[1]..0: Integer[2]..1: Integer[3]..1: Integer[4]..0: Integer[5]..2: Integer[6]..10: Number of EQ Bands..1: On/Off Flag..Band 1.. 62.5: CF.. 0: Boost/Cut..Band 2.. 115.734: CF.. 0: Boost/Cut..Band 3.. 214.311: CF.. 0: Boost/Cut..Band 4.. 396.85: CF.. 0: Boost/Cut..Band 5.. 734.867: CF.. 1: Boost/Cut..Band 6.. 1360.79: CF.. 1: Boost/Cut..Band 7.. 2519.84: CF.. 1: Boost/Cut..Band 8.. 5350.0: CF.. -1: Boost/Cut..Band 9.. 8640.48: CF.. 0: Boost/Cut..Band 10.. 13800: CF.. 2: Boost/Cut..

                                                                                                  C:\Program Files\FxSound LLC\FxSound\FxSound.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4595096
                                                                                                  Entropy (8bit):6.568137368170458
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:qJTC0pDGBBBBBBBBBBBBBBBBBBBBBBBBBU2U1oO:iTLDGBBBBBBBBBBBBBBBBBBBBBBBBBU7
                                                                                                  MD5:0A1E1E6B90FE62B9011393501BEF58D7
                                                                                                  SHA1:AA1A03B628301E17A17B178E7307780AA54B93CE
                                                                                                  SHA-256:F934DE57CFA0633F125B6707D21727F25B02D7C96E13FDCF3CB84042EE43876B
                                                                                                  SHA-512:1E9236D3F22114BD9A3DC91F64618F9E1803F26107A3E4FA7763DC14B3CA9487C7D31ED0D09AA10A54A8868B5982A23D1675694A7D262167424B1B5407180B7F
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........B.....................R...............................................t..................................P.......8............Rich............PE..d...K..e.........."....$..+.........@..........@..............................G.....^XF...`...................................................A.T....`F......@D.4.....E..)....G.(|....:.T.....................:.(.....:.@.............+..............................text...8.+.......+................. ..`.rdata..>.....+.......+.............@..@.data...ti....A.......A.............@....pdata..4....@D.......B.............@..@_RDATA..\....PF.......D.............@..@.rsrc........`F.......D.............@..@.reloc..(|....G..~...vE.............@..B........................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Bold.ttf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 13 names, Microsoft, language 0x409
                                                                                                  Category:dropped
                                                                                                  Size (bytes):201148
                                                                                                  Entropy (8bit):6.077443346933577
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:bbUD3Sp234i3viK7ldlrTft7yEeVfvVF1wSlCfzMV4lzCO0aMbVKgdIxfBEP:b4Di81v3ftneVfb1wXMizCtjzdIg
                                                                                                  MD5:DEC15F4454DA4C3DCDBA85A36C9F9A37
                                                                                                  SHA1:EE2C78FD0AF8AA895F15A93F9A61E13A960C17F3
                                                                                                  SHA-256:4A204F20F82129D09196FA3F16F2340B9CBBE2FC5E27038E0E57F76E03D96E38
                                                                                                  SHA-512:2FAAF11B8C6B5F487E8D563C8BA05F8CD34FA595AC2AD3CB9B1BFF29283DB7BE33D9345DFD9C19BD3EB058BBB8F45C32649F4B18E35F33CA300B35A516AEAB33
                                                                                                  Malicious:false
                                                                                                  Preview:............GDEF............GPOS.}.7...<...|GSUB.$+...C... "OS/2V.B.......`cmap.<..........cvt 3...........fpgmM$.|.......mgasp............glyf...........head.M.:...h...6hhea...i...D...$hmtx|. ...-P....loca.#.9.......Pmaxp...J...$... named..G........post......d...9,prep.K.........................N...R.....(.:.......m...................1.s........................33.7"._.<............F......x......s.4.........................X...K...X...^.2.B............ ...............ULA .............U.. .............. ...K...RX....Y.......cp...B@..k[K;.'..*...B@.p.`.P.@.4.,.....*...B@.r.h.X.H.:.0.%...*...BA..@.@.@.@.@.@......*...BA..@.@.@.@.@.@.@....*...D.$..QX.@.X..dD.&..QX......@.cTX...DYYYY@.r.b.R.B.6... ...*..........D..d..DD............................................................................>....."...6.........?...J...........?.?.....J.J.......................>......."...6.........;.........>.C....."...>...........G.......>......."...6.............4............."...$.5...7.:...<.=...B.\

                                                                                                  C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Medium.ttf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 15 names, Microsoft, language 0x409
                                                                                                  Category:dropped
                                                                                                  Size (bytes):199912
                                                                                                  Entropy (8bit):6.096339699160351
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:1DmsP234i3vSKmaHeqI9vOogmrctL7CzXjvfEZgczCLy5Bw9upmnJ0:1Dmse1v3He7Hh3zcBOupmnJ0
                                                                                                  MD5:4C61E408402414F36F5C3A06ECC5915B
                                                                                                  SHA1:F3C1C9E778680061C35EC512C918F1A630868872
                                                                                                  SHA-256:02CF88921629EEBFB25FBBCF5D46D0EF5BB307BB0D8AF482F47A65BB6620B088
                                                                                                  SHA-512:8F98065BD0B2FDA1A658FCCF9166BB4387A279D3471FFA8BE43B78FF874EE62735350390157270BC73A9AD84B7AC2DF81FC0538E3B5B569965C3D1BA55C47B92
                                                                                                  Malicious:false
                                                                                                  Preview:............GDEF............GPOS...6...t...GSUB.$+...D$.. "OS/2V..J.......`cmap.<..........cvt 0...........fpgmM$.|.. ....mgasp............glyf.@........|.head.8.!...h...6hhea...A...D...$hmtx+Bn...-.....locaKc.........Pmaxp...T...$... nameg5.........*post......dH..9,prep.K.........................L...P.....6.H.......m...............R...B.5........................33)..w_.<............F......x......5...........................X...K...X...^.2.>............ ...............ULA .............U.. .............. ...K...RX....Y.......cp...B@..k[K;.'..*...B@.p.`.P.@.4.,.....*...B@.r.h.X.H.:.0.%...*...BA..@.@.@.@.@.@......*...BA..@.@.@.@.@.@.@....*...D.$..QX.@.X..dD.&..QX......@.cTX...DYYYY@.r.b.R.B.6... ...*..........D..d..DD............................................................a.a.T.T.........>.........8.b.b.T.T.8...@...b.b.T.T.8.8.....@.@.....a.a.T.T...........>...........8.a.a.T.T.;.........>.@.........>.a.a.T.T...G.......>...........8.............4............."...$.5...7.:...<.=...B.\

                                                                                                  C:\Program Files\FxSound LLC\FxSound\MontserratAlternates-Regular.ttf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:TrueType Font data, 17 tables, 1st "GDEF", 13 names, Microsoft, language 0x409
                                                                                                  Category:dropped
                                                                                                  Size (bytes):201976
                                                                                                  Entropy (8bit):6.085964601621602
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:N5ZPg234i3vgm8LjbRWJrqi+Z5qefAMTvP/fXJGeqNE5Hv:Nrb1v18LjbwN/KAMTvPHXgZN4v
                                                                                                  MD5:AED416691BA9AFB1590D9DDF220F5996
                                                                                                  SHA1:8A441A013BB65EDB42D747EFC85CABA6D4149464
                                                                                                  SHA-256:720187E6F1FEC0D3510A9407BFDF8B952DC61BD990EDEBAA477FBD72F66775C5
                                                                                                  SHA-512:06B7933D35247259EA58271C6EDADB1DC7CAE80A158A47A4F41192773876C08F3DC0B31D5E11948936CFA6F696DAB1F6B10B9B5A697DBC7ACD06BCB49EFC44EC
                                                                                                  Malicious:false
                                                                                                  Preview:............GDEF............GPOS..f>...T....GSUB.$+...D... "OS/2U..?.......`cmap.<..........cvt /2..........fpgmM$.|.......mgasp............glyfQ.....8....head./.....h...6hhea...0...D...$hmtx......-h....locaqO.9.......Pmaxp...V...$... namef.1........post......d(..9,prep.K.........................L...R.....6.H.......m...............;...H..........................33.k.._.<............F......x........................|.........X...K...X...^.2.;............ ...............ULA .............U.. .............. ...K...RX....Y.......cp...B@..k[K;.'..*...B@.p.`.P.@.4.,.....*...B@.r.h.X.H.:.0.%...*...BA..@.@.@.@.@.@......*...BA..@.@.@.@.@.@.@....*...D.$..QX.@.X..dD.&..QX......@.cTX...DYYYY@.r.b.R.B.6... ...*..........D..d..DD............................................................H.H.>.>.........>.........9.H.H.>.>.5...<...H.H.>.>.5.5.....<.<.....H.H.>.>...........>...........9.H.H.>.>.;.........>.?.........>.H.H.>.>...G.......>...........9.............4............."...$.5...7.:...<.=...B.\

                                                                                                  C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Bold.otf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:OpenType font data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4909668
                                                                                                  Entropy (8bit):7.368899402965331
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:enEug8DH6ILVsFG88XJb2kRAOpEa3m5L4IlSyHApLmSi72TJiqvYg5Ka6xQQ3L:eu6dAl8ZTRAOpl30c6ELWmiqvY6yrL
                                                                                                  MD5:E2406FF1791C401BC93E73D9E44E6D2B
                                                                                                  SHA1:49E50DE244558C4C21F43D85B7404CABB970B30B
                                                                                                  SHA-256:E7BE1CDB169344A75BDF09F8563DCF5E662194BE3064873B6B4CA57E0BA0774F
                                                                                                  SHA-512:2A386A33F204FA5D07DA0DA4BB45590DDECA669235B77471FCA2E5405F749C9AD35289D439F48F2340377E27EE85725644C6F051D6DEEA10ED9C49B837B845FA
                                                                                                  Malicious:false
                                                                                                  Preview:OTTO.......pCFF .......|.E..GDEF............GPOS\.._..x<....GSUB..0.......j4OS/2...........`VORG....... ....cmap......%h....head.!4g.......6hhea..iv...@...$hmtx............maxpa%P.........name..H........:post...2... ... vhea.jv....d...$vmtx..Rc..........P.a%.........................................2.....................................n................a%...............>.n................_............j_.<...........x.......x......n...........................X...K...X...^.2.E............0...+.<.........GOOG. . ...p....... `.............. .......p.....f...k...k...z...........g...`.......{...g...g...g...g...g...g...g...g...g...g...g...g...g...................................................W...^...^...W...W...^...W...^...^...^...W...^...^...W...W...^...W...^...^...^...d...d...k.$...%...&.a.'.h...b...a...............b.......g.......g...v...g...g...g.......g...................g...v...g...g...g...................}...................v...................................-...O...a...a...g........

                                                                                                  C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Medium.otf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:OpenType font data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4768768
                                                                                                  Entropy (8bit):7.457467785730833
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:ZyEuezzWZAAjDyfnbWfANGPj89xGXE5D6fUdeujQlae22ljN1PSTl/EsqoCXpmU9:ZlzyZAAnyvbWY/9MODkKQl92YjeTls1L
                                                                                                  MD5:32666AE307200B0BCAB5553590672BB1
                                                                                                  SHA1:A4CDC5C494D118E231A32DDA98373E7835AC9DD8
                                                                                                  SHA-256:256BB06B91D974DDBC0E3C063C85522CDA6187CC638F0C6AE5D752EFA63FE093
                                                                                                  SHA-512:EB1459B024346ECB2A2014A481202C76988F2757C1287908295ECBF71E51CE1FDB886CC07C28B49D86FAEDD59FBFC7C017D5C5B797D03447314F882184E76847
                                                                                                  Malicious:false
                                                                                                  Preview:OTTO.......pCFF ...o.....B..GDEF............GPOS.....xx....GSUB..0....D..j4OS/2.G.........`VORG....... ....cmap......$.....head.'3........6hhea..i....@...$hmtx.i.....P....maxpa%P.........name..R........ppost...2... ... vhea..v....d...$vmtx..o....H......P.a%.........................................2.....................................o................a%............. .O.o................_............y_.<...........w.......w......o...........................X...K...X...^.2.E............0...+.<.........GOOG... ...p....... `.............. .......p.....d...g...g...v...........d...k...].......x...e...d...d...d...d...d...d...d...d...d...d...d...d...................................................T...[...[...T...T...[...T...[...[...[...T...[...[...T...T...[...T...[...[...[...d...d.$...%...&._.'.e..._..._..............._.......e.......e...u...e...e...e.......e...................e...u...e...e...e...................|...................u...................................*...O..._..._...e........

                                                                                                  C:\Program Files\FxSound LLC\FxSound\NotoSansKR-Regular.otf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:OpenType font data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4744692
                                                                                                  Entropy (8bit):7.421579840888723
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:98304:WREu/Kcw9VIXKPq8fCupfDdcCMjfe3NmletiwzaSs3ItjgB7v2bGPzraG69s9U59:WzbW+XKPPKqrd18f9MScGPXaVIU5YBQ
                                                                                                  MD5:210989664066C01D8FFDBDF56BB773CD
                                                                                                  SHA1:5F533D0D5CAF3847AFA2D78301E7B87B3485ECBC
                                                                                                  SHA-256:29445948E432137E0DE104DEC389E956D72633AA0E4CB04CA572BB8E378E3D35
                                                                                                  SHA-512:86AB46CE5F441AB7ADE525B0ACE1347D0B26A77303CDE9F11C68C772431E9CE181F50847C9D4D31026752F6230E66549692108DF9F1197F99C42FB5525C42ADC
                                                                                                  Malicious:false
                                                                                                  Preview:OTTO.......pCFF ...=....B.YGDEF............GPOS......x.....GSUB..0.......j4OS/2...........`VORG....... ....cmap......$.....head.-3}.......6hhea..i....@...$hmtx............maxpa%P.........name..Hy.......*post...2... ... vhea..v....d...$vmtx...j..........P.a%.........................................2.....................................p................a%.............6.[.p................_...........7h_.<...........w.......w......p...........................X...K...X...^.2.E............0...+.<.........GOOG.@. ...p....... `.............. .......p.....c...d...k...d...........b...i...[.......u...c...b...b...b...b...b...b...b...b...b...b...b...b...w...w...w...w.......w...w...w...w.......w...w...R...Y...Y...R...R...Y...R...Y...Y...Y...R...Y...Y...R...R...Y...R...Y...Y...Y...d...d.$...%...&.].'.c...]...]...............].......c.......c...c...c...c.......c...................c...c...c...c... ...............{...................................................'...N...]...]...c....................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Bold.otf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:OpenType font data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8716392
                                                                                                  Entropy (8bit):7.495261473238618
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:196608:tYotfY/gXxDZWgpU9Gt1Bzo5UO86DT2O/Hq8ADWmAp5G9r+4wNQ/+W:xtg/+DEx9RU0T2O/UW1p5G9lk+
                                                                                                  MD5:9C8CB849CB0041912EC77C9C59725A2A
                                                                                                  SHA1:60A514FD2A07CA63EBD7F5484951E50CB03F4FC2
                                                                                                  SHA-256:D1961BE1161EA1BE08496C920862D06EA5C23A757628F4FD69368DE1D9F51BED
                                                                                                  SHA-512:2C89324DCC21D9AAA44258BF96A295115F19B8264AB125250E20AB5BE0A7C1A55754BD754B569D938C7145FB431FCAFDA75900CD461F6A3FADD2D38728D13931
                                                                                                  Malicious:false
                                                                                                  Preview:OTTO.......pCFF G8j........fGDEF............GPOS.7"e..|....^GSUB..2.......)`OS/2...........`VORG#)..... ....cmap].....7h..E#head.!4{.......6hhea.......@...$hmtx.^K^...0....maxpx.P.........name..H........:post...2... ... vhea.j.o...d...$vmtx..yr.......B..P.x..........................................2.....................................n................x................>.n................wm........D..E_.<...........x.......x......n...........................X...K...X...^.2.E............ ...*.<.........GOOG. . ...p....... `.............. .......p.....f...k...k...z...........g...`.......{...g...g...g...g...g...g...g...g...g...g...g...g...g...................................................W...^...^...W...W...^...W...^...^...^...W...^...^...W...W...^...W...^...^...^...d...d...k...........a...h...b...a...............b.......g.......g...v...g...g...g.......g...................g...v...g...g...g...................}...................v...................................-...O...a...a...g........

                                                                                                  C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Medium.otf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:OpenType font data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8508580
                                                                                                  Entropy (8bit):7.531997873570796
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:196608:jhk120oT4Q8zL13Y0kv11hkQzvL9+fWdJMEtr9HYMiOA5dZARxZsa2Hl9:9OQTD8zL1DkdzZL9+eJT4MjMKRbp2z
                                                                                                  MD5:34D4F8EE5AD2748A4CF36D3D414B49AF
                                                                                                  SHA1:57F0F560DF654BC8E322A44C947672AE92CD2FAD
                                                                                                  SHA-256:9C62CEB174D7529AE4A7F2071F6531991CFADBC2F1897910B48BA951A580AC57
                                                                                                  SHA-512:63D2E90007C7D26203E5010291478A431701018F6A75107C2365DCF3B968CE38086CED05E31C57505B5C2564E22A32E63410E5B143D57F7ED914276967096788
                                                                                                  Malicious:false
                                                                                                  Preview:OTTO.......pCFF ...q...x.|.,GDEF............GPOSN.....|.....GSUB..2....D..)`OS/2.G.........`VORG....... ....cmap].....7...E#head.'4........6hhea.......@...$hmtx..\.........maxpx.P.........name.eR........ppost...2... ... vhea.......d...$vmtx.......d...B..P.x..........................................2.....................................o................x.............. .O.o................wm..........._.<...........w.......w......o...........................X...K...X...^.2.E............ ...*.<.........GOOG... ...p....... `.............. .......p.....d...g...g...v...........d...k...].......x...e...d...d...d...d...d...d...d...d...d...d...d...d...................................................T...[...[...T...T...[...T...[...[...[...T...[...[...T...T...[...T...[...[...[...d...d..........._...e..._..._..............._.......e.......e...u...e...e...e.......e...................e...u...e...e...e...................|...................u...................................*...O..._..._...e........

                                                                                                  C:\Program Files\FxSound LLC\FxSound\NotoSansSC-Regular.otf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:OpenType font data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):8482020
                                                                                                  Entropy (8bit):7.490491055703114
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:196608:V7zc85mwwTUbsFIpaGu97lX6vf6LzkROpDYBFSvjL/0jbGQH2YQylFW:i85mzTDGu97gEzkRNrS3/NC29ynW
                                                                                                  MD5:E3AE561F7B8052D9AA9F2B0B09C33EA1
                                                                                                  SHA1:7FB779EA2A8D83D7F80D4A2865D1EBB5E3CF1257
                                                                                                  SHA-256:A2B93E6C2DB05D6BBBF6F27D413EC73269735B7B679019C8A5AA9670FF0FFBF2
                                                                                                  SHA-512:32B1F305AEC14A5EA7C1166F76C5BA7DCD1D4FCF513902EA1E2811EC1F2B72CC73EFB6CAE4369FD877619EE66EAABD014C6ED0FF7C9D9B5E7F1C5FF3DCC8E8AD
                                                                                                  Malicious:false
                                                                                                  Preview:OTTO.......pCFF .^.......|..GDEF............GPOSS`.8..|h....GSUB..2.......)`OS/2...........`VORGb...... ....cmap].....7D..E#head.-3........6hhea...&...@...$hmtx...H...H....maxpx.P.........name..Hz.......*post...2... ... vhea.......d...$vmtx...........B..P.x..........................................2.....................................p................x..............6.[.p................wm..........._.<...........w.......w......p...........................X...K...X...^.2.E............ ...*.<.........GOOG.@. ...p....... `.............. .......p.....c...d...k...d...........b...i...[.......u...c...b...b...b...b...b...b...b...b...b...b...b...b...w...w...w...w.......w...w...w...w.......w...w...R...Y...Y...R...R...Y...R...Y...Y...Y...R...Y...Y...R...R...Y...R...Y...Y...Y...d...d...........]...c...]...]...............].......c.......c...c...c...c.......c...................c...c...c...c... ...............{...................................................'...N...]...]...c....................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Medium.ttf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2022 The Noto Project Authors (https://github.com/notofonts/thai)Noto Sans Thai Medium
                                                                                                  Category:dropped
                                                                                                  Size (bytes):46448
                                                                                                  Entropy (8bit):6.342108991808269
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:mK81vBz2gZztejCF0T0y/bGxWBraFRP+PTleQBJ/vmjpJIuzXrlay+Jv8iqK5:mKMZzrE0tFRKTl1/vmxBay+Jv8iqK5
                                                                                                  MD5:B26FBAE4345B2CD98CF41FCA34206B56
                                                                                                  SHA1:A4075B2CFEAE20A076B0303622F3EC7A4A558480
                                                                                                  SHA-256:6ACDBF858F40BCC0FA57B3971B1C5FE904C46B38DF8E4073556BD51F22FED358
                                                                                                  SHA-512:E560A762DB0E95D5C85A7392C7E7622DA101DDADCCC3AC90C2ED09668FFD5AC4662EAB4EAC1A9486F599ABF0F321C3783D62838D48DD0046489B3BC26F486E0A
                                                                                                  Malicious:false
                                                                                                  Preview:............GDEF...\........GPOS.`.....p....GSUB>.C....@....OS/2...........`STAT.[.W...0...@cmap..TL........gasp.......|....glyfm.......w.head..<...|....6hhea.5.....h...$hmtx......}....`loca%.....y.....maxp......x.... name>.cL.......xpost..v;...p....preph..............^............3.!.%!.!^.....5.....63.d.............3....7..#"&&54632...&&#"....326553.3.3..#"&'7..326553..H..Y?6U0SJ.$..... +3363k...'<#.0.....39k..Z.C='P;KV..K..(*,099....f,:...C..<:x.....K...........#.'..7.32............#'32654&##532654&##..3.K.{y@;(A&7eF..K;>NzvH7DGjQ@$..JU8K..."?1:R+V=-,7V0,-).w.2.....N.....$....."&5.3...3265.3....2zjk;>><kk.ph.W..?>>?.Z..hp...&...../....35#53.326654&&#"..56632......#.G..)8.!H:1V&.c;]p30n[.L.'UDFW'..`..B~[X{A...3.....+.=..."&554676654&#"..'6632.............326554&##5326653............dk...........9.'0........00 $..& .k.,...e.^\7/9..".....H.../ #0..,%5*0./..#&?%6.7L... )..T[...O...../.#..."&&553...326554&&#"..56632....#'#....8Q,i54@H%E01\(.j?Vk2U...Y.&P@.{58REV<B...`..6hM..Q'4...?...B

                                                                                                  C:\Program Files\FxSound LLC\FxSound\NotoSansThai-Regular.ttf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:TrueType Font data, 16 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2022 The Noto Project Authors (https://github.com/notofonts/thai)Noto Sans ThaiRegular
                                                                                                  Category:dropped
                                                                                                  Size (bytes):46380
                                                                                                  Entropy (8bit):6.332636311465189
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:tKC1+LWAHjb4oBQ4TETj4oaNGrHmcsa3cGr2yxzQqaf2KVvbd+9MzXrlaKn8iqK8:tKo4400XHDsa39/x8qevBBaKn8iqK8
                                                                                                  MD5:DB4FA9CBA5C3BED6D99A608207F5240B
                                                                                                  SHA1:65AF553B1091B015CAFEA3A1498C9F8E36997864
                                                                                                  SHA-256:2166DDD8DD7650AC7A7D81FD229CACBE99C06CF559D93DB3B37D356312DEB405
                                                                                                  SHA-512:BD81A38A4ADB1849D19393D6476719C13E93EA418DCF369E38872D0FF59325FD8058AC683B514EE3B6663FD8F88BABDA0CFD065CC5E0F7ED9E1858B5893F031F
                                                                                                  Malicious:false
                                                                                                  Preview:............GDEF...\...`....GPOS...#...L....GSUB>.C.........OS/2._.........`STAT...V.......Dcmap..TL........gasp.......X....glyf*.#.......w.head..<...|....6hhea.5.....`...$hmtxw.....}....`loca#..b..y.....maxp......x.... name9][........Zpost..v;...L....preph..............^............3.!.%!.!^.....5.....63.d.............3....7..#"&&54632...&&#"....326553.3.3..#"&'7..326553..L..Z?7U/RH.#.....#/87;7Y...)>#.......7<Y..a.F=(O:JU..C..,/14>>....l-;...:..?=w.....O...........#.'..7.32............#'32654&##532654&##..3.O.{|@<)B'8eF..RADVzvP;JNiY=$..IV9J..."?2:Q+LA1/;M301+.n.2.....Q.....$....."&5.3...3265.3....-vfY@CDAYg.ld.^..CBBC._..dl...&..........35#53.326654&&#"..56632......#.L..-<.!I>/W(.b9[m0/iX.F.(ZJJ\*..S..C~ZW{A...6.....*.=..."&554676654&#"..'6632.............326554&##5326653............_g...........5.%-......2.24"&..)".Y.....`.[[=2:..".....@...-.%0...%;.2./1.%'9&7.5J...!)..MW...Q.......#..."&&553...326554&&#"..56632....#'#....8S-X::GN'H30[+.g=Uj1I...[.'Q@..7=YIZBH...S..6hM..Q(3...B...9

                                                                                                  C:\Program Files\FxSound LLC\FxSound\updater.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1057176
                                                                                                  Entropy (8bit):6.336031755439875
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:vgDKXk+MUYWnd/xgHKfZKKuDeNnEQh9Ip+o55cZPBREGz5ItHXBhb:vq+26/bse+g9UgZPBREGz5oHXBhb
                                                                                                  MD5:BC7B29CD513AEC979CEFBF30E6D68A01
                                                                                                  SHA1:26CAF25713A32D16658F062E14CD7C6068F536E4
                                                                                                  SHA-256:5FD669E66046950328A555C8F3223D9F3E8599C7128E9DE15D29BD76CDE5DE30
                                                                                                  SHA-512:AEA0CC8B1B195149DFD662948E04250CB6539B7C836C64AE8DE8C11A916A9CBEA13486691F33FE8FB1060CA3E267DCA385A5913DEC66A9CFE641B8FB98A57B69
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.k..{8..{8..{8.ex9..{8.e~9~.{8.m.9..{8.mx9..{8.o~9..{8.m~9..{8.e.9..{8.e}9..{8.ez9..{8..z8~.{8.mr9..{8.m.8..{8.my9..{8Rich..{8........................PE..L...[..b..........".... ............o........@....@..........................0.......F....@.....................................,....P...:...............)......<...@...p............................\..@............@..t...d........................text....-.......................... ..`.rdata..Z....@.......2..............@..@.data...<)... ......................@....rsrc....:...P...<..................@..@.reloc..<............X..............@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Program Files\FxSound LLC\FxSound\updater.ini

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):484
                                                                                                  Entropy (8bit):5.430713079925545
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:1CGbPmi+BtvtSx7u1XK3VyXWCECFbSt7MecHB8zQ:1nn+be7u18V6g7MeRzQ
                                                                                                  MD5:66DF04C3C3E209E28CD4226DDA3FA646
                                                                                                  SHA1:A07956CF11956D975F601CA25D3267485319764B
                                                                                                  SHA-256:7290DBD8641C8D682005AE0E93DA8F9AFD0C19A2A3C24F6ED781B4CFB0F53611
                                                                                                  SHA-512:E7036D1DF37233DAA9611EB24615FB6D09E6F10707E9ECD729729A1E4858BE18092B090A8FD6BC69EDF929016FFF2990B03BD4F8E518EB00F9499FFEEB035980
                                                                                                  Malicious:false
                                                                                                  Preview:[General]..AppDir=C:\Program Files\FxSound LLC\FxSound\..ApplicationName=FxSound..CompanyName=FxSound LLC..ApplicationVersion=1.1.20.0..DefaultCommandLine=/silent..URL1=https://s3.amazonaws.com/downloads3.fxsound.com/fxsound/2/updates.txt..CheckFrequency=2..DownloadsFolder=C:\ProgramData\FxSound LLC\FxSound\updates\..Flags=NoDisableAutoCheck|PerMachine|VerifyDigitalSignature|NoUpdaterInstallGUI..ID={1CA2081B-0D5A-41DF-86E8-2788204CE340}..URL=https://download.fxsound.com/updates..

                                                                                                  C:\ProgramData\FxSound LLC\FxSound\updates\updates.aiu.part

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\FxSound LLC\FxSound\updater.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):497
                                                                                                  Entropy (8bit):5.546037615393976
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:8odu5B8u1bWYSu1aFYl6zLOZrK3GfvXFQn0WYX0VB5:fu1bou1aul68u3MXH3cB5
                                                                                                  MD5:59451DEEB43402AD76F849F6E15AE125
                                                                                                  SHA1:E64FA3C155C7C0DDCD8DFC3606D9F533D5CF4B17
                                                                                                  SHA-256:A236454D0707640CE09E73D38877A97CF6280B289B1A8A47D36DFBC74EC6EDD6
                                                                                                  SHA-512:D2EF11FD1917A548DD4D271F66CE29505E2B2482CEC90816D4F0B7587325E73B703C6F69BE212C483E5178740559AC5E3AEA26AEA454B1C2AC8375486459CDC1
                                                                                                  Malicious:false
                                                                                                  Preview:;aiu;....[Update]..Name = FxSound..ProductVersion = 1.1.20.0..URL = https://download.fxsound.com/fxsoundlatest..URL1 = https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exe..Size = 46914960..SHA256 = 3541DF625AFFA384FEACF3CD3D64C47D2372EAB9A2055D57DDE08AFE7F85862C..MD5 = 9ea725e3e3bc82249957cc00b74c4882..ServerFileName = fxsound_setup.exe..Flags = SilentInstall|Sys64..RegistryKey = HKUD\Software\FxSound LLC\FxSound\Version..Version = 1.1.20.0..AutoCloseApplication = [APPDIR]FxSound.exe..

                                                                                                  C:\ProgramData\FxSound\FxSound.settings

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):365
                                                                                                  Entropy (8bit):5.210278155455057
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:TMVBd/1qFPM+/QOQlvqitMvVQqAvcW+cDvcWFLPcg:TMHdkFjQnjtMv3kzJZ0g
                                                                                                  MD5:BE359259B30D461DBF8D299C3347C4AC
                                                                                                  SHA1:7E8087FEC573363C1B568D993892ED1881F28B06
                                                                                                  SHA-256:D2357AE5AEE6D8691DB67B9F9E7684A96B6FAC4DF62336F5F13679AE1D18727E
                                                                                                  SHA-512:176E02BB757D35AE7732DA8CD17AEC6AA2771E3E346BB1F2F0CECD439DD6123926626368711554527729D4B83717331DE775B0796D087D12E348981137E24DC1
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8"?>..<PROPERTIES>.. <VALUE name="power" val="1"/>.. <VALUE name="hotkeys" val="1"/>.. <VALUE name="preset" val="General"/>.. <VALUE name="cmd_on_off" val="196689"/>.. <VALUE name="cmd_open_close" val="196677"/>.. <VALUE name="cmd_change_preset" val="196673"/>.. <VALUE name="cmd_change_output" val="196695"/>..</PROPERTIES>

                                                                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound\Check for FxSound updates.lnk

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Sat Sep 16 21:13:02 2023, mtime=Wed Nov 22 15:30:33 2023, atime=Sat Sep 16 21:13:02 2023, length=1057176, window=hide
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2074
                                                                                                  Entropy (8bit):3.668553029214428
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:8bAdIfzDZyRAqc6d0VVd0VPb+M3kb6/S7crd4W3kb6kJliyfm:8MdIbwiMd0VVd0Vz50bCS7crCW0bn
                                                                                                  MD5:6619D5612745A81070CF370E2C96EE45
                                                                                                  SHA1:FCA5763E73001B9FA1D2A25487EDB9C7F7466368
                                                                                                  SHA-256:A5070870AB1B3B30DDB59BC7D4855043E35E0973437727C95160B5F494DA6B6D
                                                                                                  SHA-512:70D31978F12EFE2AE9C851DFE7634BB3D2E1933A65519C551F73DB08CC440DCCF4CA449F69C3A13859FB9258BB014AB1C416BB249B765C2F3919F6ED00F0B9E7
                                                                                                  Malicious:false
                                                                                                  Preview:L..................F.@.. ....+S.....&..6a....+S......!...........................P.O. .:i.....+00.../C:\.....................1.....vW...PROGRA~1..t......O.IvW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....`.1.....vW...FXSOUN~1..H......vW.vW...............................F.x.S.o.u.n.d. .L.L.C.....V.1.....vW...FxSound.@......vW.vW...............................F.x.S.o.u.n.d.....b.2..!..0W.. .updater.exe.H......0W..vW.....d+........................u.p.d.a.t.e.r...e.x.e......._...............-.......^...........o........C:\Program Files\FxSound LLC\FxSound\updater.exe..?.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.u.p.d.a.t.e.r...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.../.c.h.e.c.k.n.o.w.G.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.1.4.6.0.0.6.6.5.-.0.1.6.5.-.4.9.E.8.-.8.0.1.7.-.D.1.B.D.6.A.2.9.0.3.3.5.}.\.f.x.s.o.u.n.d.

                                                                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FxSound\FxSound.lnk

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Sep 16 16:44:52 2023, mtime=Wed Nov 22 15:30:34 2023, atime=Sat Sep 16 16:44:52 2023, length=4595096, window=hide
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2054
                                                                                                  Entropy (8bit):3.644367570927665
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:8ZdIfzDZyZlAqXk6d0VsKd0Vd+M3kb6/S7crd4W3kb6kJloyAyfm:8ZdIbwZO4d0VsKd0Vd50bCS7crCW0b7
                                                                                                  MD5:31839BBE602359472F590E68D56CC150
                                                                                                  SHA1:5536528BFFD2194030AC41567AC1EEB0DD7B2D7C
                                                                                                  SHA-256:033284943644254A570425C19EEC28FB27CAC9A2463072B39F32327A2AB36B88
                                                                                                  SHA-512:4D0A8B5B75C9691AEBB7F3C607250E7E258DDACA4596A09575EE68D722C3C93DEE5CEE8EB121DF78320751D169C5D728E6D9B4E2E731B27BBD7589AC30EFF0E8
                                                                                                  Malicious:false
                                                                                                  Preview:L..................F.@.. ......~....&..7a......~......F..........................P.O. .:i.....+00.../C:\.....................1.....vW...PROGRA~1..t......O.IvW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....`.1.....vW...FXSOUN~1..H......vW.vW...............................F.x.S.o.u.n.d. .L.L.C.....V.1.....vW...FxSound.@......vW.vW...............................F.x.S.o.u.n.d.....b.2...F.0W.. .FxSound.exe.H......0W..vW...............................F.x.S.o.u.n.d...e.x.e......._...............-.......^...........o........C:\Program Files\FxSound LLC\FxSound\FxSound.exe..?.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.F.x.S.o.u.n.d...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.G.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.1.4.6.0.0.6.6.5.-.0.1.6.5.-.4.9.E.8.-.8.0.1.7.-.D.1.B.D.6.A.2.9.0.3.3.5.}.\.f.x.s.o.u.n.d...e.x.e.........%Sys

                                                                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\FxSound.lnk

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Sep 16 16:44:52 2023, mtime=Wed Nov 22 15:30:32 2023, atime=Sat Sep 16 16:44:52 2023, length=4595096, window=hide
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2054
                                                                                                  Entropy (8bit):3.6463658766037312
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:8hdIfzDZTZlAqXk6d0VsKd0Vd+M3kb6/S7crd4W3kb6kJloyAyfm:8hdIbRZO4d0VsKd0Vd50bCS7crCW0b7
                                                                                                  MD5:4600C611796A8FE69B4B30F2B92532A2
                                                                                                  SHA1:F6B21054C1499A33F0DD56E06B8AA28298738E2B
                                                                                                  SHA-256:ECED7E4799A291EEF8F8501B2DC9D1AA47AC5F61AF9C514916BE7C2466A664C4
                                                                                                  SHA-512:1D4ED92CB636B544D902D04522BC1B6D0FFFCE997D247A8FE56C83A93FD49A13AC55375B0214D75D0050D3B0BCC949A390D880A62BF3FEE49A3D8090733F3094
                                                                                                  Malicious:false
                                                                                                  Preview:L..................F.@.. ......~....i..6a......~......F..........................P.O. .:i.....+00.../C:\.....................1.....vW...PROGRA~1..t......O.IvW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....`.1.....vW...FXSOUN~1..H......vW.vW...............................F.x.S.o.u.n.d. .L.L.C.....V.1.....vW...FxSound.@......vW.vW...............................F.x.S.o.u.n.d.....b.2...F.0W.. .FxSound.exe.H......0W..vW...............................F.x.S.o.u.n.d...e.x.e......._...............-.......^...........o........C:\Program Files\FxSound LLC\FxSound\FxSound.exe..?.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.F.x.S.o.u.n.d...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.G.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.1.4.6.0.0.6.6.5.-.0.1.6.5.-.4.9.E.8.-.8.0.1.7.-.D.1.B.D.6.A.2.9.0.3.3.5.}.\.f.x.s.o.u.n.d...e.x.e.........%Sys

                                                                                                  C:\Users\Public\Desktop\FxSound.lnk

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Sep 16 16:44:52 2023, mtime=Wed Nov 22 15:30:34 2023, atime=Sat Sep 16 16:44:52 2023, length=4595096, window=hide
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2036
                                                                                                  Entropy (8bit):3.641584485354774
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:8EdIfzDZyZlAqX+d0VsKd0Vd+M3kb6/S7crd4W3kb6kJloyAyfm:8EdIbwZOtd0VsKd0Vd50bCS7crCW0b7
                                                                                                  MD5:746B248A225DDC7AA22E08F8834A6B8A
                                                                                                  SHA1:60A302927D06EAD5B3EE6001CAA950D5A3E9D6BA
                                                                                                  SHA-256:A90A00C02D2FFBCEF94BA888087A9ED7A38750AC0962160340893B9587E355F5
                                                                                                  SHA-512:5D510BBC480E73C185B2CB4513F5CD8E7F7321137A82B5F57F2198F1954740689C166FFBC2C4966132C8E1BFD7AE3B44023F415FC7263DBE0A54B3960F719BF6
                                                                                                  Malicious:false
                                                                                                  Preview:L..................F.@.. ......~.......7a......~......F..........................P.O. .:i.....+00.../C:\.....................1.....vW...PROGRA~1..t......O.IvW.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....`.1.....vW...FXSOUN~1..H......vW.vW...............................F.x.S.o.u.n.d. .L.L.C.....V.1.....vW...FxSound.@......vW.vW...............................F.x.S.o.u.n.d.....b.2...F.0W.. .FxSound.exe.H......0W..vW...............................F.x.S.o.u.n.d...e.x.e......._...............-.......^...........o........C:\Program Files\FxSound LLC\FxSound\FxSound.exe..6.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.F.x.S.o.u.n.d...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d.\.G.C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.{.1.4.6.0.0.6.6.5.-.0.1.6.5.-.4.9.E.8.-.8.0.1.7.-.D.1.B.D.6.A.2.9.0.3.3.5.}.\.f.x.s.o.u.n.d...e.x.e.........%SystemRoot%\Installer

                                                                                                  C:\Users\user\AppData\Local\Temp\MSICA43.LOG

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):53274
                                                                                                  Entropy (8bit):3.7476742110289996
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:QcdY0TTJmLAYIsDvV0i4mojQagWgCgWgeI0i4mojQagWgCgWg+o0i4mojQagWgC4:QDEZ+
                                                                                                  MD5:C311955AABEBBD7EA935D5C992F4D8BC
                                                                                                  SHA1:E86D1313469CB193D31E50FDDCD68419B75811D3
                                                                                                  SHA-256:BE0004CF77358C475DE530CDBEBCB9827D09F833185B776659E14CE67DA1F4F4
                                                                                                  SHA-512:D88DBE0D03B8C548E0710FBAB0116DB90D4EC54102C9E63F73E6FF28E732FF56EA1228309F18486BE74ED22704426CCEAEF5F74D38D7AFF35BFA3658B5679C2B
                                                                                                  Malicious:false
                                                                                                  Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .2.2./.1.1./.2.0.2.3. . .1.7.:.3.0.:.2.9. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.D.e.s.k.t.o.p.\.f.x.s.o.u.n.d._.s.e.t.u.p...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.C.4.:.5.C.). .[.1.7.:.3.0.:.2.9.:.2.7.7.].:. .S.O.F.T.W.A.R.E. .R.E.S.T.R.I.C.T.I.O.N. .P.O.L.I.C.Y.:. .V.e.r.i.f.y.i.n.g. .p.a.c.k.a.g.e. .-.-.>. .'.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d. .1...1...2.0...0.\.i.n.s.t.a.l.l.\.f.x.s.o.u.n.d...x.6.4...m.s.i.'. .a.g.a.i.n.s.t. .s.o.f.t.w.a.r.e. .r.e.s.t.r.i.c.t.i.o.n. .p.o.l.i.c.y.....M.S.I. .(.c.). .(.C.4.:.5.C.). .[.1.7.:.3.0.:.2.9.:.2.7.7.].:. .S.O.F.T.W.A.R.E. .R.E.S.T.R.I.C.T.I.O.N. .P.O.L.I.C.Y.:. .C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.F.x.S.o.u.n.d. .L.L.C.\.F.x.S.o.u.n.d. .1...1...2.0...0.\.i.n.s.t.a.l.l.\.f.x.s.o.u.n.d...x.6.

                                                                                                  C:\Users\user\AppData\Local\Temp\MSICC49.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):563656
                                                                                                  Entropy (8bit):6.432700089523593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                  MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                  SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                  SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                  SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\MSIccd31.LOG

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (361), with CRLF, LF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):299756
                                                                                                  Entropy (8bit):3.833281861018859
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3072:QeZNGbaAUdZrjjMDQu3tosamdNxIdn7wNxj8ILfZFnsKw578YLLGRE3i9kkJDrUA:QAA2juQntr+
                                                                                                  MD5:E68DD675E09CA798FF2F669542F6B76C
                                                                                                  SHA1:39631AA83BA0CB73BC75250D8C998ACB116E8333
                                                                                                  SHA-256:6A7BF00760D3D332094415CDCF121BEFD96289BD702D7EABF4DC974AA263E8F3
                                                                                                  SHA-512:5FF824FBDA4D09889E1F7EC9135CBF448F786878116AE08F92F2B072DE33A70FF3F4FE2BA6207A6B054F89B81D235EBC7363762F63131259ED144209C1F5C09F
                                                                                                  Malicious:false
                                                                                                  Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .2.2./.1.1./.2.0.2.3. . .1.7.:.3.0.:.3.0. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.m.s.i.e.x.e.c...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.6.C.:.7.0.). .[.1.7.:.3.0.:.3.0.:.0.5.6.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.6.C.:.7.0.). .[.1.7.:.3.0.:.3.0.:.0.5.6.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.6.C.:.7.C.). .[.1.7.:.3.0.:.3.0.:.1.0.3.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.6.C.:.7.C.). .[.1.7.:.3.0.:.3.0.:.1.0.3.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .

                                                                                                  C:\Users\user\AppData\Local\Temp\shiCBDA.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5038592
                                                                                                  Entropy (8bit):6.043058205786219
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:vVkDvLSkqdbEsuV+ebMh8w+/H8pF/bmlEyGjWvcP1xQ+X7TqVAMPLfQyim8kznsY:2Ll+Mn0WHl9VA2ic/
                                                                                                  MD5:11F7419009AF2874C4B0E4505D185D79
                                                                                                  SHA1:451D8D0470CEDB268619BA1E7AE78ADAE0EBA692
                                                                                                  SHA-256:AC24CCE72F82C3EBBE9E7E9B80004163B9EED54D30467ECE6157EE4061BEAC95
                                                                                                  SHA-512:1EABBBFDF579A93BBB055B973AA3321FC8DC8DA1A36FDE2BA9A4D58E5751DC106A4A1BBC4AD1F425C082702D6FBB821AA1078BC5ADC6B2AD1B5CE12A68058805
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.D!...!...!...(.V.C...5..."...5...&...5...)...!......5...:...5... ...5...R...5.:. ...5... ...Rich!...................PE..d...p............." .........D...............................................`M.....'.M...`A........................................@.H.L&....I......@K.H.....I..............@M.....`J:.p.......................(....%..............@.......$.H......................text...4B.......D.................. ..`.wpp_sf.....`.......H.............. ..`.rdata...L*......N*.................@..@.data...hD...PI......*I.............@....pdata........I......2I.............@..@.didat.......0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc.......@M.. ....L.............@..B........................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\{fcd0319a-f7d0-4a4e-b0b4-a92d9d7e4c52}\SETEDD9.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10590
                                                                                                  Entropy (8bit):7.254430659006022
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:1OgjZ7OPJCbngEw9JPgXkhYCClQBcA5E8qnajEzHbC:18UuLh3Cl+x5E8l4zu
                                                                                                  MD5:ACDAAE5D1219E7703285C42F774BE54D
                                                                                                  SHA1:47DF82D8C843BF1ADC098A26E9E3E27217B3104D
                                                                                                  SHA-256:25C8DAE186155D20F74FEEDEFB4F84161E4215925B8FD0C898F68F3E50EBCD7D
                                                                                                  SHA-512:83B663222FB22B1760EA8551D19557F3F2905BFAC205B380B23DD7F2A65A37B851A3C3C345E4A768B76700BB891B97C96A0DBBB58D81358993293AD1EB3E300A
                                                                                                  Malicious:false
                                                                                                  Preview:0.)Z..*.H........)K0.)G...1.0...`.H.e......0.....+.....7......0...0...+.....7.....7.M&...A.f..B....210319161347Z0...+.....7.....0..?0....#..6yS{.I..^o.Q{.A.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0.... Kt=..].....&...m.ng..,.....Q...|1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... Kt=..].....&...m.ng..,.....Q...|0... ..\...{...*p$..B.F.C8..C.p....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..\...{...*p$..B.F.C8..C.p....0.....w7=-{x|<....8....O.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s......C0..?0....+.....7......0.....S.u.

                                                                                                  C:\Users\user\AppData\Local\Temp\{fcd0319a-f7d0-4a4e-b0b4-a92d9d7e4c52}\SETEDE9.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                  File Type:Windows setup INFormation
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5334
                                                                                                  Entropy (8bit):5.628759224235533
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:3q9BSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3qzSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                  MD5:328087CAF99B50D988A304BEEEA3FCE8
                                                                                                  SHA1:23FFEF913679537BB049008F5E6F8E517BB24192
                                                                                                  SHA-256:BA175CFDDD91B87BDDA3F1DF2A70249E1742E846B843381EB0438B70F91A110A
                                                                                                  SHA-512:D006E8DE0F9258A3EE75723E458D635586040702C1357630F199CF5740C7E29D87FEFD4B869A897BDD26B67FAD134E6BF35A2C01C3A00ACC8BF20181D7DA1AA3
                                                                                                  Malicious:false
                                                                                                  Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/17/2021,14.1.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                  C:\Users\user\AppData\Local\Temp\{fcd0319a-f7d0-4a4e-b0b4-a92d9d7e4c52}\SETEDFA.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):326656
                                                                                                  Entropy (8bit):2.91036654915667
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:3Ft4aLqpAogNTiqwu2CvcCjikibqqqqqqqqqqqqqqqqqqqaFgNj////////////l:T45A/N8Cfjik6scccoFtr
                                                                                                  MD5:EAF913C1DE47C2421669B662EDAA5A6A
                                                                                                  SHA1:53524526E1898A90FA98AE02E662B9C0E6DC2848
                                                                                                  SHA-256:425629B6309000013E8CD1A9B827BEE365D21C9F743873AADD0C3BC96A999D2A
                                                                                                  SHA-512:BB674FEB73751172A1ACE65AAB89C5EBF952A07F7AF0F3EC1DADF357FF693230CF08910AE273E8335EEC35E5827DA6405272D05C161987DF679199935AF21A76
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................X.......X.R.....X.......Rich....................PE..d....@R`.........."......6..........0..........@............................. ......cM....`A....................................................<........|...@...........$..........8)..8...........................p)............... ...............................text...)........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@.......(..............@..HPAGE....J'...P...(...,.............. ..`INIT.................T.............. ..b.rsrc....|.......~...X..............@..B.reloc..............................@..B........................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.msi

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {1FE29950-43C3-42AA-A25F-578F09237F5B}, Number of Words: 2, Subject: FxSound, Author: FxSound LLC, Name of Creating Application: FxSound, Template: ;1033, Comments: This installer database contains the logic and data required to install FxSound., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2117632
                                                                                                  Entropy (8bit):6.598867176501236
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:sxNYvPMg85nF9BrdLq2+cZfsZrAWlGFAvHZXm1+Ck:sY3orxq1AWkFA
                                                                                                  MD5:164DBF6A8998960D7EF4E2ACECC5F415
                                                                                                  SHA1:27303F0D0BAD5ED8AA551368B3718FF6180BEDD7
                                                                                                  SHA-256:965CDEE211FF716C29D9767898D270F2457112A9379A272E6F2C2B09C27B4CA0
                                                                                                  SHA-512:BD613F1EF6D1A48455B853381A26027BFFB627A7DDC18260D3B6E82D433D5D62A56C19DC74DE475486E5368EBFF6727C0F8626697378BB93A172214E95636683
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...................!...................................V.......~...............................X...................................................................................................................................................................................................................................................................................................................................................................................................................p...................,...<....................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...8...:......./...0...1...2...3...4...5...6...7.......9...=...;...C...O...>...?...@...A...B...E...D...L...F...G...H...I...J...K.......M...N...X...P...Q...R...S...T...U...........X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                  C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.x64.msi

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {D5DE046A-A59D-4852-B552-7C613C8DBEAF}, Number of Words: 2, Subject: FxSound, Author: FxSound LLC, Name of Creating Application: FxSound, Template: x64;1033, Comments: This installer database contains the logic and data required to install FxSound., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2117632
                                                                                                  Entropy (8bit):6.598567603205823
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:VcfYwPMg85nF9Brdgq2+cZfsZXAWlGFAvHZXm1+rN:sY6oruqxAWkFA
                                                                                                  MD5:42FA3A7E2E5BC46FBBB6DBC801A7EFEA
                                                                                                  SHA1:8B33A5D24120F9B88170CFCF8FDD802DA8882C56
                                                                                                  SHA-256:8BE0260EAD9EF1F0D6097CA26A30BBE18A7E59E3BD8160F5465E1107DD1C6648
                                                                                                  SHA-512:77574873F7695419F8FBF125B11764DC1F1583F9A3ED8860803AE72AB5C9AA47BD27AF3EE94B29A02D4AF28AE74D26BD90C9A8AC9C9D348F071CF15E011C586A
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...................!...................................V.......~...............................X...................................................................................................................................................................................................................................................................................................................................................................................................................p...................,...<....................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...8...9......./...0...1...2...3...4...5...6...7.......:...;...=...C...N...>...?...@...A...B...E...D...K...F...G...H...I...J...O...L...M...X...P.......Q...R...S...T...U...........X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                  C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound1.cab

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                  File Type:Microsoft Cabinet archive data, many, 39420851 bytes, 58 files, at 0x44 +A "FxSound.exe" +A "FxSound.settings", flags 0x4, ID 1234, number 1, extra bytes 20 in head, 1631 datablocks, 0x1 compression
                                                                                                  Category:dropped
                                                                                                  Size (bytes):39431555
                                                                                                  Entropy (8bit):7.998338875644748
                                                                                                  Encrypted:true
                                                                                                  SSDEEP:786432:rHAuWfgcKbjylyM5fZFKlG4GjIKNnSTAk5jDSUfzTm8/t4zdahXZBHHAIG:suG1KEyM5fZdxjIKNnEZDFLf/SJ+XZpG
                                                                                                  MD5:69DB76D4D58760C3CD42C04CFCCB9124
                                                                                                  SHA1:40A129702E82DE5F2E6C9498DFBC918717FBA947
                                                                                                  SHA-256:029BB5DEC04A6E33970E2EF57997D5372817756DC2C17DFA7D1AE37B3D49318A
                                                                                                  SHA-512:8181B712DDAB654CC24703BFFFA0079A74A44524A3700B3ABFB2199186096ADC13C1079745B28C3384ED3C184D7EBADAA80F14AF7760629FA4D11627B38438AD
                                                                                                  Malicious:false
                                                                                                  Preview:MSCF......Y.....D...........:.................Y..).............._.....F.......0W.. .FxSound.exe.m.....F...,WEX .FxSound.settings...;...F...0W=. .FxSound.exe_2..3.........T\. .ptdevcon32.exe..........T\. .ptdevcon64.exe.....m......T+. .DfxSetupDrv.exe...........T\. .dfx.ico..!........0W.. .updater.exe.....y<....0W.. .DfxInstall.dll.&}...4.....V. .fxsound.ico.....7......T.} .fxdevcon64.exe...........T+. .fxvad.inf...........T+. .fxvad.sys.^)........T+. .fxvadntamd64.cat..M.........T.} .fxdevcon32.exe......V.....T+. .fxvad.inf_1.....qk.....T+. .fxvad.sys_1.U)..qW.....T+. .fxvadntx86.cat...........T.} .fxdevcon64.exe_1.....^......T+. .fxvad.inf_2.....4......T+. .fxvad.sys_2.`%.........T+. .fxvadntamd64.cat_1..M..|.....T.} .fxdevcon32.exe_1...... .....T+. .fxvad.inf_3......4.....T+. .fxvad.sys_3.a%.........T+. .fxvadntx86.cat_1.....3D.....T+. .fac......G.....T+. .fac_1......K.....T+. .fac_2.....gO.....T+. .fac_3....."S.....T+. .fac_4......V.....T+. .fac_5......Z.....T+. .fac_6.....

                                                                                                  C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\holder0.aiph

                                                                                                  Download File
                                                                                                  Process:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):39431555
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:D93DFEE3CB6CE63DA8DE821BF93BFDBA
                                                                                                  SHA1:A35882AAFA2D9558B6B083B6E6EA44A9FCED2C71
                                                                                                  SHA-256:47A71DE1F1A875CC47513A3607E52F638D76405ADC3337A63B909ADC10AD27BD
                                                                                                  SHA-512:D0D3FC1F6A030B19C5553DD35F9C21C87DCA8E5F07D7242E708A2BB1EF28464ABBACDC35810C3542FCF207F0CB65E8F1FC854878DE3113D26BCD1441A68E08D3
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\FxSound\FxSound_temp911c07dc.settings

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\FxSound LLC\FxSound\FxSound.exe
                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):199
                                                                                                  Entropy (8bit):5.134952086722843
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:vFWWMNHU8LdgCf3q1iXvFjz9sQCQriF0qCH9Rz9sl6c286AlRqbyFjz9sl6c286r:TMVBd/+qFPLemVs+b4VNb7dn
                                                                                                  MD5:87D0982F5500919568CD4D775DB57BCF
                                                                                                  SHA1:9FB7B681B302A81BCDA7064099BF1CC8F332137D
                                                                                                  SHA-256:367993596516DD874F7D3DD89488142033DB7B76E4670C0D7E2F143C92899A0D
                                                                                                  SHA-512:5D57866402BD36C1FC54702E5A661601F99A18CA6497D5EC3BACCE2A3F9973115EC400211BB9859B7867355DFF578AE6E205E14C4CD41C0676B2E83F5ABB4C06
                                                                                                  Malicious:false
                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8"?>....<PROPERTIES>.. <VALUE name="language" val="en-GB"/>.. <VALUE name="output_device_id" val=""/>.. <VALUE name="output_device_name" val=""/>..</PROPERTIES>..

                                                                                                  C:\Users\user\AppData\Roaming\FxSound\fxsound.log

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\FxSound LLC\FxSound\FxSound.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):142
                                                                                                  Entropy (8bit):3.7464875870837915
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:+/3PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPovhCW6KGD8:+ovJ5tMKxpmgLn7
                                                                                                  MD5:D83F006ECB85D0669F3DA59BA17D4C1F
                                                                                                  SHA1:37E5A78BA433FECAFF61A0D8603D8F3D51CCFA43
                                                                                                  SHA-256:12ECE37BCDD30C2194A0A5FD0F4F85F43A8E3A7D04CACAA9AE5E7EEEF18A9517
                                                                                                  SHA-512:D951147168C4A56963603A39E7B213B98C00923BE11F7E36194457D9EA693BA51450B9BB8758F3B62173EF2D5221870C810FBF39A3CF8F31232CEBB18A5904AD
                                                                                                  Malicious:false
                                                                                                  Preview:..**********************************************************..FxSound logs..Log started: 22 Nov 2023 6:51:51pm....v1.1.20.0..Windows 10..x64..

                                                                                                  C:\Windows\INF\c_media.PNF

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                  File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x2108 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB
                                                                                                  Category:dropped
                                                                                                  Size (bytes):13156
                                                                                                  Entropy (8bit):3.6250477571032174
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:cJOzh59k3f3WSkEFRcpXyY3q0xPOQlf88GcNy1/HC3T6gYq2hwyvVATCG5qylmqG:7Qf3woapXQXQ1HNogE3lJSZmXx7p
                                                                                                  MD5:60B2EF95F0A811CC6FD2E163338A7294
                                                                                                  SHA1:0006F7466FDAA96BA0F306EBA5B8D65312806D1B
                                                                                                  SHA-256:F059676DE05CEB7116BCB5DC6C3F390B056BB2798DF3B70A3F76EF34F7DB2EA9
                                                                                                  SHA-512:C924E5CC4E55EF5238FFBA082C747D941062FD8D6615805924DC6528D8B7A39BCAD49EFB4176BB3F220C12C80FE65F0B97A8669C5C738D199C923A5CCEBD0B0C
                                                                                                  Malicious:false
                                                                                                  Preview:.....................!..h.......L..........x ......."......."..,... '......@-..h...............`3......C.:.\.W.i.n.d.o.w.s.....e.n.-.G.B...................................................................................................................................L...h...............X.......................................................................L...........................................D...........................................8.......0.......................................................................................................................D....................... ...............................................................L...................................................d.......................................................................T.......|.......................t...................t...............................................................................................................................................................

                                                                                                  C:\Windows\INF\oem4.inf

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                  File Type:Windows setup INFormation
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5334
                                                                                                  Entropy (8bit):5.628759224235533
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:3q9BSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3qzSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                  MD5:328087CAF99B50D988A304BEEEA3FCE8
                                                                                                  SHA1:23FFEF913679537BB049008F5E6F8E517BB24192
                                                                                                  SHA-256:BA175CFDDD91B87BDDA3F1DF2A70249E1742E846B843381EB0438B70F91A110A
                                                                                                  SHA-512:D006E8DE0F9258A3EE75723E458D635586040702C1357630F199CF5740C7E29D87FEFD4B869A897BDD26B67FAD134E6BF35A2C01C3A00ACC8BF20181D7DA1AA3
                                                                                                  Malicious:false
                                                                                                  Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/17/2021,14.1.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                  C:\Windows\INF\setupapi.dev.log

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                  File Type:Generic INItialization configuration [BeginLog]
                                                                                                  Category:dropped
                                                                                                  Size (bytes):46143
                                                                                                  Entropy (8bit):5.062356644348276
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:384:OGdni80C/8g0atRf7yr14ujuNY9AZi3Z/oUtwr05haujLrVDBf6V6D2iVWjyT/5i:Own95cdyYloiwQ+w9f6uWuT/I
                                                                                                  MD5:00EE4C1BF45B0D26BD804720E6A4C65B
                                                                                                  SHA1:EC3B103927AA59708E5969328332883AD22E3F9A
                                                                                                  SHA-256:DC3B696C92E316050DBE80506A6B33779F575177BE260EE6091C23EECFEFBEA6
                                                                                                  SHA-512:456E90F42D58E262DA66788D909DFBDEB853D94235BDDF05BA16F92EEC1D629E085BAC57E2B7C5ECC65C1367496058B0048FC378C574EE2C03C859702098CFFD
                                                                                                  Malicious:false
                                                                                                  Preview:[Device Install Log].. OS Version = 10.0.19045.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2023/10/03 09:57:02.288]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2023/10/03 09:57:37.904.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.19041.1806.. inf: Catalog File: prnms009.cat.. ump: Import flags: 0x0000000D.. pol: {Driver package policy check} 09:57:37.920.. pol: {Driver package policy check - exit(0x00000000)} 09:57:37.920.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf:

                                                                                                  C:\Windows\Installer\4cce4a.msi

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {D5DE046A-A59D-4852-B552-7C613C8DBEAF}, Number of Words: 2, Subject: FxSound, Author: FxSound LLC, Name of Creating Application: FxSound, Template: x64;1033, Comments: This installer database contains the logic and data required to install FxSound., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2117632
                                                                                                  Entropy (8bit):6.598567603205823
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:VcfYwPMg85nF9Brdgq2+cZfsZXAWlGFAvHZXm1+rN:sY6oruqxAWkFA
                                                                                                  MD5:42FA3A7E2E5BC46FBBB6DBC801A7EFEA
                                                                                                  SHA1:8B33A5D24120F9B88170CFCF8FDD802DA8882C56
                                                                                                  SHA-256:8BE0260EAD9EF1F0D6097CA26A30BBE18A7E59E3BD8160F5465E1107DD1C6648
                                                                                                  SHA-512:77574873F7695419F8FBF125B11764DC1F1583F9A3ED8860803AE72AB5C9AA47BD27AF3EE94B29A02D4AF28AE74D26BD90C9A8AC9C9D348F071CF15E011C586A
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...................!...................................V.......~...............................X...................................................................................................................................................................................................................................................................................................................................................................................................................p...................,...<....................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...8...9......./...0...1...2...3...4...5...6...7.......:...;...=...C...N...>...?...@...A...B...E...D...K...F...G...H...I...J...O...L...M...X...P.......Q...R...S...T...U...........X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                  C:\Windows\Installer\4cce4d.msi

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {D5DE046A-A59D-4852-B552-7C613C8DBEAF}, Number of Words: 2, Subject: FxSound, Author: FxSound LLC, Name of Creating Application: FxSound, Template: x64;1033, Comments: This installer database contains the logic and data required to install FxSound., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                  Category:dropped
                                                                                                  Size (bytes):2117632
                                                                                                  Entropy (8bit):6.598567603205823
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:49152:VcfYwPMg85nF9Brdgq2+cZfsZXAWlGFAvHZXm1+rN:sY6oruqxAWkFA
                                                                                                  MD5:42FA3A7E2E5BC46FBBB6DBC801A7EFEA
                                                                                                  SHA1:8B33A5D24120F9B88170CFCF8FDD802DA8882C56
                                                                                                  SHA-256:8BE0260EAD9EF1F0D6097CA26A30BBE18A7E59E3BD8160F5465E1107DD1C6648
                                                                                                  SHA-512:77574873F7695419F8FBF125B11764DC1F1583F9A3ED8860803AE72AB5C9AA47BD27AF3EE94B29A02D4AF28AE74D26BD90C9A8AC9C9D348F071CF15E011C586A
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...................!...................................V.......~...............................X...................................................................................................................................................................................................................................................................................................................................................................................................................p...................,...<....................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...8...9......./...0...1...2...3...4...5...6...7.......:...;...=...C...N...>...?...@...A...B...E...D...K...F...G...H...I...J...O...L...M...X...P.......Q...R...S...T...U...........X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                  C:\Windows\Installer\MSICFD1.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):563656
                                                                                                  Entropy (8bit):6.432700089523593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                  MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                  SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                  SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                  SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\MSID030.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):563656
                                                                                                  Entropy (8bit):6.432700089523593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                  MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                  SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                  SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                  SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\MSID06F.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):563656
                                                                                                  Entropy (8bit):6.432700089523593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                  MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                  SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                  SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                  SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\MSID090.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):648136
                                                                                                  Entropy (8bit):6.449062813580053
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:kEvIkrf4bxnJAN9Wk9BR3NUBNoACiSsmqJBoQZXm1+g:keIgMyR3iyACyHZXm1+g
                                                                                                  MD5:9B4B4EA6509E4DB1E2A8F09A7C6F8F04
                                                                                                  SHA1:512880ABE3C9696EDB042599BD199F1D05210AA2
                                                                                                  SHA-256:3774C31039CB87ED0327F49A00ABD7B4211AC938A46378B8661CD5D8B3B34F94
                                                                                                  SHA-512:63B4788A3AD000C08582F55532DC06BF88BC4111837A63E8157E0F5F668225F46758F9481B6E526A5A813F4F0CC9BE65FB4107D2135C61083274592AF03BA608
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................-......-...W......................-...........-.......-.................................r............Rich....................PE..L......b.........."!... . ...................0............................................@.........................p=.......>..........h................#.......`...`..p....................a.......C..@............0......4;..@....................text............ .................. ..`.rdata..4!...0..."...$..............@..@.data...@"...`.......F..............@....rsrc...h............X..............@..@.reloc...`.......b...^..............@..B........................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\MSID0BF.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):563656
                                                                                                  Entropy (8bit):6.432700089523593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                  MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                  SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                  SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                  SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\MSID0E0.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):563656
                                                                                                  Entropy (8bit):6.432700089523593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                  MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                  SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                  SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                  SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\MSID11F.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):648136
                                                                                                  Entropy (8bit):6.449062813580053
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:kEvIkrf4bxnJAN9Wk9BR3NUBNoACiSsmqJBoQZXm1+g:keIgMyR3iyACyHZXm1+g
                                                                                                  MD5:9B4B4EA6509E4DB1E2A8F09A7C6F8F04
                                                                                                  SHA1:512880ABE3C9696EDB042599BD199F1D05210AA2
                                                                                                  SHA-256:3774C31039CB87ED0327F49A00ABD7B4211AC938A46378B8661CD5D8B3B34F94
                                                                                                  SHA-512:63B4788A3AD000C08582F55532DC06BF88BC4111837A63E8157E0F5F668225F46758F9481B6E526A5A813F4F0CC9BE65FB4107D2135C61083274592AF03BA608
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................-......-...W......................-...........-.......-.................................r............Rich....................PE..L......b.........."!... . ...................0............................................@.........................p=.......>..........h................#.......`...`..p....................a.......C..@............0......4;..@....................text............ .................. ..`.rdata..4!...0..."...$..............@..@.data...@"...`.......F..............@....rsrc...h............X..............@..@.reloc...`.......b...^..............@..B........................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\MSID5C4.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):563656
                                                                                                  Entropy (8bit):6.432700089523593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                  MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                  SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                  SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                  SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\MSID6FD.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):51328
                                                                                                  Entropy (8bit):4.258395351969839
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:Fg91T7hVHUjxoTwba/cp9fbs1kjPR5vFXAoREdWzgXPE35DvgAXXfABH3sNmKCwt:FAJ00Eh41kj5jXAoREwz1u8a3GEhe9/B
                                                                                                  MD5:416461752DB24E01318DE5C08AECB11A
                                                                                                  SHA1:C4F917DAFEC16123976600DAFB1DA1CAA79F89BE
                                                                                                  SHA-256:EF555099E7FC8251D76B0E0205E808EC2623337E8F867DC86F1F592CF363A5FF
                                                                                                  SHA-512:ACCFCC6C822902BF19B14D2D89FC79E9E523BB2DB4D38E670DAB0AD2B40A94B9712AE64D578AB6C262D407001D141BCC2A25E0DD458A7D949D13D444C691C062
                                                                                                  Malicious:false
                                                                                                  Preview:...@IXOS.@.....@.vW.@.....@.....@.....@.....@.....@......&.{14600665-0165-49E8-8017-D1BD6A290335}..FxSound..fxsound.x64.msi.@.....@.....@.....@......fxsound.exe..&.{D5DE046A-A59D-4852-B552-7C613C8DBEAF}.....@.....@.....@.....@.......@.....@.....@.......@......FxSound......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{215927B7-6543-4106-B941-F33B96B65E3B}%.C:\Program Files\FxSound LLC\FxSound\.@.......@.....@.....@......&.{82E872A6-8D59-4785-92C3-8BBFF79EB0E4}0.C:\Program Files\FxSound LLC\FxSound\FxSound.exe.@.......@.....@.....@......&.{E6F40D13-6200-4931-A7A2-6142F7821778}9.C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe.@.......@.....@.....@......&.{EE536E27-12E6-4F20-A3E7-6A073AED85CB};.C:\Program Files\FxSound LLC\FxSound\Drivers\ptdevcon32.exe.@.......@.....@.....@......&.{FF4D6223-08FD-4830-A07F-C3307A8FA1B5};.C:\Program Files\FxSound LLC

                                                                                                  C:\Windows\Installer\SourceHash{14600665-0165-49E8-8017-D1BD6A290335}

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):1.2027779745763456
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:JSbX72FjlmXsXAlfLIlHuRpzhG7777777777777777777777777ZDHFc3lmNpECi:J/JUIwqKVmNplUVF
                                                                                                  MD5:9135C9630213FE8FC63702A3CCE8742D
                                                                                                  SHA1:11A1F440210F2A5E44BAC7D3F5D088EE050F0235
                                                                                                  SHA-256:879FA388869676405B1DB04559FE6353CB37343B04C31F65475220CDC9ABA3AC
                                                                                                  SHA-512:FDB31190D979599616453E73EA8DD466CF3EE8A9547CB41A46D3FDFB0B5C916ED544B64CACF021F28513C193E5617DD080C8B14A713F868593699EF227C9C37A
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):1.7452870893259427
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:msV8PhauRc06WX4YnT57MVsGd0V2AEkrCyAVBMpWSkd0VjBMpXxdvy8DFD2lBoD4:Z4ha1onT1tRCrVq6DRg4a5chRCU
                                                                                                  MD5:2BCD066423C952D3EFF4E40572BB767A
                                                                                                  SHA1:565B2B22271E0AC1FC288C34253DC9E967370EDE
                                                                                                  SHA-256:F7BAEEB8B6D2243A2428E286AC3B1515E7C51B94D1BE97767E73BFD661992583
                                                                                                  SHA-512:10BC935D95350AA50892815C1EB158B7312A621B7300FC20D0EB8580AF7C6301CDC251674C3671F385DE83F06F3D0191F89735C9E6DA5CF409461E0505365FF4
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Installer\{14600665-0165-49E8-8017-D1BD6A290335}\fxsound.exe

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32038
                                                                                                  Entropy (8bit):2.096487496878294
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:MuoSQH7SQKSQ37izg88PE3gGDvfYduXX3XfAw0EYpR9THXXXbLom+vvvvChboTCy:NoREdWzgXPE35DvgAXXfABH3sNmKCwiW
                                                                                                  MD5:F6822EF3F0A697D83A3F51D133E180DC
                                                                                                  SHA1:AD9451A6195338DF5260150EFE2178CB0072EE2F
                                                                                                  SHA-256:E350B7DA8FBD6798191FD591EFDA4D2B947BD2B48F8CFB54AC084D79FBBA14E4
                                                                                                  SHA-512:493172B804679D518DC38267CBB45B0A3359BF254532089A28DBCD00EC9E5DB5D94BCE8EC504343E58419F351CABBCBC1C943B28923A5F31AA09DE4D362EE47F
                                                                                                  Malicious:false
                                                                                                  Preview:............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... ............................'...........................................................'............................................................................................................................................................................................................TTT.===.....###.zzz.zzz.###.....===.TTT.................'''.........ppp.....KKK.........KKK.....ppp.........'''.........'''.........ppp.....LLL.........LLL.....ppp.........'''.................MMM.ppp.....LLL.........LLL.....ppp.KKK.............................rrr.....LLL.........LLL.....rrr.................................mmm.....HHH.........HHH.....mmm.................................###.```.................aaa.###.............................................................................................................|||.|||.......................................................................................

                                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):432221
                                                                                                  Entropy (8bit):5.375165987693077
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauo:zTtbmkExhMJCIpEr9
                                                                                                  MD5:02BE08AE3D80D973B12C30BA972C8755
                                                                                                  SHA1:F99B65D4378967BA130A2766CD60EA87117B04A6
                                                                                                  SHA-256:A7D9A0DBF86F02534729611E231C830DF94F82C29F74DAFA20B878F594F041B9
                                                                                                  SHA-512:3FB8E696C6A16CB5E94FE1F10A2DD86D31A9001F4D208186CAF244632F70D5A60B43FBA497F7E0177B4EE44E074E34BBCFE3539469603258474B540E91ACF97C
                                                                                                  Malicious:false
                                                                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                  C:\Windows\SysWOW64\dfx11.ico

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32988
                                                                                                  Entropy (8bit):2.0838482936133116
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:ziLVjzfTmM5JJJjY4vCYYYRImnyRRjiacLqzD8:YrTp5JJJjYMCYYYRImnyRRWacLq
                                                                                                  MD5:648D3F5E7778CA1F7983B246C264B0C9
                                                                                                  SHA1:86E382BE934A39AACC78F4CA3AB82CCF1E5E6E4F
                                                                                                  SHA-256:28F31663D6EA3161943737E0235EAC93D8DBDA241C925AD0FD72727F491274A0
                                                                                                  SHA-512:3772C9DF9494AFBBC8CACE58E98446B913739395FD1DA005DCE09D3E806C772D6DEDD9C654083C64E3AA0D5450836708C65969B763D129DBB8BE33F213A31FBB
                                                                                                  Malicious:false
                                                                                                  Preview:......@@.... .(@..F... .... .(...n@........ .(....P........ .(....Y..(...@......... ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\SysWOW64\fxsound.ico

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32038
                                                                                                  Entropy (8bit):2.096487496878294
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:MuoSQH7SQKSQ37izg88PE3gGDvfYduXX3XfAw0EYpR9THXXXbLom+vvvvChboTCy:NoREdWzgXPE35DvgAXXfABH3sNmKCwiW
                                                                                                  MD5:F6822EF3F0A697D83A3F51D133E180DC
                                                                                                  SHA1:AD9451A6195338DF5260150EFE2178CB0072EE2F
                                                                                                  SHA-256:E350B7DA8FBD6798191FD591EFDA4D2B947BD2B48F8CFB54AC084D79FBBA14E4
                                                                                                  SHA-512:493172B804679D518DC38267CBB45B0A3359BF254532089A28DBCD00EC9E5DB5D94BCE8EC504343E58419F351CABBCBC1C943B28923A5F31AA09DE4D362EE47F
                                                                                                  Malicious:false
                                                                                                  Preview:............ .h...F... .... .........00.... ..%..V...@@.... .(B...:..(....... ..... ............................'...........................................................'............................................................................................................................................................................................................TTT.===.....###.zzz.zzz.###.....===.TTT.................'''.........ppp.....KKK.........KKK.....ppp.........'''.........'''.........ppp.....LLL.........LLL.....ppp.........'''.................MMM.ppp.....LLL.........LLL.....ppp.KKK.............................rrr.....LLL.........LLL.....rrr.................................mmm.....HHH.........HHH.....mmm.................................###.```.................aaa.###.............................................................................................................|||.|||.......................................................................................

                                                                                                  C:\Windows\System32\DriverStore\Temp\{254d53e9-31e2-8942-bfe2-4e3f26d71e4a}\SETF03A.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):10590
                                                                                                  Entropy (8bit):7.254430659006022
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:192:1OgjZ7OPJCbngEw9JPgXkhYCClQBcA5E8qnajEzHbC:18UuLh3Cl+x5E8l4zu
                                                                                                  MD5:ACDAAE5D1219E7703285C42F774BE54D
                                                                                                  SHA1:47DF82D8C843BF1ADC098A26E9E3E27217B3104D
                                                                                                  SHA-256:25C8DAE186155D20F74FEEDEFB4F84161E4215925B8FD0C898F68F3E50EBCD7D
                                                                                                  SHA-512:83B663222FB22B1760EA8551D19557F3F2905BFAC205B380B23DD7F2A65A37B851A3C3C345E4A768B76700BB891B97C96A0DBBB58D81358993293AD1EB3E300A
                                                                                                  Malicious:false
                                                                                                  Preview:0.)Z..*.H........)K0.)G...1.0...`.H.e......0.....+.....7......0...0...+.....7.....7.M&...A.f..B....210319161347Z0...+.....7.....0..?0....#..6yS{.I..^o.Q{.A.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0.... Kt=..].....&...m.ng..,.....Q...|1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... Kt=..].....&...m.ng..,.....Q...|0... ..\...{...*p$..B.F.C8..C.p....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ..\...{...*p$..B.F.C8..C.p....0.....w7=-{x|<....8....O.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........f.x.v.a.d...s.y.s......C0..?0....+.....7......0.....S.u.

                                                                                                  C:\Windows\System32\DriverStore\Temp\{254d53e9-31e2-8942-bfe2-4e3f26d71e4a}\SETF04B.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                  File Type:Windows setup INFormation
                                                                                                  Category:dropped
                                                                                                  Size (bytes):5334
                                                                                                  Entropy (8bit):5.628759224235533
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:3q9BSSyjoh9OnLhtuGUdDrG9E/6uYqZpd7SY5MFgWC2i8/ENYZS:3qzSSyjoG17UprGEiuYqZpd7Se8eYENp
                                                                                                  MD5:328087CAF99B50D988A304BEEEA3FCE8
                                                                                                  SHA1:23FFEF913679537BB049008F5E6F8E517BB24192
                                                                                                  SHA-256:BA175CFDDD91B87BDDA3F1DF2A70249E1742E846B843381EB0438B70F91A110A
                                                                                                  SHA-512:D006E8DE0F9258A3EE75723E458D635586040702C1357630F199CF5740C7E29D87FEFD4B869A897BDD26B67FAD134E6BF35A2C01C3A00ACC8BF20181D7DA1AA3
                                                                                                  Malicious:false
                                                                                                  Preview:;..;fxvad.inf..;....[Version]..Signature="$CHICAGO$"..Class=MEDIA..Provider=%FXMN%..ClassGUID={4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 03/17/2021,14.1.0.0..CatalogFile.NTx86=fxvadNTx86.cat..CatalogFile.NTAMD64=fxvadNTAMD64.cat..PnpLockDown=1....[Manufacturer]..%MfgName%=DFX,NTamd64,NTx86....[DFX.NTx86]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....[DFX.NTamd64]..%DFX_Device.DeviceDesc%=DFX_Device,Root\%DEV_NAME%,*%DEV_NAME%....;-----------------------------------------------------------------------------..;..; 2k+ Installation..;..;-----------------------------------------------------------------------------..[DFX_Device.NT]..Include=ks.inf,wdmaudio.inf..Needs=KS.Registration, WDMAUDIO.Registration..CopyFiles=DFX_Device.CopyList..AddReg=DFX_Device.AddReg..AddProperty=DFX_1AddPropertySection....[DFX_Device.NT.Interfaces]..AddInterface=%KSCATEGORY_AUDIO%,%KSNAME_Wave%,DFX_Device.I.Wave..AddInterface=%KSCATEGORY_RENDER%,%KSNAME_Wave%,DFX_Device.I.Wave..;Add

                                                                                                  C:\Windows\System32\DriverStore\Temp\{254d53e9-31e2-8942-bfe2-4e3f26d71e4a}\SETF05B.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):326656
                                                                                                  Entropy (8bit):2.91036654915667
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:768:3Ft4aLqpAogNTiqwu2CvcCjikibqqqqqqqqqqqqqqqqqqqaFgNj////////////l:T45A/N8Cfjik6scccoFtr
                                                                                                  MD5:EAF913C1DE47C2421669B662EDAA5A6A
                                                                                                  SHA1:53524526E1898A90FA98AE02E662B9C0E6DC2848
                                                                                                  SHA-256:425629B6309000013E8CD1A9B827BEE365D21C9F743873AADD0C3BC96A999D2A
                                                                                                  SHA-512:BB674FEB73751172A1ACE65AAB89C5EBF952A07F7AF0F3EC1DADF357FF693230CF08910AE273E8335EEC35E5827DA6405272D05C161987DF679199935AF21A76
                                                                                                  Malicious:false
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................X.......X.R.....X.......Rich....................PE..d....@R`.........."......6..........0..........@............................. ......cM....`A....................................................<........|...@...........$..........8)..8...........................p)............... ...............................text...)........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@.......(..............@..HPAGE....J'...P...(...,.............. ..`INIT.................T.............. ..b.rsrc....|.......~...X..............@..B.reloc..............................@..B........................................................................................................................................................................................

                                                                                                  C:\Windows\System32\catroot2\dberr.txt

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\drvinst.exe
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:modified
                                                                                                  Size (bytes):4403
                                                                                                  Entropy (8bit):5.389950055776771
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:QO00eO00erMwUgWUg0B1kE3ZhpJp8ZpkRepk3hpTpbCpEpDk+psNVpsLL:QO00eO00erMwmkB1kAIrN4n
                                                                                                  MD5:A86318D239DAE53C391DFDB571790B5A
                                                                                                  SHA1:C251670D87CB3C331F541050F7EA982B3CB94175
                                                                                                  SHA-256:2D20D9525C683C27065547E3165923A7B6C1405E37BBCD5FBE7FAD15FE8FB176
                                                                                                  SHA-512:309CC8A280CB666BC49B87E3F5CB3C00E5809915ED27627588A8D8EC0AB6BF4CDE1DB472E6EAA5BBAE6240CA024E8688DF8C3C72F26C1FB4D326F0B2EF1B013C
                                                                                                  Malicious:false
                                                                                                  Preview:CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta

                                                                                                  C:\Windows\Temp\~DF006815BFF968E633.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF0FFC1179443D23C7.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):1.7452870893259427
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:msV8PhauRc06WX4YnT57MVsGd0V2AEkrCyAVBMpWSkd0VjBMpXxdvy8DFD2lBoD4:Z4ha1onT1tRCrVq6DRg4a5chRCU
                                                                                                  MD5:2BCD066423C952D3EFF4E40572BB767A
                                                                                                  SHA1:565B2B22271E0AC1FC288C34253DC9E967370EDE
                                                                                                  SHA-256:F7BAEEB8B6D2243A2428E286AC3B1515E7C51B94D1BE97767E73BFD661992583
                                                                                                  SHA-512:10BC935D95350AA50892815C1EB158B7312A621B7300FC20D0EB8580AF7C6301CDC251674C3671F385DE83F06F3D0191F89735C9E6DA5CF409461E0505365FF4
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF286D9F0067A9F4A4.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):0.09949761863524546
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:xPLG7iVCnLG7iVrKOzPLHKOccUtKm05wqpmrggX/qUXtl6Vky6lhJlw:50i8n0itFzDHFc3lmNpECU9rdw
                                                                                                  MD5:C78A3DADB9078FA503230CC7CF4026C0
                                                                                                  SHA1:C0746492841A530A7BE84111130D09704DC70BEA
                                                                                                  SHA-256:1BE8F6C9CF44FA8638979DB141739C24244E96BC069EB09FF755E0690D78BF28
                                                                                                  SHA-512:16B62DA427418959D12D9F55DB1E9E5ED5913985FD6A8F198E4574E250184503491D57819E9A1675C2B9C9F433E853F110AFD0B3D23C91DAAF9CD1005C65AB79
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF47037A2E7B8C9E4C.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF59BE0FB7AA74C068.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF5D7D0D5102B0E0F1.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF61A136CA6F41C657.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):1.38410848677053
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:6PyuWpvhPIFX4/T53mMVsGd0V2AEkrCyAVBMpWSkd0VjBMpXxdvy8DFD2lBoDa55:syjTIcT5otRCrVq6DRg4a5chRCU
                                                                                                  MD5:F9FA20D30FA24299B9377C6875506554
                                                                                                  SHA1:11305FEB5691F54D99224E94B4A6F40BD6094F0A
                                                                                                  SHA-256:714B7B19E5CB6F94C7B9A87E615CC65DE0A438E0CB8B6D7D27BBFB10316753CE
                                                                                                  SHA-512:EEC000AAE0299839E3C79E43F8D7D87F9B15872E44CBB32DA2EE92885E9F9299563BA66E00E512EFD0191EBA9DAA158607A95E619CC9E79CA121A3725D72D70F
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DF9C17DE074F8B19A0.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFBAA91B63B34D500E.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):1.38410848677053
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:6PyuWpvhPIFX4/T53mMVsGd0V2AEkrCyAVBMpWSkd0VjBMpXxdvy8DFD2lBoDa55:syjTIcT5otRCrVq6DRg4a5chRCU
                                                                                                  MD5:F9FA20D30FA24299B9377C6875506554
                                                                                                  SHA1:11305FEB5691F54D99224E94B4A6F40BD6094F0A
                                                                                                  SHA-256:714B7B19E5CB6F94C7B9A87E615CC65DE0A438E0CB8B6D7D27BBFB10316753CE
                                                                                                  SHA-512:EEC000AAE0299839E3C79E43F8D7D87F9B15872E44CBB32DA2EE92885E9F9299563BA66E00E512EFD0191EBA9DAA158607A95E619CC9E79CA121A3725D72D70F
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFC3CDDCA110AC9A29.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):73728
                                                                                                  Entropy (8bit):0.20474494122788708
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:1b4g9d0V2AEkrCyAsSkd0Vxd0V2AEkrCyAVBMpWSkd0VjBMpXxdvy8DFD2lBoDaN:ARCULRCrVq6DRg4a5cy
                                                                                                  MD5:903D3B7A6DD796317677761412FDCD61
                                                                                                  SHA1:FBA221056A7A768387ECA9CAA83CD5F604F4729A
                                                                                                  SHA-256:70F6E3580689BF9D7C630C1303198ABD992835F7A5351EE5E8870C52BCB54186
                                                                                                  SHA-512:CD458C8D43925E60846FD0B435AF0BB36969341E91CF1D776EC3B66136A9B6570C73A5C9F5F7E5540398DC4B21E89198AFBFE45DD4605633E2645CAC50AC5945
                                                                                                  Malicious:false
                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFC9DA50CA829CC9D8.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32768
                                                                                                  Entropy (8bit):1.38410848677053
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:6PyuWpvhPIFX4/T53mMVsGd0V2AEkrCyAVBMpWSkd0VjBMpXxdvy8DFD2lBoDa55:syjTIcT5otRCrVq6DRg4a5chRCU
                                                                                                  MD5:F9FA20D30FA24299B9377C6875506554
                                                                                                  SHA1:11305FEB5691F54D99224E94B4A6F40BD6094F0A
                                                                                                  SHA-256:714B7B19E5CB6F94C7B9A87E615CC65DE0A438E0CB8B6D7D27BBFB10316753CE
                                                                                                  SHA-512:EEC000AAE0299839E3C79E43F8D7D87F9B15872E44CBB32DA2EE92885E9F9299563BA66E00E512EFD0191EBA9DAA158607A95E619CC9E79CA121A3725D72D70F
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Windows\Temp\~DFD1F7F6D97F461C7D.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                  Category:dropped
                                                                                                  Size (bytes):20480
                                                                                                  Entropy (8bit):1.7452870893259427
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:msV8PhauRc06WX4YnT57MVsGd0V2AEkrCyAVBMpWSkd0VjBMpXxdvy8DFD2lBoD4:Z4ha1onT1tRCrVq6DRg4a5chRCU
                                                                                                  MD5:2BCD066423C952D3EFF4E40572BB767A
                                                                                                  SHA1:565B2B22271E0AC1FC288C34253DC9E967370EDE
                                                                                                  SHA-256:F7BAEEB8B6D2243A2428E286AC3B1515E7C51B94D1BE97767E73BFD661992583
                                                                                                  SHA-512:10BC935D95350AA50892815C1EB158B7312A621B7300FC20D0EB8580AF7C6301CDC251674C3671F385DE83F06F3D0191F89735C9E6DA5CF409461E0505365FF4
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                  Entropy (8bit):7.917799875281958
                                                                                                  TrID:
                                                                                                  • Win32 Executable (generic) a (10002005/4) 98.81%
                                                                                                  • Windows ActiveX control (116523/4) 1.15%
                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                  File name:fxsound_setup.exe
                                                                                                  File size:46'914'960 bytes
                                                                                                  MD5:9ea725e3e3bc82249957cc00b74c4882
                                                                                                  SHA1:3291c62ff7f044dabe2809317df09ae451384cd1
                                                                                                  SHA256:3541df625affa384feacf3cd3d64c47d2372eab9a2055d57dde08afe7f85862c
                                                                                                  SHA512:a9530ec03f952e38f51cb2af65ebc72d577322b63031ce6279085116ac413574ccfd839774195d50cd0909525e1ec403b40d4d5738b1ef2b5ec3af916d339234
                                                                                                  SSDEEP:786432:+LehHAuWfgcKbjylyM5fZFKlG4GjIKNnSTAk5jDSUfzTm8/t4zdahXZBHHAIK:+KOuG1KEyM5fZdxjIKNnEZDFLf/SJ+XO
                                                                                                  TLSH:B6A71231368AC537C57A01B01A2CDABB556CBE760B7154CB73C82D2F6AB49C21736E27
                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w._.3.1.3.1.3.1...2.>.1...4...1...7.2.1.S.5. .1.S.2.+.1.Q.4.0.1.S.4.V.1...5.).1...0.0.1...6.2.1.3.0...1.W.8.~.1.W...2.1.3...2.1

                                                                                                  File Icon

                                                                                                  Icon Hash:45927168a2920045

                                                                                                  Static PE Info

                                                                                                  General

                                                                                                  Entrypoint:0x5b51a4
                                                                                                  Entrypoint Section:.text
                                                                                                  Digitally signed:true
                                                                                                  Imagebase:0x400000
                                                                                                  Subsystem:windows gui
                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                  Time Stamp:0x62E7A72C [Mon Aug 1 10:13:00 2022 UTC]
                                                                                                  TLS Callbacks:
                                                                                                  CLR (.Net) Version:
                                                                                                  OS Version Major:6
                                                                                                  OS Version Minor:0
                                                                                                  File Version Major:6
                                                                                                  File Version Minor:0
                                                                                                  Subsystem Version Major:6
                                                                                                  Subsystem Version Minor:0
                                                                                                  Import Hash:d23703a6f12b30c40e0b3bc256b113cd

                                                                                                  Authenticode Signature

                                                                                                  Signature Valid:true
                                                                                                  Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                  Error Number:0
                                                                                                  Not Before, Not After
                                                                                                  • 09/05/2023 01:00:00 09/05/2024 00:59:59
                                                                                                  Subject Chain
                                                                                                  • CN="FxSound, LLC", O="FxSound, LLC", L=Mill Valley, S=California, C=US, SERIALNUMBER=201721910237, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US
                                                                                                  Version:3
                                                                                                  Thumbprint MD5:904606D5FE879BF037251B7E13C1CAE7
                                                                                                  Thumbprint SHA-1:913A9CB96D6560245DEC2055995CEF6441EA4B9F
                                                                                                  Thumbprint SHA-256:5EEDD80D7AA6E117DE4C5FAE1EA018DEA0C96F735635D2FE457A8CE7FDECED5F
                                                                                                  Serial:05CB73BD02C1F64ED47434A5D279074D

                                                                                                  Entrypoint Preview

                                                                                                  Instruction
                                                                                                  call 00007FE31909B10Fh
                                                                                                  jmp 00007FE31909A94Fh
                                                                                                  mov ecx, dword ptr [ebp-0Ch]
                                                                                                  mov dword ptr fs:[00000000h], ecx
                                                                                                  pop ecx
                                                                                                  pop edi
                                                                                                  pop edi
                                                                                                  pop esi
                                                                                                  pop ebx
                                                                                                  mov esp, ebp
                                                                                                  pop ebp
                                                                                                  push ecx
                                                                                                  ret
                                                                                                  mov ecx, dword ptr [ebp-10h]
                                                                                                  xor ecx, ebp
                                                                                                  call 00007FE319099FA3h
                                                                                                  jmp 00007FE31909AAB2h
                                                                                                  push eax
                                                                                                  push dword ptr fs:[00000000h]
                                                                                                  lea eax, dword ptr [esp+0Ch]
                                                                                                  sub esp, dword ptr [esp+0Ch]
                                                                                                  push ebx
                                                                                                  push esi
                                                                                                  push edi
                                                                                                  mov dword ptr [eax], ebp
                                                                                                  mov ebp, eax
                                                                                                  mov eax, dword ptr [006C1024h]
                                                                                                  xor eax, ebp
                                                                                                  push eax
                                                                                                  push dword ptr [ebp-04h]
                                                                                                  mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                  lea eax, dword ptr [ebp-0Ch]
                                                                                                  mov dword ptr fs:[00000000h], eax
                                                                                                  ret
                                                                                                  push eax
                                                                                                  push dword ptr fs:[00000000h]
                                                                                                  lea eax, dword ptr [esp+0Ch]
                                                                                                  sub esp, dword ptr [esp+0Ch]
                                                                                                  push ebx
                                                                                                  push esi
                                                                                                  push edi
                                                                                                  mov dword ptr [eax], ebp
                                                                                                  mov ebp, eax
                                                                                                  mov eax, dword ptr [006C1024h]
                                                                                                  xor eax, ebp
                                                                                                  push eax
                                                                                                  mov dword ptr [ebp-10h], eax
                                                                                                  push dword ptr [ebp-04h]
                                                                                                  mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                  lea eax, dword ptr [ebp-0Ch]
                                                                                                  mov dword ptr fs:[00000000h], eax
                                                                                                  ret
                                                                                                  push eax
                                                                                                  push dword ptr fs:[00000000h]
                                                                                                  lea eax, dword ptr [esp+0Ch]
                                                                                                  sub esp, dword ptr [esp+0Ch]
                                                                                                  push ebx
                                                                                                  push esi
                                                                                                  push edi
                                                                                                  mov dword ptr [eax], ebp
                                                                                                  mov ebp, eax
                                                                                                  mov eax, dword ptr [006C1024h]
                                                                                                  xor eax, ebp
                                                                                                  push eax
                                                                                                  mov dword ptr [ebp-10h], esp
                                                                                                  push dword ptr [ebp-04h]
                                                                                                  mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                  lea eax, dword ptr [ebp-0Ch]
                                                                                                  mov dword ptr fs:[00000000h], eax

                                                                                                  Data Directories

                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x2bf5ec0x28.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2ca0000x29368.rsrc
                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x2cbb3f80x2998
                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x2f40000x26810.reloc
                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x267c580x70.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x267d000x18.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x23afa80x40.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x2390000x2cc.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2bc9980x260.rdata
                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                  Sections

                                                                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                  .text0x10000x237b1f0x237c00unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                  .rdata0x2390000x8762c0x87800False0.31338827548431736data4.6063411973791215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .data0x2c10000x8d240x6c00False0.14344618055555555PGP symmetric key encrypted data - Plaintext or unencrypted data salted & iterated -2.9234755461718365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                  .rsrc0x2ca0000x293680x29400False0.13069957386363637data4.907014416952871IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                  .reloc0x2f40000x268100x26a00False0.4470507180420712data6.513793248957895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                  Resources

                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                  IMAGE_FILE0x2cac700x6ISO-8859 text, with no line terminatorsEnglishUnited States2.1666666666666665
                                                                                                  IMAGE_FILE0x2cac780x6ISO-8859 text, with no line terminatorsEnglishUnited States2.1666666666666665
                                                                                                  RTF_FILE0x2cac800xa1Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033EnglishUnited States0.906832298136646
                                                                                                  RTF_FILE0x2cad240x2e9Rich Text Format data, version 1, ANSI, code page 1252EnglishUnited States0.5503355704697986
                                                                                                  RT_BITMAP0x2cb0100x13eDevice independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 5 important colorsEnglishUnited States0.25471698113207547
                                                                                                  RT_BITMAP0x2cb1500x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.03017241379310345
                                                                                                  RT_BITMAP0x2cb9780x48a8Device independent bitmap graphic, 290 x 16 x 32, image size 0EnglishUnited States0.11881720430107527
                                                                                                  RT_BITMAP0x2d02200xa6aDevice independent bitmap graphic, 320 x 16 x 4, image size 2562, resolution 2834 x 2834 px/mEnglishUnited States0.21680420105026257
                                                                                                  RT_BITMAP0x2d0c8c0x152Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 10 important colorsEnglishUnited States0.5295857988165681
                                                                                                  RT_BITMAP0x2d0de00x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.4875478927203065
                                                                                                  RT_ICON0x2d16080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.2579787234042553
                                                                                                  RT_ICON0x2d1a700x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.11890243902439024
                                                                                                  RT_ICON0x2d2b180x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.07811203319502075
                                                                                                  RT_ICON0x2d50c00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2834 x 2834 px/mEnglishUnited States0.059931506849315065
                                                                                                  RT_ICON0x2d92e80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.3262411347517731
                                                                                                  RT_MENU0x2d97500x5cdataEnglishUnited States0.8478260869565217
                                                                                                  RT_MENU0x2d97ac0x2adataEnglishUnited States1.0714285714285714
                                                                                                  RT_DIALOG0x2d97d80xacdataEnglishUnited States0.7151162790697675
                                                                                                  RT_DIALOG0x2d98840x2a6dataEnglishUnited States0.5132743362831859
                                                                                                  RT_DIALOG0x2d9b2c0x3b4dataEnglishUnited States0.43248945147679324
                                                                                                  RT_DIALOG0x2d9ee00xbcdataEnglishUnited States0.7180851063829787
                                                                                                  RT_DIALOG0x2d9f9c0x204dataEnglishUnited States0.560077519379845
                                                                                                  RT_DIALOG0x2da1a00x282dataEnglishUnited States0.48598130841121495
                                                                                                  RT_DIALOG0x2da4240xccdataEnglishUnited States0.6911764705882353
                                                                                                  RT_DIALOG0x2da4f00x146dataEnglishUnited States0.5736196319018405
                                                                                                  RT_DIALOG0x2da6380x226dataEnglishUnited States0.4690909090909091
                                                                                                  RT_DIALOG0x2da8600x388dataEnglishUnited States0.45464601769911506
                                                                                                  RT_DIALOG0x2dabe80x1b4dataEnglishUnited States0.5458715596330275
                                                                                                  RT_DIALOG0x2dad9c0x136dataEnglishUnited States0.6064516129032258
                                                                                                  RT_DIALOG0x2daed40x4cdataEnglishUnited States0.8289473684210527
                                                                                                  RT_STRING0x2daf200x45cdataEnglishUnited States0.3844086021505376
                                                                                                  RT_STRING0x2db37c0x344dataEnglishUnited States0.37320574162679426
                                                                                                  RT_STRING0x2db6c00x2f8dataEnglishUnited States0.4039473684210526
                                                                                                  RT_STRING0x2db9b80x598dataEnglishUnited States0.2807262569832402
                                                                                                  RT_STRING0x2dbf500x3aaStarOffice Gallery theme i, 1627418368 objects, 1st nEnglishUnited States0.4211087420042644
                                                                                                  RT_STRING0x2dc2fc0x5c0dataEnglishUnited States0.3498641304347826
                                                                                                  RT_STRING0x2dc8bc0x568dataEnglishUnited States0.32875722543352603
                                                                                                  RT_STRING0x2dce240x164dataEnglishUnited States0.5421348314606742
                                                                                                  RT_STRING0x2dcf880x520dataEnglishUnited States0.39176829268292684
                                                                                                  RT_STRING0x2dd4a80x1a0dataEnglishUnited States0.45913461538461536
                                                                                                  RT_STRING0x2dd6480x18adataEnglishUnited States0.5228426395939086
                                                                                                  RT_STRING0x2dd7d40x216Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.46254681647940077
                                                                                                  RT_STRING0x2dd9ec0x624dataEnglishUnited States0.3575063613231552
                                                                                                  RT_STRING0x2de0100x660dataEnglishUnited States0.3474264705882353
                                                                                                  RT_STRING0x2de6700x2e2dataEnglishUnited States0.4037940379403794
                                                                                                  RT_GROUP_ICON0x2de9540x3edataEnglishUnited States0.7903225806451613
                                                                                                  RT_VERSION0x2de9940x2e8dataEnglishUnited States0.4543010752688172
                                                                                                  RT_HTML0x2dec7c0x3835ASCII text, with very long lines (443), with CRLF line terminatorsEnglishUnited States0.08298005420807561
                                                                                                  RT_HTML0x2e24b40x1316ASCII text, with CRLF line terminatorsEnglishUnited States0.18399508800654932
                                                                                                  RT_HTML0x2e37cc0x52bHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.36281179138321995
                                                                                                  RT_HTML0x2e3cf80x6acdHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10679931238798873
                                                                                                  RT_HTML0x2ea7c80x6a2HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3486454652532391
                                                                                                  RT_HTML0x2eae6c0x104aHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.2170263788968825
                                                                                                  RT_HTML0x2ebeb80x15b1HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.17612101566720692
                                                                                                  RT_HTML0x2ed46c0x205cexported SGML document, ASCII text, with very long lines (659), with CRLF line terminatorsEnglishUnited States0.13604538870111058
                                                                                                  RT_HTML0x2ef4c80x368dHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10834228428213391
                                                                                                  RT_MANIFEST0x2f2b580x80fXML 1.0 document, ASCII text, with CRLF, LF line terminatorsEnglishUnited States0.40814348036839554

                                                                                                  Imports

                                                                                                  DLLImport
                                                                                                  KERNEL32.dllCreateFileW, CloseHandle, WriteFile, DeleteFileW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, CreateEventExW, WaitForSingleObject, SetEvent, RemoveDirectoryW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, MoveFileW, GetLastError, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetCurrentThreadId, RaiseException, SetLastError, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpW, CreateEventW, FindClose, FindFirstFileW, GetFullPathNameW, InitializeCriticalSection, lstrcpynW, CreateThread, GetProcAddress, LoadLibraryExW, GetCurrentProcess, Sleep, WideCharToMultiByte, GetDiskFreeSpaceExW, DecodePointer, GetExitCodeThread, GetCurrentProcessId, FreeLibrary, GetSystemDirectoryW, lstrlenW, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, GetModuleHandleW, LoadLibraryW, GetDriveTypeW, CompareStringW, FindNextFileW, GetLogicalDriveStringsW, GetFileSize, GetFileAttributesW, GetShortPathNameW, SetFileAttributesW, GetFileTime, CopyFileW, ReadFile, SetFilePointer, SystemTimeToFileTime, MultiByteToWideChar, GetSystemInfo, WaitForMultipleObjects, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, SetUnhandledExceptionFilter, FileTimeToSystemTime, GetEnvironmentVariableW, GetSystemTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, CreateProcessW, GetExitCodeProcess, GetWindowsDirectoryW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetEnvironmentStringsW, LocalFree, InitializeCriticalSectionEx, LoadLibraryA, GetModuleFileNameA, GetCurrentThread, GetConsoleOutputCP, FlushFileBuffers, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, IsWow64Process, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, OutputDebugStringW, GetTickCount, GetCommandLineW, SetCurrentDirectoryW, SetEndOfFile, EnumResourceLanguagesW, GetSystemDefaultLangID, GetUserDefaultLangID, GetLocalTime, ResetEvent, GlobalFree, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, CreateNamedPipeW, ConnectNamedPipe, TerminateThread, LocalAlloc, CompareFileTime, CopyFileExW, OpenEventW, PeekNamedPipe, WaitForSingleObjectEx, QueryPerformanceCounter, QueryPerformanceFrequency, EncodePointer, LCMapStringEx, CompareStringEx, GetCPInfo, GetSystemTimeAsFileTime, IsDebuggerPresent, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, ExitProcess, GetFileType, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, ReadConsoleW, WriteConsoleW

                                                                                                  Possible Origin

                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                  EnglishUnited States

                                                                                                  Network Behavior

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Nov 22, 2023 17:30:47.371854067 CET49731443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:47.371887922 CET4434973145.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:47.371965885 CET49731443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:47.383769035 CET49731443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:47.383785009 CET4434973145.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:47.821238995 CET4434973145.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:47.821346045 CET49731443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:48.124084949 CET49731443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:48.124119043 CET4434973145.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:48.124497890 CET4434973145.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:48.124562025 CET49731443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:48.128710032 CET49731443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:48.173254013 CET4434973145.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:48.624572039 CET4434973145.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:48.624639988 CET4434973145.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:48.624764919 CET49731443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:48.624897957 CET49731443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:48.624917984 CET4434973145.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:48.624927998 CET49731443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:48.624978065 CET49731443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:48.822432995 CET49733443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:48.822491884 CET4434973345.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:48.822575092 CET49733443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:48.823056936 CET49733443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:48.823092937 CET4434973345.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:49.575010061 CET4434973345.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:49.575114012 CET49733443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:49.578989983 CET49733443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:49.579006910 CET4434973345.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:49.579237938 CET4434973345.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:49.579292059 CET49733443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:49.579618931 CET49733443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:49.625258923 CET4434973345.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:50.020435095 CET4434973345.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:50.020519018 CET49733443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:50.020541906 CET4434973345.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:50.020585060 CET49733443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:50.021008968 CET49733443192.168.2.445.79.74.123
                                                                                                  Nov 22, 2023 17:30:50.021043062 CET4434973345.79.74.123192.168.2.4
                                                                                                  Nov 22, 2023 17:30:50.021106958 CET49733443192.168.2.445.79.74.123

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Nov 22, 2023 17:30:47.191593885 CET5907753192.168.2.41.1.1.1
                                                                                                  Nov 22, 2023 17:30:47.363414049 CET53590771.1.1.1192.168.2.4
                                                                                                  Nov 22, 2023 17:30:48.639980078 CET4933953192.168.2.41.1.1.1
                                                                                                  Nov 22, 2023 17:30:48.820985079 CET53493391.1.1.1192.168.2.4

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                  Nov 22, 2023 17:30:47.191593885 CET192.168.2.41.1.1.10x26ecStandard query (0)download.fxsound.comA (IP address)IN (0x0001)false
                                                                                                  Nov 22, 2023 17:30:48.639980078 CET192.168.2.41.1.1.10xab11Standard query (0)drive.fxsound.comA (IP address)IN (0x0001)false

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                  Nov 22, 2023 17:30:47.363414049 CET1.1.1.1192.168.2.40x26ecNo error (0)download.fxsound.com45.79.74.123A (IP address)IN (0x0001)false
                                                                                                  Nov 22, 2023 17:30:48.820985079 CET1.1.1.1192.168.2.40xab11No error (0)drive.fxsound.com45.79.74.123A (IP address)IN (0x0001)false

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • download.fxsound.com
                                                                                                  • drive.fxsound.com

                                                                                                  HTTPS Proxied Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  0192.168.2.44973145.79.74.1234438124C:\Program Files\FxSound LLC\FxSound\updater.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2023-11-22 16:30:48 UTC146OUTGET /updates HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  User-Agent: AdvancedInstaller
                                                                                                  Host: download.fxsound.com
                                                                                                  Connection: Keep-Alive
                                                                                                  Cache-Control: no-cache
                                                                                                  2023-11-22 16:30:48 UTC467INData Raw: 48 54 54 50 2f 31 2e 31 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 31 36 3a 33 30 3a 34 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 31 35 35 35 32 30 30 30 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 0d 0a 58 2d 52 6f 62 6f 74 73 2d 54 61 67 3a 20 6e 6f 69 6e 64 65 78 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 64 72 69 76 65 2e 66 78 73 6f 75 6e 64 2e 63 6f 6d 2f 63 73 2f 73 67 4d 50 61 42 59 74 51 76 6c 69 75 38 38 2f 64 6f 77 6e 6c 6f 61 64 73 33 2e 66
                                                                                                  Data Ascii: HTTP/1.1 301 Moved PermanentlyDate: Wed, 22 Nov 2023 16:30:48 GMTServer: Apache/2.4.41 (Ubuntu)Strict-Transport-Security: max-age=15552000; includeSubDomainsX-Robots-Tag: noindexLocation: https://drive.fxsound.com/cs/sgMPaBYtQvliu88/downloads3.f


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  1192.168.2.44973345.79.74.1234438124C:\Program Files\FxSound LLC\FxSound\updater.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2023-11-22 16:30:49 UTC215OUTGET /cs/sgMPaBYtQvliu88/downloads3.fxsound.com/fxsound/1.1.20.0/updates.txt/download HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  User-Agent: AdvancedInstaller
                                                                                                  Connection: Keep-Alive
                                                                                                  Cache-Control: no-cache
                                                                                                  Host: drive.fxsound.com
                                                                                                  2023-11-22 16:30:50 UTC1161INData Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 32 20 4e 6f 76 20 32 30 32 33 20 31 36 3a 33 30 3a 34 39 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 31 35 35 35 32 30 30 30 3b 20 69 6e 63 6c 75 64 65 53 75 62 44 6f 6d 61 69 6e 73 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 30 0d 0a 58 2d 52 6f 62 6f 74 73 2d 54 61 67 3a 20 6e 6f 6e 65 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f 6e 73 3a 20 53 41 4d 45 4f 52 49 47 49 4e 0d 0a 58 2d
                                                                                                  Data Ascii: HTTP/1.1 200 OKDate: Wed, 22 Nov 2023 16:30:49 GMTServer: Apache/2.4.41 (Ubuntu)Strict-Transport-Security: max-age=15552000; includeSubDomainsX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Robots-Tag: noneX-Frame-Options: SAMEORIGINX-
                                                                                                  2023-11-22 16:30:50 UTC497INData Raw: 3b 61 69 75 3b 0d 0a 0d 0a 5b 55 70 64 61 74 65 5d 0d 0a 4e 61 6d 65 20 3d 20 46 78 53 6f 75 6e 64 0d 0a 50 72 6f 64 75 63 74 56 65 72 73 69 6f 6e 20 3d 20 31 2e 31 2e 32 30 2e 30 0d 0a 55 52 4c 20 3d 20 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 2e 66 78 73 6f 75 6e 64 2e 63 6f 6d 2f 66 78 73 6f 75 6e 64 6c 61 74 65 73 74 0d 0a 55 52 4c 31 20 3d 20 68 74 74 70 73 3a 2f 2f 64 6f 77 6e 6c 6f 61 64 73 33 2e 66 78 73 6f 75 6e 64 2e 63 6f 6d 2f 66 78 73 6f 75 6e 64 2f 32 2f 66 78 73 6f 75 6e 64 5f 73 65 74 75 70 2e 65 78 65 0d 0a 53 69 7a 65 20 3d 20 34 36 39 31 34 39 36 30 0d 0a 53 48 41 32 35 36 20 3d 20 33 35 34 31 44 46 36 32 35 41 46 46 41 33 38 34 46 45 41 43 46 33 43 44 33 44 36 34 43 34 37 44 32 33 37 32 45 41 42 39 41 32 30 35 35 44 35 37 44 44
                                                                                                  Data Ascii: ;aiu;[Update]Name = FxSoundProductVersion = 1.1.20.0URL = https://download.fxsound.com/fxsoundlatestURL1 = https://downloads3.fxsound.com/fxsound/2/fxsound_setup.exeSize = 46914960SHA256 = 3541DF625AFFA384FEACF3CD3D64C47D2372EAB9A2055D57DD


                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Target ID:0
                                                                                                  Start time:17:30:27
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\Users\user\Desktop\fxsound_setup.exe
                                                                                                  Imagebase:0xf90000
                                                                                                  File size:46'914'960 bytes
                                                                                                  MD5 hash:9EA725E3E3BC82249957CC00B74C4882
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:1
                                                                                                  Start time:17:30:29
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                  Imagebase:0x7ff78d500000
                                                                                                  File size:69'632 bytes
                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:2
                                                                                                  Start time:17:30:29
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 79E6DEEDE54CC17CA7037B4F320F9C61 C
                                                                                                  Imagebase:0xf30000
                                                                                                  File size:59'904 bytes
                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:3
                                                                                                  Start time:17:30:29
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\FxSound LLC\FxSound 1.1.20.0\install\fxsound.x64.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\fxsound_setup.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1700670463 " AI_EUIMSI="
                                                                                                  Imagebase:0xf30000
                                                                                                  File size:59'904 bytes
                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:4
                                                                                                  Start time:17:30:30
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 0C65C1CCF681D8CA1F2AEB8ADA388D35
                                                                                                  Imagebase:0xf30000
                                                                                                  File size:59'904 bytes
                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:6
                                                                                                  Start time:17:30:35
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" remove *DFX12
                                                                                                  Imagebase:0x7ff7e06f0000
                                                                                                  File size:269'720 bytes
                                                                                                  MD5 hash:87EAD9C6CD7486421E3142B2A6480F8E
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:7
                                                                                                  Start time:17:30:35
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                  File size:862'208 bytes
                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:8
                                                                                                  Start time:17:30:35
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Program Files\FxSound LLC\FxSound\Apps\DfxSetupDrv.exe" check
                                                                                                  Imagebase:0x350000
                                                                                                  File size:66'968 bytes
                                                                                                  MD5 hash:EFE3CF96899C9D9CC25815F88E9466E2
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:9
                                                                                                  Start time:17:30:35
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                  File size:862'208 bytes
                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:10
                                                                                                  Start time:17:30:37
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe" install "C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxvad.inf
                                                                                                  Imagebase:0x7ff7e06f0000
                                                                                                  File size:269'720 bytes
                                                                                                  MD5 hash:87EAD9C6CD7486421E3142B2A6480F8E
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:low
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:11
                                                                                                  Start time:17:30:37
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                  File size:862'208 bytes
                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:12
                                                                                                  Start time:17:30:38
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                  File size:55'320 bytes
                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:13
                                                                                                  Start time:17:30:38
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\System32\drvinst.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{fcd0319a-f7d0-4a4e-b0b4-a92d9d7e4c52}\fxvad.inf" "9" "4143399a7" "000000000000016C" "WinSta0\Default" "00000000000000C4" "208" "c:\program files\fxsound llc\fxsound\drivers\win10\x64"
                                                                                                  Imagebase:0x7ff619250000
                                                                                                  File size:337'920 bytes
                                                                                                  MD5 hash:294990C88B9D1FE0A54A1FA8BF4324D9
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:14
                                                                                                  Start time:17:30:40
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\System32\drvinst.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:ed86ca115cc2c934:DFX_Device:14.1.0.0:root\fxvad," "4143399a7" "000000000000016C"
                                                                                                  Imagebase:0x7ff619250000
                                                                                                  File size:337'920 bytes
                                                                                                  MD5 hash:294990C88B9D1FE0A54A1FA8BF4324D9
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:15
                                                                                                  Start time:17:30:42
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:schtasks /create /sc daily /tn FxSound\Update /tr "'C:\Program Files\FxSound LLC\FxSound\updater.exe' /silent" /st 10:00 /f
                                                                                                  Imagebase:0x950000
                                                                                                  File size:187'904 bytes
                                                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:16
                                                                                                  Start time:17:30:42
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                  File size:862'208 bytes
                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:17
                                                                                                  Start time:17:30:43
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Program Files\FxSound LLC\FxSound\FxSound.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\FxSound LLC\FxSound\\FxSound.exe" @
                                                                                                  Imagebase:0x7ff604770000
                                                                                                  File size:4'595'096 bytes
                                                                                                  MD5 hash:0A1E1E6B90FE62B9011393501BEF58D7
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:18
                                                                                                  Start time:17:30:44
                                                                                                  Start date:22/11/2023
                                                                                                  Path:C:\Program Files\FxSound LLC\FxSound\updater.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Program Files\FxSound LLC\FxSound\updater.exe" /silent
                                                                                                  Imagebase:0x120000
                                                                                                  File size:1'057'176 bytes
                                                                                                  MD5 hash:BC7B29CD513AEC979CEFBF30E6D68A01
                                                                                                  Has elevated privileges:false
                                                                                                  Has administrator privileges:false
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Antivirus matches:
                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                  Has exited:true

                                                                                                  Disassembly

                                                                                                  Reset < >

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:5.9%
                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                    Signature Coverage:4.9%
                                                                                                    Total number of Nodes:1071
                                                                                                    Total number of Limit Nodes:38
                                                                                                    execution_graph 56191 fa845b 56192 fa847c GetWindowLongW CallWindowProcW 56191->56192 56193 fa8466 CallWindowProcW 56191->56193 56194 fa84b0 GetWindowLongW 56192->56194 56196 fa84cb 56192->56196 56193->56196 56195 fa84bd SetWindowLongW 56194->56195 56194->56196 56195->56196 56197 f99b90 56198 f99b9c 56197->56198 56199 f99bd4 56197->56199 56198->56199 56201 f99980 56198->56201 56202 f9998d 56201->56202 56205 114641a 56202->56205 56204 f9999a RtlAllocateHeap 56204->56199 56206 1146461 RaiseException 56205->56206 56207 1146434 56205->56207 56206->56204 56207->56206 56208 f92770 56215 11446d9 56208->56215 56212 f92812 56237 1144a5a 41 API calls 56212->56237 56214 f92823 56216 11446de std::_Locinfo::_Locinfo_ctor 56215->56216 56217 f927ac 56216->56217 56219 11446fa std::_Facet_Register 56216->56219 56238 1159cf3 EnterCriticalSection std::_Facet_Register 56216->56238 56222 10832e0 56217->56222 56220 114641a Concurrency::cancel_current_task RaiseException 56219->56220 56221 1145360 56220->56221 56223 1083306 56222->56223 56233 1083389 std::ios_base::_Ios_base_dtor 56222->56233 56224 108341a 56223->56224 56226 1083348 56223->56226 56227 108331d 56223->56227 56239 f97730 56224->56239 56230 11446d9 std::_Facet_Register 2 API calls 56226->56230 56232 108332e 56226->56232 56227->56224 56229 11446d9 std::_Facet_Register 2 API calls 56227->56229 56228 108348e 56228->56212 56229->56232 56230->56232 56232->56233 56273 1149b1f 56232->56273 56233->56212 56236 108341f std::ios_base::_Ios_base_dtor 56236->56228 56256 fbca00 56236->56256 56269 f978a0 56236->56269 56237->56214 56238->56216 56240 f9773b std::_Facet_Register 56239->56240 56241 114641a Concurrency::cancel_current_task RaiseException 56240->56241 56242 f9774a 56241->56242 56243 f97796 56242->56243 56244 f97764 56242->56244 56245 f97786 56242->56245 56243->56236 56246 f97730 std::_Throw_Cpp_error 41 API calls 56243->56246 56244->56243 56247 f9776b 56244->56247 56245->56243 56248 f9778a 56245->56248 56249 f97771 56246->56249 56250 11446d9 std::_Facet_Register 2 API calls 56247->56250 56251 11446d9 std::_Facet_Register 2 API calls 56248->56251 56252 1149b1f std::_Throw_Cpp_error 41 API calls 56249->56252 56255 f9777a 56249->56255 56250->56249 56253 f97790 56251->56253 56254 f977a5 56252->56254 56253->56236 56254->56236 56255->56236 56278 fc08b0 56256->56278 56258 fbca3b 56259 f978a0 41 API calls 56258->56259 56260 fbca47 56259->56260 56261 f978a0 41 API calls 56260->56261 56262 fbca53 56261->56262 56263 f978a0 41 API calls 56262->56263 56264 fbca5f 56263->56264 56265 f978a0 41 API calls 56264->56265 56266 fbca6b 56265->56266 56267 f978a0 41 API calls 56266->56267 56268 fbca79 56267->56268 56268->56236 56270 f978ee std::ios_base::_Ios_base_dtor 56269->56270 56272 f978cd 56269->56272 56270->56236 56271 1149b1f std::_Throw_Cpp_error 41 API calls 56271->56272 56272->56236 56272->56269 56272->56270 56272->56271 56285 1149a5b 41 API calls __cftof 56273->56285 56275 1149b2e 56286 1149b3c 11 API calls std::locale::_Setgloballocale 56275->56286 56277 1149b3b 56279 fc08e2 56278->56279 56281 fc0947 std::ios_base::_Ios_base_dtor 56278->56281 56280 fc0909 56279->56280 56282 f978a0 41 API calls 56279->56282 56280->56281 56283 1149b1f std::_Throw_Cpp_error 41 API calls 56280->56283 56281->56258 56282->56279 56284 fc097e std::ios_base::_Ios_base_dtor 56283->56284 56284->56258 56285->56275 56286->56277 56287 fa0db0 56288 fa0de7 56287->56288 56289 fa0df7 std::ios_base::_Ios_base_dtor 56287->56289 56288->56289 56290 1149b1f std::_Throw_Cpp_error 41 API calls 56288->56290 56291 fa0e2c 56290->56291 56294 fa11e0 41 API calls std::ios_base::_Ios_base_dtor 56291->56294 56293 fa0e6c std::ios_base::_Ios_base_dtor 56294->56293 56295 10aa060 56339 10a8790 41 API calls 56295->56339 56297 10aa0a8 56340 fc10e0 41 API calls 56297->56340 56299 10aa0bd 56341 f98e00 56299->56341 56302 f978a0 41 API calls 56303 10aa0df 56302->56303 56306 10aa302 56303->56306 56307 10aa113 std::ios_base::_Ios_base_dtor std::locale::_Setgloballocale 56303->56307 56304 10aa183 56305 10aa1a7 56304->56305 56308 10aa190 56304->56308 56345 10b30c0 56305->56345 56309 1149b1f std::_Throw_Cpp_error 41 API calls 56306->56309 56307->56304 56375 fa8020 41 API calls 56307->56375 56381 10b47e0 74 API calls 4 library calls 56308->56381 56313 10aa307 56309->56313 56311 10aa1b5 56382 f97160 56311->56382 56316 1149b1f std::_Throw_Cpp_error 41 API calls 56313->56316 56320 10aa30c 56316->56320 56317 10aa1f4 56394 10a8790 41 API calls 56317->56394 56318 10aa15e 56318->56318 56376 f97050 56318->56376 56319 10aa1a4 56319->56305 56322 f97160 41 API calls 56320->56322 56325 10aa37c 56322->56325 56323 10aa205 56395 10b0fc0 60 API calls 5 library calls 56323->56395 56403 11462f5 56325->56403 56330 10aa39e 56331 10aa2a1 std::ios_base::_Ios_base_dtor 56332 f978a0 41 API calls 56331->56332 56334 10aa2cb 56332->56334 56333 10aa21c std::ios_base::_Ios_base_dtor 56333->56313 56333->56331 56335 f978a0 41 API calls 56334->56335 56336 10aa2da 56335->56336 56396 114469a 56336->56396 56338 10aa2f8 56339->56297 56340->56299 56342 f98e40 56341->56342 56342->56342 56343 f97050 41 API calls 56342->56343 56344 f98e5b 56343->56344 56344->56302 56412 f97750 56345->56412 56347 10b3169 std::locale::_Setgloballocale 56348 10b319a LoadStringW 56347->56348 56349 10b31c9 56348->56349 56353 10b3207 std::locale::_Setgloballocale 56348->56353 56350 f97160 41 API calls 56349->56350 56352 10b31fe 56350->56352 56351 10b325c LoadStringW 56351->56353 56354 10b3273 56351->56354 56355 10b32bd std::ios_base::_Ios_base_dtor 56352->56355 56358 f978a0 41 API calls 56352->56358 56353->56351 56427 10b3460 42 API calls 2 library calls 56353->56427 56357 f97160 41 API calls 56354->56357 56360 10b339e 56355->56360 56363 10b335f std::ios_base::_Ios_base_dtor 56355->56363 56357->56352 56358->56355 56359 114469a _ValidateLocalCookies 5 API calls 56361 10b3397 56359->56361 56362 1149b1f std::_Throw_Cpp_error 41 API calls 56360->56362 56361->56311 56364 10b33a3 56362->56364 56363->56359 56365 10b344e 56364->56365 56367 10b33e9 SysFreeString 56364->56367 56368 10b3431 SysAllocStringLen 56364->56368 56366 f99980 2 API calls 56365->56366 56369 10b3458 56366->56369 56373 114469a _ValidateLocalCookies 5 API calls 56367->56373 56368->56367 56370 10b3444 56368->56370 56371 f99980 2 API calls 56370->56371 56371->56365 56374 10b342d 56373->56374 56374->56311 56375->56318 56377 f97097 56376->56377 56380 f97063 std::_Locinfo::_Locinfo_ctor 56376->56380 56428 f96f20 41 API calls 3 library calls 56377->56428 56379 f970a8 56379->56304 56380->56304 56381->56319 56386 f97171 std::_Locinfo::_Locinfo_ctor 56382->56386 56387 f971ad 56382->56387 56383 f97261 56429 f97150 41 API calls 3 library calls 56383->56429 56385 f97266 56389 f97160 41 API calls 56385->56389 56386->56317 56387->56383 56388 f97750 41 API calls 56387->56388 56391 f971f6 std::_Locinfo::_Locinfo_ctor 56388->56391 56390 f972d2 56389->56390 56390->56317 56392 f97245 std::ios_base::_Ios_base_dtor 56391->56392 56393 1149b1f std::_Throw_Cpp_error 41 API calls 56391->56393 56392->56317 56393->56383 56394->56323 56395->56333 56397 11446a2 56396->56397 56398 11446a3 IsProcessorFeaturePresent 56396->56398 56397->56338 56400 1144d0a 56398->56400 56430 1144ccd SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 56400->56430 56402 1144ded 56402->56338 56431 1146303 56403->56431 56405 11462fa 56406 10aa38f 56405->56406 56447 115dd2e EnterCriticalSection std::locale::_Setgloballocale 56405->56447 56411 10b47e0 74 API calls 4 library calls 56406->56411 56408 114e1b0 56448 114fec8 41 API calls std::locale::_Setgloballocale 56408->56448 56410 114e1ee 56411->56330 56413 f97796 56412->56413 56414 f9775b 56412->56414 56413->56347 56417 f97730 std::_Throw_Cpp_error 41 API calls 56413->56417 56415 f97764 56414->56415 56416 f97786 56414->56416 56415->56413 56418 f9776b 56415->56418 56416->56413 56419 f9778a 56416->56419 56420 f97771 56417->56420 56421 11446d9 std::_Facet_Register 2 API calls 56418->56421 56422 11446d9 std::_Facet_Register 2 API calls 56419->56422 56423 1149b1f std::_Throw_Cpp_error 41 API calls 56420->56423 56426 f9777a 56420->56426 56421->56420 56424 f97790 56422->56424 56425 f977a5 56423->56425 56424->56347 56425->56347 56426->56347 56427->56353 56428->56379 56429->56385 56430->56402 56432 114630c 56431->56432 56433 114630f GetLastError 56431->56433 56432->56405 56449 11494ed 6 API calls ___vcrt_FlsGetValue 56433->56449 56435 1146324 56436 1146389 SetLastError 56435->56436 56446 1146343 56435->56446 56450 1149528 56435->56450 56436->56405 56446->56436 56447->56408 56448->56410 56449->56435 56458 114938c 56450->56458 56453 1149551 FlsSetValue 56455 114633d 56453->56455 56454 114955d TlsSetValue 56454->56455 56455->56446 56457 115724e 14 API calls __Wcrtomb 56455->56457 56459 11493a9 56458->56459 56460 11493ad 56458->56460 56459->56453 56459->56454 56460->56459 56461 1149415 GetProcAddress 56460->56461 56464 1149406 56460->56464 56466 114942c LoadLibraryExW GetLastError LoadLibraryExW ___vcrt_FlsGetValue 56460->56466 56461->56459 56463 1149423 56461->56463 56463->56459 56464->56461 56465 114940e FreeLibrary 56464->56465 56465->56461 56466->56460 56467 fb2250 56470 10bacf0 56467->56470 56469 fb2264 56471 10bad3a 56470->56471 56472 10bad26 56470->56472 56487 f99cc0 56471->56487 56472->56469 56474 10baf1a 56475 f99980 2 API calls 56474->56475 56476 10baf24 56475->56476 56479 f99cc0 50 API calls 56486 10bad3f 56479->56486 56482 10badff GetActiveWindow 56482->56486 56484 10baede 56484->56469 56486->56474 56486->56479 56486->56482 56486->56484 56502 10baf30 59 API calls 56486->56502 56503 f99800 42 API calls 4 library calls 56486->56503 56504 1050020 LoadStringW LoadStringW 56486->56504 56505 10db860 56486->56505 56515 f992a0 56486->56515 56528 f99800 42 API calls 4 library calls 56486->56528 56488 f99cf8 56487->56488 56499 f99d4c 56487->56499 56529 1144ba2 EnterCriticalSection 56488->56529 56490 1144ba2 4 API calls 56493 f99d66 56490->56493 56492 f99d0e GetProcessHeap 56533 1144a5a 41 API calls 56492->56533 56501 f99dd7 56493->56501 56535 1144a5a 41 API calls 56493->56535 56495 f99d3b 56534 1144b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 56495->56534 56498 f99dc6 56536 1144b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 56498->56536 56499->56490 56499->56501 56501->56486 56502->56486 56503->56486 56504->56486 56506 10db9aa 56505->56506 56509 10db885 56505->56509 56507 114469a _ValidateLocalCookies 5 API calls 56506->56507 56508 10db9bd 56507->56508 56508->56486 56509->56506 56510 10db921 GetDiskFreeSpaceExW 56509->56510 56510->56509 56511 10db97f 56510->56511 56511->56506 56512 10db993 56511->56512 56513 114469a _ValidateLocalCookies 5 API calls 56512->56513 56514 10db9a6 56513->56514 56514->56486 56538 f990a0 7 API calls 56515->56538 56517 f992b0 56518 f99332 56517->56518 56519 f992b6 FindResourceW 56517->56519 56518->56486 56519->56518 56520 f992cd 56519->56520 56539 f99160 LoadResource LockResource SizeofResource 56520->56539 56522 f992d7 56522->56518 56540 114e127 41 API calls 3 library calls 56522->56540 56524 f9930e 56525 f9931e 56524->56525 56526 f99980 2 API calls 56524->56526 56525->56486 56527 f99344 56526->56527 56528->56482 56532 1144bb6 56529->56532 56530 f99d02 56530->56492 56530->56499 56532->56530 56537 1144c2a SleepConditionVariableCS WaitForSingleObjectEx EnterCriticalSection 56532->56537 56533->56495 56534->56499 56535->56498 56536->56501 56537->56532 56538->56517 56539->56522 56540->56524 56541 fc18b0 56542 fc191b 56541->56542 56544 fc18e5 std::ios_base::_Ios_base_dtor 56541->56544 56543 f978a0 41 API calls 56543->56544 56544->56542 56544->56543 56545 1144c78 56546 11446d9 std::_Facet_Register 2 API calls 56545->56546 56547 1144cad 56546->56547 56548 10e9020 56549 10e904f 56548->56549 56550 10e9065 56548->56550 56551 f99cc0 50 API calls 56550->56551 56552 10e906a 56551->56552 56553 10e9074 56552->56553 56554 10e9172 56552->56554 56575 f98d40 59 API calls 56553->56575 56555 f99980 2 API calls 56554->56555 56556 10e917c 56555->56556 56558 f99cc0 50 API calls 56556->56558 56570 10e91b5 56558->56570 56559 10e9369 56560 f99980 2 API calls 56559->56560 56561 10e9373 56560->56561 56562 f99980 2 API calls 56561->56562 56563 10e937d 56562->56563 56564 10e9108 56565 10e9099 56565->56564 56566 10e910c 56565->56566 56576 10e9380 89 API calls 5 library calls 56566->56576 56568 10e9118 56568->56564 56569 f99cc0 50 API calls 56569->56570 56570->56559 56570->56561 56570->56569 56572 10e9302 56570->56572 56573 10e9312 56570->56573 56577 fa4010 56570->56577 56572->56573 56582 fb11a0 56572->56582 56575->56565 56576->56568 56578 fa4091 56577->56578 56580 fa4038 56577->56580 56579 f99980 2 API calls 56578->56579 56581 fa409b 56579->56581 56580->56570 56583 fb1203 56582->56583 56584 fb11b6 56582->56584 56583->56573 56585 fb11f0 56584->56585 56587 fb11c6 56584->56587 56602 f99800 42 API calls 4 library calls 56585->56602 56591 f994e0 56587->56591 56588 fb11fb 56588->56573 56590 fb11cc 56590->56573 56592 f994eb 56591->56592 56593 f994fa 56592->56593 56594 f99513 std::locale::_Setgloballocale 56592->56594 56595 f99565 56592->56595 56593->56590 56596 f99536 std::_Locinfo::_Locinfo_ctor 56594->56596 56603 1149c2f 13 API calls __Wcrtomb 56594->56603 56598 f994e0 41 API calls 56595->56598 56596->56590 56600 f995a6 56598->56600 56599 f99555 56604 1149b0f 41 API calls __cftof 56599->56604 56600->56590 56602->56588 56603->56599 56604->56596 56605 10fde40 56633 10fbcd0 56605->56633 56608 f97160 41 API calls 56609 10fdef0 56608->56609 56610 f97050 41 API calls 56609->56610 56611 10fdf09 56610->56611 56638 f98d60 56611->56638 56614 f98e00 41 API calls 56615 10fdf2a 56614->56615 56616 f97050 41 API calls 56615->56616 56617 10fdf46 56616->56617 56618 f978a0 41 API calls 56617->56618 56619 10fdf52 56618->56619 56620 f978a0 41 API calls 56619->56620 56621 10fdf5e 56620->56621 56646 10fc810 56621->56646 56623 10fdfec 56625 f978a0 41 API calls 56623->56625 56626 10fdff8 56625->56626 56658 10fbe70 41 API calls std::ios_base::_Ios_base_dtor 56626->56658 56628 10fdf7f 56628->56623 56630 f97160 41 API calls 56628->56630 56657 10fbbf0 49 API calls __Init_thread_footer 56628->56657 56629 10fe007 56631 114469a _ValidateLocalCookies 5 API calls 56629->56631 56630->56628 56632 10fe021 56631->56632 56634 11446d9 std::_Facet_Register 2 API calls 56633->56634 56635 10fbd9d 56634->56635 56659 10fbf60 56635->56659 56639 f98da0 56638->56639 56639->56639 56640 f98df9 56639->56640 56642 f98dc0 56639->56642 56674 f97150 41 API calls 3 library calls 56640->56674 56670 f96e80 56642->56670 56643 f98dfe 56645 f98dd7 56645->56614 56647 10fbf60 41 API calls 56646->56647 56648 10fc81f 56647->56648 56649 10fc83a 56648->56649 56651 f97160 41 API calls 56648->56651 56675 10fc8e0 56649->56675 56651->56649 56657->56628 56658->56629 56660 f97160 41 API calls 56659->56660 56661 10fbf78 56660->56661 56662 10fbf90 56661->56662 56663 f978a0 41 API calls 56661->56663 56664 10fbfb1 56662->56664 56668 10fe2d0 41 API calls std::ios_base::_Ios_base_dtor 56662->56668 56663->56661 56667 10fbdbb 56664->56667 56669 f98580 41 API calls 2 library calls 56664->56669 56667->56608 56668->56664 56669->56664 56671 f96eaf 56670->56671 56672 f96ed6 std::_Locinfo::_Locinfo_ctor 56670->56672 56673 f97750 41 API calls 56671->56673 56672->56645 56673->56672 56674->56643 56676 10fc92a 56675->56676 56677 10fccc1 56675->56677 56679 f97160 41 API calls 56676->56679 56678 114469a _ValidateLocalCookies 5 API calls 56677->56678 56680 10fc84a 56678->56680 56681 10fc950 56679->56681 56715 10fccf0 56680->56715 56682 10fcb3d 56681->56682 56703 10fc95f std::ios_base::_Ios_base_dtor 56681->56703 56684 f97050 41 API calls 56682->56684 56683 10fca87 56685 f98d60 41 API calls 56683->56685 56684->56683 56687 10fca9b 56685->56687 56686 f97050 41 API calls 56686->56703 56688 f98e00 41 API calls 56687->56688 56689 10fcaae 56688->56689 56691 f97050 41 API calls 56689->56691 56690 f97160 41 API calls 56690->56703 56693 10fcaca 56691->56693 56694 f978a0 41 API calls 56693->56694 56696 10fcad6 56694->56696 56695 f98e00 41 API calls 56695->56703 56697 f978a0 41 API calls 56696->56697 56698 10fcae2 56697->56698 56700 f97050 41 API calls 56698->56700 56709 10fcb19 std::ios_base::_Ios_base_dtor 56698->56709 56699 f978a0 41 API calls 56699->56703 56701 10fcaf5 56700->56701 56704 f97050 41 API calls 56701->56704 56702 10fcc66 56706 f978a0 41 API calls 56702->56706 56703->56683 56703->56686 56703->56690 56703->56695 56703->56699 56705 10fcce1 56703->56705 56752 fc10e0 41 API calls 56703->56752 56704->56709 56707 1149b1f std::_Throw_Cpp_error 41 API calls 56705->56707 56706->56677 56710 10fcce6 56707->56710 56708 f97160 41 API calls 56708->56709 56709->56702 56709->56705 56709->56708 56712 f98e00 41 API calls 56709->56712 56713 f97050 41 API calls 56709->56713 56714 f978a0 41 API calls 56709->56714 56753 fc10e0 41 API calls 56709->56753 56712->56709 56713->56709 56714->56709 56720 10fcd38 56715->56720 56721 10fcd31 56715->56721 56716 114469a _ValidateLocalCookies 5 API calls 56717 10fc851 56716->56717 56725 10fced0 56717->56725 56718 10fce01 56718->56721 56755 114ec1e 47 API calls 56718->56755 56756 10fe4a0 42 API calls std::_Locinfo::_Locinfo_ctor 56718->56756 56720->56718 56722 f97160 41 API calls 56720->56722 56754 fca570 41 API calls 56720->56754 56721->56716 56722->56720 56726 10fd7da 56725->56726 56736 10fcf30 std::ios_base::_Ios_base_dtor std::locale::_Setgloballocale 56725->56736 56727 114469a _ValidateLocalCookies 5 API calls 56726->56727 56728 10fc85c 56727->56728 56728->56628 56729 11446d9 std::_Facet_Register 2 API calls 56729->56736 56734 10fe190 42 API calls 56734->56736 56735 f97160 41 API calls 56735->56736 56736->56726 56736->56729 56736->56734 56736->56735 56738 10fd80e 56736->56738 56741 f978a0 41 API calls 56736->56741 56746 f98e00 41 API calls 56736->56746 56749 10fd519 56736->56749 56757 10fe800 56736->56757 56789 10a07e0 41 API calls _ValidateLocalCookies 56736->56789 56790 f9de00 41 API calls 56736->56790 56791 10fbbf0 49 API calls __Init_thread_footer 56736->56791 56792 10a5fc0 41 API calls 5 library calls 56736->56792 56794 10aefa0 41 API calls 5 library calls 56736->56794 56795 10fed10 41 API calls std::_Locinfo::_Locinfo_ctor 56736->56795 56796 10fe5d0 41 API calls 4 library calls 56736->56796 56797 10febe0 56736->56797 56802 fc2170 41 API calls std::ios_base::_Ios_base_dtor 56736->56802 56739 1149b1f std::_Throw_Cpp_error 41 API calls 56738->56739 56740 10fd813 56739->56740 56741->56736 56746->56736 56747 f97050 41 API calls 56747->56749 56749->56736 56749->56747 56751 f978a0 41 API calls 56749->56751 56793 10fc670 60 API calls 3 library calls 56749->56793 56751->56749 56752->56703 56753->56709 56754->56720 56755->56718 56756->56718 56758 10fe84d 56757->56758 56759 10fe9a5 56757->56759 56760 10fe9a0 56758->56760 56764 10fe8bf 56758->56764 56765 10fe898 56758->56765 56812 f96a90 41 API calls std::_Throw_Cpp_error 56759->56812 56762 f97730 std::_Throw_Cpp_error 41 API calls 56760->56762 56762->56759 56763 10fe946 56766 1149b1f std::_Throw_Cpp_error 41 API calls 56763->56766 56788 10fe96b std::ios_base::_Ios_base_dtor 56763->56788 56770 11446d9 std::_Facet_Register 2 API calls 56764->56770 56772 10fe8a9 56764->56772 56765->56760 56767 10fe8a3 56765->56767 56768 10fe9af 56766->56768 56769 11446d9 std::_Facet_Register 2 API calls 56767->56769 56813 10fe2d0 41 API calls std::ios_base::_Ios_base_dtor 56768->56813 56769->56772 56770->56772 56772->56763 56775 10febe0 41 API calls 56772->56775 56773 10fe9bb 56814 fb5dc0 41 API calls 2 library calls 56773->56814 56777 10fe8f8 56775->56777 56776 10fe9c9 56778 114641a Concurrency::cancel_current_task RaiseException 56776->56778 56779 10fe909 56777->56779 56780 10fe913 56777->56780 56781 10fe9d2 56778->56781 56803 10fea80 56779->56803 56809 10feb10 41 API calls std::_Facet_Register 56780->56809 56784 10fe90e 56784->56788 56811 10fe2d0 41 API calls std::ios_base::_Ios_base_dtor 56784->56811 56785 10fe91a 56810 10feb10 41 API calls std::_Facet_Register 56785->56810 56788->56736 56789->56736 56790->56736 56791->56736 56792->56736 56793->56749 56794->56736 56795->56736 56796->56736 56798 11446d9 std::_Facet_Register 2 API calls 56797->56798 56799 10fec29 56798->56799 56816 10fee10 56799->56816 56802->56736 56804 10feadb 56803->56804 56805 10feac6 56803->56805 56815 10fe2d0 41 API calls std::ios_base::_Ios_base_dtor 56804->56815 56805->56804 56806 10febe0 41 API calls 56805->56806 56806->56805 56808 10feaef 56808->56784 56809->56785 56810->56784 56811->56763 56813->56773 56814->56776 56815->56808 56817 10fee52 56816->56817 56827 10fec57 56816->56827 56818 11446d9 std::_Facet_Register 2 API calls 56817->56818 56819 10fee74 56818->56819 56828 f96610 56819->56828 56821 10fee8a 56822 f96610 41 API calls 56821->56822 56823 10fee9a 56822->56823 56824 10fee10 41 API calls 56823->56824 56825 10feeee 56824->56825 56826 10fee10 41 API calls 56825->56826 56826->56827 56827->56736 56829 f96637 56828->56829 56830 f9663e 56829->56830 56831 f97750 41 API calls 56829->56831 56830->56821 56832 f96670 std::_Locinfo::_Locinfo_ctor 56831->56832 56832->56821 56833 1148400 56834 114841e 56833->56834 56852 11483c0 5 API calls _ValidateLocalCookies 56834->56852 56836 114843c ___except_validate_context_record 56837 114849e 56836->56837 56839 11484cd 56836->56839 56844 11484da __IsNonwritableInCurrentImage 56836->56844 56838 11483c0 _ValidateLocalCookies 5 API calls 56837->56838 56837->56839 56838->56839 56840 11496e0 RtlUnwind 56841 1148527 56840->56841 56842 11483c0 _ValidateLocalCookies 5 API calls 56841->56842 56843 114854d 56842->56843 56845 1149717 ___vcrt_initialize_locks 7 API calls 56843->56845 56844->56840 56846 1148563 56845->56846 56847 1148567 56846->56847 56848 11463cc 9 API calls 56846->56848 56849 114856f 56848->56849 56850 114857a 56849->56850 56851 1149753 ___vcrt_uninitialize_locks DeleteCriticalSection 56849->56851 56851->56847 56853 109ff10 56854 109ff48 56853->56854 56855 109ff5b 56853->56855 56858 114469a _ValidateLocalCookies 5 API calls 56854->56858 56861 108fb90 47 API calls 4 library calls 56855->56861 56857 109ff65 56859 f978a0 41 API calls 56857->56859 56860 109ffaa 56858->56860 56859->56854 56861->56857 56862 1090a10 56863 1090a47 56862->56863 56869 1090a87 56862->56869 56864 1144ba2 4 API calls 56863->56864 56865 1090a51 56864->56865 56865->56869 56870 1144a5a 41 API calls 56865->56870 56867 1090a73 56871 1144b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 56867->56871 56870->56867 56871->56869 56872 1092af0 56873 1092b3c 56872->56873 56874 1092d57 56872->56874 56903 fa03a0 56873->56903 56877 114469a _ValidateLocalCookies 5 API calls 56874->56877 56879 1092dd9 56877->56879 56878 f99cc0 50 API calls 56880 1092b66 56878->56880 56881 1092ddd 56880->56881 56882 1092b70 56880->56882 56883 f99980 2 API calls 56881->56883 56885 1092b8b 56882->56885 56887 1092b99 56882->56887 56884 1092de7 56883->56884 56886 f992a0 50 API calls 56885->56886 56889 1092b97 56886->56889 56887->56887 56980 f99800 42 API calls 4 library calls 56887->56980 56890 f978a0 41 API calls 56889->56890 56891 1092bc9 CreateFileW 56890->56891 56892 1092c19 56891->56892 56893 1092bfb CloseHandle 56891->56893 56929 fcd370 63 API calls 56892->56929 56893->56874 56895 1092c22 56930 1092df0 56895->56930 56897 1092c35 WriteFile 56898 1092c65 56897->56898 56899 1092cab 56898->56899 56900 1092c9d CloseHandle 56898->56900 56981 10aa7b0 98 API calls _wcsrchr 56899->56981 56900->56899 56902 1092cb6 56902->56874 56904 fa03f1 56903->56904 56906 fa0470 56903->56906 56907 f97160 41 API calls 56904->56907 56909 f96610 41 API calls 56906->56909 56908 fa0439 56907->56908 57032 fa0b00 63 API calls 2 library calls 56908->57032 56911 fa0490 56909->56911 56913 fa04ae 56911->56913 56914 f978a0 41 API calls 56911->56914 56912 fa044f 56915 f96610 41 API calls 56912->56915 56916 f978a0 41 API calls 56913->56916 56919 fa04c9 56913->56919 56914->56913 56917 fa0458 56915->56917 56916->56919 56917->56906 56921 fa0568 56919->56921 56922 fa0504 std::ios_base::_Ios_base_dtor 56919->56922 56925 1149b1f std::_Throw_Cpp_error 41 API calls 56921->56925 56982 fa0570 56922->56982 56923 f978a0 41 API calls 56924 fa054a 56923->56924 56926 114469a _ValidateLocalCookies 5 API calls 56924->56926 56927 fa056d 56925->56927 56928 fa0564 56926->56928 56928->56878 56929->56895 56931 f99cc0 50 API calls 56930->56931 56932 1092e2a 56931->56932 56933 1092eae 56932->56933 56934 1092e30 56932->56934 56935 f99980 2 API calls 56933->56935 56937 1092e7b 56934->56937 56938 1092e5e 56934->56938 56936 1092eb8 56935->56936 57132 10ab170 56936->57132 57166 1094bd0 76 API calls 56937->57166 57165 1094bd0 76 API calls 56938->57165 56942 1092e76 56942->56897 56944 f994e0 41 API calls 56945 1092f1e 56944->56945 56946 1092f80 56945->56946 57135 1093420 56945->57135 56948 1092fa0 GetModuleHandleW 56946->56948 56950 1093009 56948->56950 56951 1092fd4 56948->56951 56949 1092f39 56952 fb11a0 42 API calls 56949->56952 56957 1093061 56950->56957 56960 1144ba2 4 API calls 56950->56960 56953 1144ba2 4 API calls 56951->56953 56954 1092f46 MoveFileW 56952->56954 56955 1092fde 56953->56955 56959 10ab170 10 API calls 56954->56959 56955->56950 56958 1092fea GetProcAddress 56955->56958 56966 1144ba2 4 API calls 56957->56966 56973 10930b9 56957->56973 57167 1144b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 56958->57167 56961 1092f78 56959->56961 56962 1093036 56960->56962 56961->56946 56964 1093301 56961->56964 56962->56957 56965 1093042 GetProcAddress 56962->56965 57162 114ff04 56964->57162 57168 1144b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 56965->57168 56969 109308e 56966->56969 56972 109309a GetProcAddress 56969->56972 56969->56973 57169 1144b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 56972->57169 56975 1093295 56973->56975 57170 1067a10 GetSystemDirectoryW 56973->57170 57195 1094850 11 API calls 56975->57195 56977 10932a1 56978 114469a _ValidateLocalCookies 5 API calls 56977->56978 56979 10932f9 56978->56979 56979->56897 56980->56889 56981->56902 56983 fa05d7 GetTempFileNameW 56982->56983 56984 fa05d5 56982->56984 56985 fa061e 56983->56985 57002 fa05ec std::ios_base::_Ios_base_dtor 56983->57002 56984->56983 56987 f97160 41 API calls 56985->56987 56986 114469a _ValidateLocalCookies 5 API calls 56988 fa0532 56986->56988 56989 fa0680 56987->56989 56988->56923 56990 fa0a18 56989->56990 56991 fa0688 56989->56991 56993 f96610 41 API calls 56990->56993 56992 f96610 41 API calls 56991->56992 56994 fa06b3 56992->56994 56995 fa0a43 56993->56995 57033 109d900 56994->57033 56997 109d900 45 API calls 56995->56997 56999 fa0a52 56997->56999 57000 109deb0 41 API calls 56999->57000 57003 fa0a64 57000->57003 57002->56986 57003->57002 57004 fa0af6 57003->57004 57006 1149b1f std::_Throw_Cpp_error 41 API calls 57004->57006 57005 fa0af1 57009 1149b1f std::_Throw_Cpp_error 41 API calls 57005->57009 57010 fa0afb 57006->57010 57007 fa06d8 std::ios_base::_Ios_base_dtor 57007->57005 57008 f97160 41 API calls 57007->57008 57012 fa078c std::_Locinfo::_Locinfo_ctor 57008->57012 57009->57004 57071 109c720 57012->57071 57017 f978a0 41 API calls 57018 fa084c 57017->57018 57019 fa094e 57018->57019 57020 fa0854 57018->57020 57019->57005 57021 fa09de std::ios_base::_Ios_base_dtor 57019->57021 57022 fa0570 46 API calls 57020->57022 57024 f978a0 41 API calls 57021->57024 57023 fa0871 DeleteFileW 57022->57023 57025 f978a0 41 API calls 57023->57025 57024->57002 57026 fa08da 57025->57026 57027 fa0914 std::ios_base::_Ios_base_dtor 57026->57027 57030 fa0aec 57026->57030 57028 f978a0 41 API calls 57027->57028 57029 fa0949 57028->57029 57029->57002 57031 1149b1f std::_Throw_Cpp_error 41 API calls 57030->57031 57031->57005 57032->56912 57105 109f1a0 57033->57105 57035 109d97b 57036 109da94 57035->57036 57037 109d986 57035->57037 57040 109f1a0 45 API calls 57036->57040 57038 109dc2d 57037->57038 57039 109d9af 57037->57039 57111 f96d30 41 API calls 57038->57111 57041 f97160 41 API calls 57039->57041 57042 109dabd 57040->57042 57044 109d9d3 57041->57044 57048 109db01 57042->57048 57049 109dc37 57042->57049 57065 109da7e std::ios_base::_Ios_base_dtor 57042->57065 57110 fc10e0 41 API calls 57044->57110 57045 109dc32 57050 1149b1f std::_Throw_Cpp_error 41 API calls 57045->57050 57046 109dbef std::ios_base::_Ios_base_dtor 57051 114469a _ValidateLocalCookies 5 API calls 57046->57051 57053 f97160 41 API calls 57048->57053 57112 f96d30 41 API calls 57049->57112 57050->57049 57056 fa06c2 57051->57056 57052 109d9eb 57057 109da02 57052->57057 57059 f978a0 41 API calls 57052->57059 57058 109db25 57053->57058 57055 109dc3c 57062 1149b1f std::_Throw_Cpp_error 41 API calls 57055->57062 57066 109deb0 57056->57066 57061 f978a0 41 API calls 57057->57061 57060 f978a0 41 API calls 57058->57060 57059->57057 57060->57065 57064 109da3c 57061->57064 57063 109dc41 57062->57063 57064->57045 57064->57065 57065->57046 57065->57055 57070 109df2c 57066->57070 57067 109e09f std::ios_base::_Ios_base_dtor 57067->57007 57068 1149b1f std::_Throw_Cpp_error 41 API calls 57069 109e0df 57068->57069 57070->57067 57070->57068 57072 109c766 57071->57072 57073 109c72e 57071->57073 57114 fa1b80 57072->57114 57073->57072 57128 f9de00 41 API calls 57073->57128 57075 109c79d 57076 f97050 41 API calls 57075->57076 57077 fa080f 57076->57077 57079 109d5d0 57077->57079 57080 109d626 57079->57080 57084 109d633 57079->57084 57081 f96610 41 API calls 57080->57081 57082 109d62e std::ios_base::_Ios_base_dtor 57081->57082 57086 114469a _ValidateLocalCookies 5 API calls 57082->57086 57083 109d7e8 57087 f96610 41 API calls 57083->57087 57084->57083 57085 109d670 PathIsUNCW 57084->57085 57088 109d7a0 57085->57088 57089 109d685 57085->57089 57090 fa0821 MoveFileW 57086->57090 57087->57082 57092 109f1a0 45 API calls 57088->57092 57091 109f1a0 45 API calls 57089->57091 57090->57017 57093 109d6aa 57091->57093 57094 109d7c5 57092->57094 57093->57083 57095 109d6b5 57093->57095 57094->57083 57096 109d7cc 57094->57096 57097 f96610 41 API calls 57095->57097 57098 f96610 41 API calls 57096->57098 57099 109d6be std::_Locinfo::_Locinfo_ctor 57097->57099 57098->57099 57131 f98c50 41 API calls std::_Locinfo::_Locinfo_ctor 57099->57131 57101 109d708 57101->57082 57102 109d820 57101->57102 57103 1149b1f std::_Throw_Cpp_error 41 API calls 57102->57103 57104 109d825 57103->57104 57106 109f1ad 57105->57106 57107 109f1c0 ___vcrt_FlsGetValue 57105->57107 57106->57107 57113 115021e 45 API calls 2 library calls 57106->57113 57107->57035 57109 109f1d6 57109->57035 57110->57052 57113->57109 57115 fa1b90 57114->57115 57116 fa1bb4 57114->57116 57115->57075 57117 fa1c8a 57116->57117 57118 fa1bc6 57116->57118 57129 f97150 41 API calls 3 library calls 57117->57129 57121 f97750 41 API calls 57118->57121 57120 fa1bf8 std::_Locinfo::_Locinfo_ctor 57122 1149b1f std::_Throw_Cpp_error 41 API calls 57120->57122 57127 fa1c4a std::ios_base::_Ios_base_dtor std::_Locinfo::_Locinfo_ctor 57120->57127 57121->57120 57123 fa1c94 57122->57123 57124 fa1ca8 57123->57124 57130 fa1ce0 41 API calls 4 library calls 57123->57130 57124->57075 57126 fa1cd4 57126->57075 57127->57075 57128->57072 57129->57120 57130->57126 57131->57101 57196 10ab1b0 57132->57196 57136 1093460 57135->57136 57137 f99cc0 50 API calls 57136->57137 57145 1093478 57137->57145 57138 109356d 57139 f99980 2 API calls 57138->57139 57140 1093577 FreeLibrary EnterCriticalSection 57139->57140 57141 10935e6 57140->57141 57147 109360c std::ios_base::_Ios_base_dtor 57140->57147 57142 10935fc 57141->57142 57143 10935ec DestroyWindow 57141->57143 57142->57147 57217 114e536 57142->57217 57143->57142 57145->57138 57146 10ab170 10 API calls 57145->57146 57150 10934ea 57145->57150 57155 f99cc0 50 API calls 57145->57155 57215 f98d40 59 API calls 57145->57215 57146->57145 57149 109365d 57147->57149 57151 1093673 std::ios_base::_Ios_base_dtor 57147->57151 57152 114e536 ___std_exception_destroy 13 API calls 57147->57152 57149->57151 57153 114e536 ___std_exception_destroy 13 API calls 57149->57153 57157 1093532 57150->57157 57159 1093508 57150->57159 57161 109350f 57150->57161 57209 10959b0 57151->57209 57152->57149 57153->57151 57155->57145 57216 f99800 42 API calls 4 library calls 57157->57216 57160 f994e0 41 API calls 57159->57160 57160->57161 57161->56949 57228 114fcec 57162->57228 57165->56942 57166->56942 57167->56950 57168->56957 57169->56973 57171 1067a5f 57170->57171 57194 1067b1b 57170->57194 57173 f99cc0 50 API calls 57171->57173 57171->57194 57172 114469a _ValidateLocalCookies 5 API calls 57174 1067b6b 57172->57174 57175 1067a6f 57173->57175 57174->56973 57176 1067b73 57175->57176 57177 1067a79 57175->57177 57178 f99980 2 API calls 57176->57178 57181 1067a95 57177->57181 57182 1067aa3 57177->57182 57179 1067b7d 57178->57179 57180 11446d9 std::_Facet_Register 2 API calls 57179->57180 57183 1067cd2 57180->57183 57184 f992a0 50 API calls 57181->57184 57329 f99800 42 API calls 4 library calls 57182->57329 57348 fad690 41 API calls 3 library calls 57183->57348 57186 1067aa1 57184->57186 57330 fb0880 57186->57330 57187 1067d1a 57187->56973 57194->57172 57195->56977 57197 10ab1f4 57196->57197 57208 10ab1ec 57196->57208 57199 10ab2e1 57197->57199 57203 10ab224 std::locale::_Setgloballocale 57197->57203 57197->57208 57198 114469a _ValidateLocalCookies 5 API calls 57200 1092f10 57198->57200 57201 f99980 2 API calls 57199->57201 57200->56944 57202 10ab2eb 57201->57202 57204 10ab242 FindFirstFileW 57203->57204 57203->57208 57205 10ab28e GetLastError 57204->57205 57206 10ab271 57204->57206 57205->57206 57207 10ab2ab FindClose 57206->57207 57206->57208 57207->57208 57208->57198 57210 10936f7 57209->57210 57211 10959e1 57209->57211 57210->56949 57211->57209 57214 10959f7 std::ios_base::_Ios_base_dtor 57211->57214 57220 fa8590 RaiseException 57211->57220 57212 1095a3c DeleteCriticalSection 57212->57210 57214->57212 57215->57145 57216->57161 57221 115ca2d 57217->57221 57220->57211 57222 115ca38 RtlFreeHeap 57221->57222 57226 114e54e 57221->57226 57223 115ca4d GetLastError 57222->57223 57222->57226 57224 115ca5a __dosmaperr 57223->57224 57227 1149c2f 13 API calls __Wcrtomb 57224->57227 57226->57147 57227->57226 57229 114fd19 57228->57229 57230 114fd2b 57228->57230 57253 114fdb4 GetModuleHandleW 57229->57253 57240 114fb95 57230->57240 57233 114fd62 57235 109330b 57233->57235 57246 114fd83 57233->57246 57234 114fd1e 57234->57230 57254 114fe19 GetModuleHandleExW 57234->57254 57239 114fd7d 57241 114fba1 std::_Locinfo::_Locinfo_ctor 57240->57241 57260 11580d3 EnterCriticalSection 57241->57260 57243 114fbab 57261 114fc01 57243->57261 57245 114fbb8 std::locale::_Setgloballocale 57245->57233 57323 114fdf7 57246->57323 57249 114fda1 57251 114fe19 std::locale::_Setgloballocale 3 API calls 57249->57251 57250 114fd91 GetCurrentProcess TerminateProcess 57250->57249 57252 114fda9 ExitProcess 57251->57252 57253->57234 57255 114fe58 GetProcAddress 57254->57255 57256 114fe79 57254->57256 57255->57256 57259 114fe6c 57255->57259 57257 114fe7f FreeLibrary 57256->57257 57258 114fd2a 57256->57258 57257->57258 57258->57230 57259->57256 57260->57243 57262 114fc0d std::_Locinfo::_Locinfo_ctor 57261->57262 57263 114fc74 57262->57263 57268 114fca2 57262->57268 57269 115a77b 57262->57269 57267 114fc91 57263->57267 57273 115aa1f 57263->57273 57266 115aa1f std::locale::_Setgloballocale 41 API calls 57266->57268 57267->57266 57268->57245 57270 115a787 __EH_prolog3 57269->57270 57277 115a4d3 57270->57277 57272 115a7ae std::locale::_Init 57272->57263 57274 115aa2d 57273->57274 57275 115aa46 57273->57275 57274->57275 57288 f91990 57274->57288 57275->57267 57278 115a4df std::_Locinfo::_Locinfo_ctor 57277->57278 57283 11580d3 EnterCriticalSection 57278->57283 57280 115a4ed 57284 115a68b 57280->57284 57282 115a4fa std::locale::_Setgloballocale 57282->57272 57283->57280 57285 115a6aa 57284->57285 57286 115a6a2 57284->57286 57285->57286 57287 115ca2d ___free_lconv_mon 13 API calls 57285->57287 57286->57282 57287->57286 57289 f919cd 57288->57289 57296 f96520 57289->57296 57291 f91a67 57306 1144a5a 41 API calls 57291->57306 57293 f91a8d 57294 114469a _ValidateLocalCookies 5 API calls 57293->57294 57295 f91aa5 57294->57295 57295->57274 57297 f96581 57296->57297 57303 f965d5 57296->57303 57298 f96589 57297->57298 57299 f96606 57297->57299 57307 f96b70 57298->57307 57322 f96a90 41 API calls std::_Throw_Cpp_error 57299->57322 57303->57291 57304 f96610 41 API calls 57305 f9658f 57304->57305 57305->57303 57305->57304 57306->57293 57308 f96b7b 57307->57308 57309 f96bbf 57307->57309 57311 f96b88 57308->57311 57312 f96baa 57308->57312 57310 f97730 std::_Throw_Cpp_error 41 API calls 57309->57310 57314 f96b95 57310->57314 57311->57309 57315 f96b8f 57311->57315 57313 f96bba 57312->57313 57316 11446d9 std::_Facet_Register 2 API calls 57312->57316 57313->57305 57317 1149b1f std::_Throw_Cpp_error 41 API calls 57314->57317 57321 f96b9e 57314->57321 57318 11446d9 std::_Facet_Register 2 API calls 57315->57318 57319 f96bb4 57316->57319 57320 f96bc9 57317->57320 57318->57314 57319->57305 57321->57305 57328 115e93f 6 API calls std::locale::_Setgloballocale 57323->57328 57325 114fdfc 57326 114fd8d 57325->57326 57327 114fe01 GetPEB 57325->57327 57326->57249 57326->57250 57327->57326 57328->57325 57329->57186 57331 fb0952 57330->57331 57332 f99980 2 API calls 57331->57332 57333 fb095c 57332->57333 57349 f995d0 RtlAllocateHeap RaiseException 57333->57349 57335 fb09e7 57336 f99cc0 50 API calls 57335->57336 57337 fb09f9 57336->57337 57338 f99980 2 API calls 57337->57338 57339 fb0db6 57338->57339 57340 f994e0 41 API calls 57339->57340 57342 fb0dff 57340->57342 57341 fb1060 57343 f99980 2 API calls 57341->57343 57342->57341 57350 fb1210 51 API calls 57342->57350 57344 fb106a 57343->57344 57346 fb0e9f 57347 fb0880 51 API calls 57346->57347 57347->57341 57348->57187 57349->57335 57350->57346 57351 10b5370 57360 10b4f80 57351->57360 57354 10b53ca 57358 10b53e1 GetFileVersionInfoW 57354->57358 57359 10b53da 57354->57359 57355 10b542e GetLastError 57355->57359 57356 10b5440 DeleteFileW 57357 10b5447 57356->57357 57358->57355 57358->57359 57359->57356 57359->57357 57375 10b0240 57360->57375 57363 10b4fc6 SHGetFolderPathW 57365 10b4fe4 std::locale::_Setgloballocale 57363->57365 57364 10b518a 57366 114469a _ValidateLocalCookies 5 API calls 57364->57366 57365->57364 57368 10b505a GetTempPathW 57365->57368 57367 10b51b9 GetFileVersionInfoSizeW 57366->57367 57367->57354 57367->57355 57382 1146bd0 57368->57382 57371 10b50a6 57372 10b5112 Wow64DisableWow64FsRedirection CopyFileW 57371->57372 57373 10b5160 57372->57373 57373->57364 57374 10b5178 Wow64RevertWow64FsRedirection 57373->57374 57374->57364 57384 10b0370 57375->57384 57378 1144ba2 4 API calls 57380 10b0290 std::locale::_Setgloballocale 57378->57380 57379 10b0317 57379->57363 57379->57364 57380->57379 57392 1144b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 57380->57392 57383 10b5082 GetTempFileNameW 57382->57383 57383->57371 57385 10b0269 57384->57385 57386 10b03a7 57384->57386 57385->57378 57385->57379 57387 1144ba2 4 API calls 57386->57387 57388 10b03b1 57387->57388 57388->57385 57393 10b0410 57388->57393 57392->57379 57394 10b0466 RegOpenKeyExW 57393->57394 57395 10b048c RegQueryValueExW RegQueryValueExW 57394->57395 57396 10b07a6 57394->57396 57399 10b054b RegQueryValueExW 57395->57399 57400 10b04ef RegQueryValueExW 57395->57400 57397 10b07d2 57396->57397 57398 10b07c1 RegCloseKey 57396->57398 57401 114469a _ValidateLocalCookies 5 API calls 57397->57401 57398->57397 57404 10b058e 57399->57404 57400->57399 57402 10b0523 57400->57402 57403 10b03da 57401->57403 57402->57399 57402->57402 57424 1144b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 57403->57424 57405 10b062d RegQueryValueExW 57404->57405 57408 10b05ca RegQueryValueExW 57404->57408 57406 10b065a 57405->57406 57407 10b067f RegQueryValueExW 57405->57407 57406->57407 57412 10b06ac 57407->57412 57435 114fa5a 45 API calls 2 library calls 57408->57435 57410 10b0604 57413 10b061c 57410->57413 57436 114fa5a 45 API calls 2 library calls 57410->57436 57411 10b0766 57415 10b079a 57411->57415 57416 10b0770 GetCurrentProcess IsWow64Process 57411->57416 57412->57411 57414 1144ba2 4 API calls 57412->57414 57413->57405 57418 10b0729 57414->57418 57425 10b07f0 57415->57425 57416->57415 57419 10b078e 57416->57419 57418->57411 57420 10b0735 GetModuleHandleW GetProcAddress 57418->57420 57419->57415 57437 1144b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 57420->57437 57423 10b0763 57423->57411 57424->57385 57426 10b0848 RegOpenKeyExW 57425->57426 57427 10b086e RegQueryValueExW 57426->57427 57434 10b0920 57426->57434 57430 10b08ef RegQueryValueExW 57427->57430 57433 10b08a1 57427->57433 57428 10b0afe 57431 114469a _ValidateLocalCookies 5 API calls 57428->57431 57429 10b0aed RegCloseKey 57429->57428 57430->57434 57432 10b0b16 57431->57432 57432->57396 57433->57430 57434->57428 57434->57429 57435->57410 57436->57413 57437->57423 57438 10cf110 57439 10cf936 57438->57439 57447 fa8590 RaiseException 57439->57447 57441 10cf942 57442 f99980 2 API calls 57441->57442 57443 10cf94c 57442->57443 57444 f99980 2 API calls 57443->57444 57445 10cf956 57444->57445 57446 f99980 2 API calls 57445->57446 57447->57441 57448 fcaea0 57449 fcaeb3 std::ios_base::_Ios_base_dtor 57448->57449 57454 11462bd 57449->57454 57452 fcaec9 SetUnhandledExceptionFilter 57453 fcaedb 57452->57453 57455 11462f5 __set_se_translator 52 API calls 57454->57455 57456 11462c6 57455->57456 57457 11462f5 __set_se_translator 52 API calls 57456->57457 57458 fcaebd 57457->57458 57458->57452 57458->57453 57459 11410ea 57461 1141089 57459->57461 57462 1141b8b 57461->57462 57488 11418e9 57462->57488 57464 1141b9b 57465 1141bf8 57464->57465 57477 1141c1c 57464->57477 57497 1141b29 6 API calls 3 library calls 57465->57497 57467 1141c03 RaiseException 57468 1141df1 57467->57468 57468->57461 57469 1141c94 LoadLibraryExA 57470 1141cf5 57469->57470 57471 1141ca7 GetLastError 57469->57471 57472 1141d00 FreeLibrary 57470->57472 57476 1141d07 57470->57476 57473 1141cd0 57471->57473 57474 1141cba 57471->57474 57472->57476 57498 1141b29 6 API calls 3 library calls 57473->57498 57474->57470 57474->57473 57475 1141d65 GetProcAddress 57478 1141d75 GetLastError 57475->57478 57483 1141dc3 57475->57483 57476->57475 57476->57483 57477->57469 57477->57470 57477->57476 57477->57483 57480 1141d88 57478->57480 57480->57483 57499 1141b29 6 API calls 3 library calls 57480->57499 57482 1141cdb RaiseException 57482->57468 57500 1141b29 6 API calls 3 library calls 57483->57500 57485 1141da9 RaiseException 57486 11418e9 DloadAcquireSectionWriteAccess 6 API calls 57485->57486 57487 1141dc0 57486->57487 57487->57483 57489 11418f5 57488->57489 57490 114191b 57488->57490 57501 1141992 GetModuleHandleW GetProcAddress GetProcAddress DloadAcquireSectionWriteAccess 57489->57501 57490->57464 57492 11418fa 57493 1141916 57492->57493 57502 1141abb VirtualQuery GetSystemInfo VirtualProtect DloadProtectSection 57492->57502 57503 114191c GetModuleHandleW GetProcAddress GetProcAddress 57493->57503 57496 1141b64 57496->57464 57497->57467 57498->57482 57499->57485 57500->57468 57501->57492 57502->57493 57503->57496

                                                                                                    Executed Functions

                                                                                                    Function 010E81C0 Relevance: 30.3, APIs: 14, Strings: 3, Instructions: 526registryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 331 10e81c0-10e8252 GetUserNameW 332 10e829e-10e82dc GetEnvironmentVariableW 331->332 333 10e8254-10e825d GetLastError 331->333 335 10e82de-10e82e3 332->335 336 10e8322-10e832c 332->336 333->332 334 10e825f-10e8267 333->334 341 10e827f-10e8287 call f9de00 334->341 342 10e8269-10e827d 334->342 337 10e82fb-10e8305 call f9de00 335->337 338 10e82e5-10e82f9 335->338 339 10e832e-10e8335 336->339 340 10e8337-10e833d 336->340 343 10e830a-10e831c GetEnvironmentVariableW 337->343 338->343 345 10e8340-10e8369 339->345 340->345 346 10e828c-10e829c GetUserNameW 341->346 342->346 343->336 348 10e836b-10e8373 call f97160 345->348 349 10e8378-10e83ad call f97050 * 2 345->349 346->332 348->349 355 10e83af-10e83c1 349->355 356 10e83e1-10e83fe 349->356 357 10e83d7-10e83de call 11446a8 355->357 358 10e83c3-10e83d1 355->358 359 10e842e-10e845e call 114469a 356->359 360 10e8400-10e8412 356->360 357->356 358->357 361 10e845f-10e84de call 1149b1f call 10e8910 call 10a88d0 call f978a0 358->361 363 10e8424-10e842b call 11446a8 360->363 364 10e8414-10e8422 360->364 378 10e8509-10e850f 361->378 379 10e84e0-10e8501 call 1096c10 361->379 363->359 364->361 364->363 381 10e8513-10e8548 RegDeleteValueW call f978a0 * 2 378->381 382 10e8511 378->382 383 10e8506 379->383 388 10e854a-10e854d RegCloseKey 381->388 389 10e8554-10e85db call f97160 call 10a88d0 381->389 382->381 383->378 388->389 394 10e860f-10e8626 389->394 395 10e85dd-10e85ef 389->395 398 10e864e-10e86b3 call 10e8ad0 call 10a88d0 RegQueryInfoKeyW 394->398 399 10e8628-10e8649 call 1096c10 394->399 396 10e8605-10e860c call 11446a8 395->396 397 10e85f1-10e85ff 395->397 396->394 397->396 400 10e8904 call 1149b1f 397->400 411 10e86fa-10e8724 call f978a0 * 2 398->411 412 10e86b5-10e86df call f978a0 * 2 398->412 399->398 408 10e8909-10e890f call 1149b1f 400->408 424 10e8726-10e8729 RegCloseKey 411->424 425 10e8733-10e8741 411->425 422 10e86ee-10e86f8 412->422 423 10e86e1-10e86e4 RegCloseKey 412->423 428 10e874f-10e8782 call f978a0 * 3 422->428 423->422 424->425 426 10e8745-10e8749 RegDeleteKeyW 425->426 427 10e8743 425->427 426->428 427->426 435 10e878e-10e87f6 call f97160 call 10a88d0 428->435 436 10e8784-10e8787 RegCloseKey 428->436 441 10e882a-10e8846 435->441 442 10e87f8-10e880a 435->442 436->435 445 10e8848-10e887a call 1096c10 441->445 446 10e8880-10e8884 441->446 443 10e880c-10e881a 442->443 444 10e8820-10e8827 call 11446a8 442->444 443->408 443->444 444->441 445->446 449 10e8888-10e88a6 RegDeleteValueW call f978a0 446->449 450 10e8886 446->450 454 10e88ab-10e88c9 call f978a0 449->454 450->449 457 10e88cb-10e88ce RegCloseKey 454->457 458 10e88d8-10e8903 call 114469a 454->458 457->458
                                                                                                    APIs
                                                                                                    • GetUserNameW.ADVAPI32(00000000,?), ref: 010E824E
                                                                                                    • GetLastError.KERNEL32 ref: 010E8254
                                                                                                    • GetUserNameW.ADVAPI32(00000000,?), ref: 010E829C
                                                                                                    • GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000), ref: 010E82D2
                                                                                                    • GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000,00000000,00000000), ref: 010E831C
                                                                                                    • RegDeleteValueW.KERNEL32(?,?,00000000,80000001,00000001,00000000,8C278AEA,00000000,?), ref: 010E8515
                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,8C278AEA,00000000,?), ref: 010E854B
                                                                                                    • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 010E86A0
                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,8C278AEA,00000000), ref: 010E86E2
                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,8C278AEA,00000000), ref: 010E8727
                                                                                                    • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 010E8749
                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,8C278AEA,00000000), ref: 010E8785
                                                                                                    • RegDeleteValueW.KERNEL32(?,?,00000000,80000001,00000001,00000000,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000031,?,00000000,80000001,00000001,00000000,8C278AEA,00000000), ref: 010E888A
                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,00000000,80000001,00000001,00000000,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000031,?,00000000,80000001,00000001,00000000,8C278AEA,00000000), ref: 010E88CC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Close$Delete$EnvironmentNameUserValueVariable$ErrorInfoLastQuery
                                                                                                    • String ID: Software$Software\Microsoft\Windows\CurrentVersion\RunOnce$UserDomain
                                                                                                    • API String ID: 1615433478-4079418357
                                                                                                    • Opcode ID: 4e9ce11b953f4bcc8066d39b3b544523ffe76f9160b9a58c0c9dafa8f0dcbac5
                                                                                                    • Instruction ID: b79845d766c0443893efce071c5be55733c4dbb88c1e6d0549b292aa85955a08
                                                                                                    • Opcode Fuzzy Hash: 4e9ce11b953f4bcc8066d39b3b544523ffe76f9160b9a58c0c9dafa8f0dcbac5
                                                                                                    • Instruction Fuzzy Hash: DE225A70910209DFEF28DFA4CC99BEEBBB4BF14314F24815DE545A7290DB745A48CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010C4CA0 Relevance: 27.5, APIs: 11, Strings: 4, Instructions: 1259COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • GetTickCount.KERNEL32 ref: 010C4D24
                                                                                                    • __Xtime_get_ticks.LIBCPMT ref: 010C4D2C
                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010C4D76
                                                                                                    • __Init_thread_footer.LIBCMT ref: 010C4F64
                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?), ref: 010C517A
                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,?,?), ref: 010C5187
                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?), ref: 010C51A7
                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?), ref: 010C51D2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footerProcess$Token$CloseCountCurrentHandleHeapInformationOpenTickUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                                                    • String ID: /uninstall$VersionString$\/:*?"<>|$\\?\
                                                                                                    • API String ID: 3363527671-654522458
                                                                                                    • Opcode ID: 5a557ea5a7d4d4c1fb5a4ec5e4a0232a254fdefd8f0620d7d9a894111fba5587
                                                                                                    • Instruction ID: 75ac48b7f381f1bd594c0ca52c123fbad5831641173e4fe70aa7105e955f7b83
                                                                                                    • Opcode Fuzzy Hash: 5a557ea5a7d4d4c1fb5a4ec5e4a0232a254fdefd8f0620d7d9a894111fba5587
                                                                                                    • Instruction Fuzzy Hash: 43B2BC30A00609DFEB14DFA8CC48BAEBBF5BF44714F14829DE855AB291DB74A905CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010ACF90 Relevance: 16.6, APIs: 11, Instructions: 117memoryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1597 10acf90-10acfed GetCurrentProcess OpenProcessToken 1599 10acfef-10acff7 GetLastError 1597->1599 1600 10acffc-10ad01d GetTokenInformation 1597->1600 1601 10ad0ba-10ad0cd 1599->1601 1602 10ad04b-10ad04f 1600->1602 1603 10ad01f-10ad028 GetLastError 1600->1603 1607 10ad0cf-10ad0d6 FindCloseChangeNotification 1601->1607 1608 10ad0dd-10ad0f9 call 114469a 1601->1608 1605 10ad09e GetLastError 1602->1605 1606 10ad051-10ad080 AllocateAndInitializeSid 1602->1606 1604 10ad02a-10ad049 call 10ada90 GetTokenInformation 1603->1604 1603->1605 1604->1602 1604->1605 1611 10ad0a4 1605->1611 1610 10ad082-10ad09c EqualSid FreeSid 1606->1610 1606->1611 1607->1608 1614 10ad0a6-10ad0b3 call 1144f55 1610->1614 1611->1614 1614->1601
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32 ref: 010ACFD8
                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 010ACFE5
                                                                                                    • GetLastError.KERNEL32 ref: 010ACFEF
                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,000000FF), ref: 010AD019
                                                                                                    • GetLastError.KERNEL32 ref: 010AD01F
                                                                                                    • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),000000FF,000000FF,000000FF,000000FF), ref: 010AD045
                                                                                                    • AllocateAndInitializeSid.ADVAPI32(00000000,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 010AD078
                                                                                                    • EqualSid.ADVAPI32(00000000,?), ref: 010AD087
                                                                                                    • FreeSid.ADVAPI32(?), ref: 010AD096
                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000), ref: 010AD0D0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Token$ErrorInformationLastProcess$AllocateChangeCloseCurrentEqualFindFreeInitializeNotificationOpen
                                                                                                    • String ID:
                                                                                                    • API String ID: 2037597787-0
                                                                                                    • Opcode ID: dc98927bc561d3d1a23e183ba8665bd2065f6bf19c4f6cca21ab0335e62e3077
                                                                                                    • Instruction ID: 9fe87f477357de12834d6d5218fbf46570d7197c38f8465e3f5af89e5a6b3da2
                                                                                                    • Opcode Fuzzy Hash: dc98927bc561d3d1a23e183ba8665bd2065f6bf19c4f6cca21ab0335e62e3077
                                                                                                    • Instruction Fuzzy Hash: 37418771940219EFEF24CFE4C848BEEBBB8EF08314F504059E810B2690D7799A04CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010D0640 Relevance: 15.8, APIs: 10, Instructions: 792COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$HeapProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 275895251-0
                                                                                                    • Opcode ID: 844618260cbf9b4d784b50c7bc30ca247cf03ee06164ef9324482d533bb01d04
                                                                                                    • Instruction ID: 98288996ab232982f3617f7a88f5f70673d655b19caad4b21b7b96879580557f
                                                                                                    • Opcode Fuzzy Hash: 844618260cbf9b4d784b50c7bc30ca247cf03ee06164ef9324482d533bb01d04
                                                                                                    • Instruction Fuzzy Hash: 2272BF30A0034ADFEB14DFA8C888BDDBBF4BF45314F148299E559AB295DB74A944CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AE740 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryW.KERNEL32(ComCtl32.dll,8C278AEA,?,?,00000000), ref: 010AE77E
                                                                                                    • GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 010AE7A1
                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 010AE81F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                    • String ID: ComCtl32.dll$LoadIconMetric
                                                                                                    • API String ID: 145871493-764666640
                                                                                                    • Opcode ID: 613f50a9401736caffa3bbf090c28bfaa1cd15ca561b1c5c95f8089dcd352da1
                                                                                                    • Instruction ID: 21aab9a67e97262d719329337901b2b6521e05033388c88fa1fb8020ad96146a
                                                                                                    • Opcode Fuzzy Hash: 613f50a9401736caffa3bbf090c28bfaa1cd15ca561b1c5c95f8089dcd352da1
                                                                                                    • Instruction Fuzzy Hash: A9316F71A00259ABEF148FA9DC48BAEBFFCEB48750F404269F925E7280D77589008B90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DB860 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 010DB93A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DiskFreeSpace
                                                                                                    • String ID: \$\$\
                                                                                                    • API String ID: 1705453755-3791832595
                                                                                                    • Opcode ID: 83386aabbca5e07e7487e6f96dcb3c6d2930da169822b26e5eb0553d2690aaad
                                                                                                    • Instruction ID: 837bb0202e3d9e71eb5754d27e7dfe60de75fca38e976271655dee4577f67d92
                                                                                                    • Opcode Fuzzy Hash: 83386aabbca5e07e7487e6f96dcb3c6d2930da169822b26e5eb0553d2690aaad
                                                                                                    • Instruction Fuzzy Hash: F941D462E14395CBCB70DF28C4416ABF7E4FF8A254F164A6EE9D897040E7708985C3C6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01067A10 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 01067A51
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                      • Part of subcall function 00F992A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00FB1134,00000000,?,00000010,?,*.*,?,80070057), ref: 00F992C3
                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000000,011A0D6D,000000FF), ref: 01067B24
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$DirectoryFindHeapLibraryLoadProcessResourceSystem
                                                                                                    • String ID: UxTheme.dll
                                                                                                    • API String ID: 2586271605-352951104
                                                                                                    • Opcode ID: d7abb6c10d74a1842b4212add4f04715a783a66cb034d91746129304f6acf2fe
                                                                                                    • Instruction ID: 99a57e1fa2a051063d61d16976bb28b5dcd2bdad3873b1de6ce593a31b7acc03
                                                                                                    • Opcode Fuzzy Hash: d7abb6c10d74a1842b4212add4f04715a783a66cb034d91746129304f6acf2fe
                                                                                                    • Instruction Fuzzy Hash: 7EA18AB0501745EFE718CF68C858B9ABBF4FF04308F14825DD9699B681D7BAA618CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01144245 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008,00000000,010D35FE,?,?,?,?,?,?), ref: 0114424A
                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?), ref: 01144251
                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 01144297
                                                                                                    • HeapFree.KERNEL32(00000000,?,?,?,?,?,?), ref: 0114429E
                                                                                                      • Part of subcall function 011440E3: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,0114428D,?,?,?,?,?,?,?), ref: 01144107
                                                                                                      • Part of subcall function 011440E3: HeapAlloc.KERNEL32(00000000,?,0114428D,?,?,?,?,?,?,?), ref: 0114410E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$Process$Alloc$Free
                                                                                                    • String ID:
                                                                                                    • API String ID: 1864747095-0
                                                                                                    • Opcode ID: 26a0a612abf9dd0ff1e071638e2871f36c105f3d6f764f5c955b3d972cc10b48
                                                                                                    • Instruction ID: 096571c0babe6725dbc32664d79407fd0d5ec639d5ba94b19a9d69df78bd6373
                                                                                                    • Opcode Fuzzy Hash: 26a0a612abf9dd0ff1e071638e2871f36c105f3d6f764f5c955b3d972cc10b48
                                                                                                    • Instruction Fuzzy Hash: 8AF02472A04A128BD73D2BFC780CF6E3D68AF80FA57024138F566D6508CF30C4418761
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AB1B0 Relevance: 4.6, APIs: 3, Instructions: 93fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(?,?,?,?), ref: 010AB24D
                                                                                                    • FindClose.KERNEL32(00000000), ref: 010AB2AC
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 1673784098-0
                                                                                                    • Opcode ID: 4337654a535712f64e3726bbc114ffd3cea58c838e631507ded35e78055508d3
                                                                                                    • Instruction ID: fc58e3a337b9660b8a93730621c48707c88dfad8d20a22bf2beba62687e0e526
                                                                                                    • Opcode Fuzzy Hash: 4337654a535712f64e3726bbc114ffd3cea58c838e631507ded35e78055508d3
                                                                                                    • Instruction Fuzzy Hash: 9C31AF71904618DFDB28DF99C848BAEBBF4EF45328F5082AFD959A7380D7319944CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010E98C0 Relevance: 3.1, APIs: 2, Instructions: 86filepipeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateNamedPipeW.KERNEL32(?,00000003,00000006,000000FF,00007F90,00007F90,00001388,00000000,?,8C278AEA,8C278AEA,?,?,?,?,00000000), ref: 010E9949
                                                                                                    • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000,?,8C278AEA,8C278AEA,?,?,?,?,00000000,011B83A5), ref: 010E996A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Create$FileNamedPipe
                                                                                                    • String ID:
                                                                                                    • API String ID: 1328467360-0
                                                                                                    • Opcode ID: f82bf0ee2f1d00cc1cd3999114c9f947a7f7251bc55fb07fdd6d489016fb10e8
                                                                                                    • Instruction ID: e58f470d0025f3b4f94f578e6a62c210c498e82c756f7ba5aee6b14f6e0c949c
                                                                                                    • Opcode Fuzzy Hash: f82bf0ee2f1d00cc1cd3999114c9f947a7f7251bc55fb07fdd6d489016fb10e8
                                                                                                    • Instruction Fuzzy Hash: 0631F731A48746AFE731CF19DC05B99BFE8EB01720F10866EF9A5976D0D775A540CB40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FCAEA0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __set_se_translator.LIBVCRUNTIME ref: 00FCAEB8
                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(010AA060), ref: 00FCAECE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFilterUnhandled__set_se_translator
                                                                                                    • String ID:
                                                                                                    • API String ID: 2480343447-0
                                                                                                    • Opcode ID: 9d0b2e0582b232ac3c9aad4dad787a129e07de87fc1a36c331c91f485d300180
                                                                                                    • Instruction ID: 76d47cd7c53ee0907d96e04881872ec1c9270e7a83043b5e13649ef7da0a0510
                                                                                                    • Opcode Fuzzy Hash: 9d0b2e0582b232ac3c9aad4dad787a129e07de87fc1a36c331c91f485d300180
                                                                                                    • Instruction Fuzzy Hash: FFE08636A40254AFCB206792A84DF5A3F94EBA6B2DF054459F14467140C7B09844D7B2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010EF0D0 Relevance: .2, Instructions: 154COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$HeapProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 275895251-0
                                                                                                    • Opcode ID: ec95854e7dc8d13e923f8cf8089ad217f4590993dbf7f23f0425874bcbb66f87
                                                                                                    • Instruction ID: fd7b69152a9a591c52284f2cd1c12da3909216d4138e58f10d79b80159888729
                                                                                                    • Opcode Fuzzy Hash: ec95854e7dc8d13e923f8cf8089ad217f4590993dbf7f23f0425874bcbb66f87
                                                                                                    • Instruction Fuzzy Hash: FD6138B0500745CFEB54CF69C54838ABFE0FF08318F14899DD58A9B782D7B9A509DB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B0410 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 247registrylibraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 010B047E
                                                                                                    • RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 010B04C5
                                                                                                    • RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 010B04E4
                                                                                                    • RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 010B0513
                                                                                                    • RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 010B0588
                                                                                                    • RegQueryValueExW.ADVAPI32(00000000,BuildBranch,00000000,00000000,?,?), ref: 010B05F1
                                                                                                    • RegQueryValueExW.KERNEL32(00000000,ReleaseId,00000000,00000000,?,?), ref: 010B0654
                                                                                                    • RegQueryValueExW.KERNEL32(00000000,CSDVersion,00000000,00000000,?,?), ref: 010B06A6
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 010B0743
                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 010B074A
                                                                                                    • __Init_thread_footer.LIBCMT ref: 010B075E
                                                                                                    • GetCurrentProcess.KERNEL32(?), ref: 010B0781
                                                                                                    • IsWow64Process.KERNEL32(00000000), ref: 010B0788
                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 010B07C2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$Process$AddressCloseCurrentHandleInit_thread_footerModuleOpenProcWow64
                                                                                                    • String ID: BuildBranch$CSDVersion$CurrentBuildNumber$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$IsWow64Process$ReleaseId$Software\Microsoft\Windows NT\CurrentVersion$co_release$kernel32$rs_prerelease
                                                                                                    • API String ID: 1906320730-525127412
                                                                                                    • Opcode ID: 2caba34d8b71e80df07bc029dde537fb613c06d113d8ffc8e3da1b10a1622a4f
                                                                                                    • Instruction ID: 1a249223c282ea6c55663a10c1191431b4ee6b49d4979b16511c2765881e3d28
                                                                                                    • Opcode Fuzzy Hash: 2caba34d8b71e80df07bc029dde537fb613c06d113d8ffc8e3da1b10a1622a4f
                                                                                                    • Instruction Fuzzy Hash: 45A18E71940718DEDF60DF24DC88BDAB7F8FB04705F0041EAE589A6284EB749A84CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B07F0 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 220registryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 51 10b07f0-10b0868 RegOpenKeyExW 53 10b086e-10b089f RegQueryValueExW 51->53 54 10b0ad2-10b0aeb 51->54 57 10b08ef-10b091a RegQueryValueExW 53->57 58 10b08a1-10b08b3 call 10b5e40 53->58 55 10b0afe-10b0b19 call 114469a 54->55 56 10b0aed-10b0af4 RegCloseKey 54->56 56->55 57->54 59 10b0920-10b0931 57->59 66 10b08b5-10b08c2 58->66 67 10b08c4-10b08db call 10b5e40 58->67 63 10b093d-10b093f 59->63 64 10b0933-10b093b 59->64 63->54 68 10b0945-10b094c 63->68 64->63 64->64 69 10b08ea 66->69 74 10b08dd 67->74 75 10b08e2-10b08e8 67->75 71 10b0950-10b095e call 10b5e40 68->71 69->57 77 10b0969-10b0977 call 10b5e40 71->77 78 10b0960-10b0964 71->78 74->75 75->69 83 10b0979-10b097d 77->83 84 10b0982-10b0990 call 10b5e40 77->84 79 10b0aa4 78->79 82 10b0aab-10b0ab8 79->82 85 10b0aca-10b0acc 82->85 86 10b0aba 82->86 83->79 90 10b099b-10b09a9 call 10b5e40 84->90 91 10b0992-10b0996 84->91 85->54 85->71 88 10b0ac0-10b0ac8 86->88 88->85 88->88 94 10b09ab-10b09af 90->94 95 10b09b4-10b09c2 call 10b5e40 90->95 91->79 94->79 98 10b09cd-10b09db call 10b5e40 95->98 99 10b09c4-10b09c8 95->99 102 10b09dd-10b09e1 98->102 103 10b09e6-10b09f4 call 10b5e40 98->103 99->79 102->79 106 10b09ff-10b0a0d call 10b5e40 103->106 107 10b09f6-10b09fa 103->107 110 10b0a19-10b0a27 call 10b5e40 106->110 111 10b0a0f-10b0a14 106->111 107->79 115 10b0a29-10b0a2e 110->115 116 10b0a30-10b0a3e call 10b5e40 110->116 112 10b0aa1 111->112 112->79 115->112 119 10b0a40-10b0a45 116->119 120 10b0a47-10b0a55 call 10b5e40 116->120 119->112 123 10b0a5e-10b0a6c call 10b5e40 120->123 124 10b0a57-10b0a5c 120->124 127 10b0a6e-10b0a73 123->127 128 10b0a75-10b0a83 call 10b5e40 123->128 124->112 127->112 131 10b0a8c-10b0a9a call 10b5e40 128->131 132 10b0a85-10b0a8a 128->132 131->82 135 10b0a9c 131->135 132->112 135->112
                                                                                                    APIs
                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,SYSTEM\CurrentControlSet\Control\ProductOptions,00000000,00020119,00000000), ref: 010B0860
                                                                                                    • RegQueryValueExW.KERNEL32(00000000,ProductType,00000000,00000000,?), ref: 010B089B
                                                                                                    • RegQueryValueExW.KERNEL32(00000000,ProductSuite,00000000,00000000,?,?), ref: 010B0916
                                                                                                    • RegCloseKey.KERNEL32(00000000), ref: 010B0AEE
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: QueryValue$CloseOpen
                                                                                                    • String ID: BackOffice$Blade$CommunicationServer$Compute Server$DataCenter$Embedded(Restricted)$EmbeddedNT$Enterprise$Personal$ProductSuite$ProductType$SYSTEM\CurrentControlSet\Control\ProductOptions$Security Appliance$ServerNT$Small Business$Small Business(Restricted)$Storage Server$Terminal Server$WinNT
                                                                                                    • API String ID: 1586453840-3149529848
                                                                                                    • Opcode ID: dcdc006284f9c65972b3e40fdfa1080b78efb2be11c84bea5ca31bc5b57f790f
                                                                                                    • Instruction ID: b10400ea9e61833bda53d04d322322fbbe732e11c8ab67768c15d9c9259c52ea
                                                                                                    • Opcode Fuzzy Hash: dcdc006284f9c65972b3e40fdfa1080b78efb2be11c84bea5ca31bc5b57f790f
                                                                                                    • Instruction Fuzzy Hash: 507107307043098AEB6A9A24CDC4BEF76F9FB40304F4085F5A995AB78AEB34DD45CB45
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010BFE70 Relevance: 39.1, APIs: 12, Strings: 10, Instructions: 599libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?,SystemFolder,0000000C,?,?,?), ref: 010C0075
                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 010C0170
                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104,WindowsFolder,0000000D,?,?,?), ref: 010C0270
                                                                                                    • GetWindowsDirectoryW.KERNEL32(?,00000104,WindowsVolume,0000000D,?,?,?), ref: 010C0355
                                                                                                    • GetTempPathW.KERNEL32(00000104,?,WindowsVolume,0000000D,?,?,?), ref: 010C03CB
                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,WindowsVolume,0000000D,?,?,?), ref: 010C0454
                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,?,WindowsVolume,0000000D,?,?,?), ref: 010C0532
                                                                                                    • __Init_thread_footer.LIBCMT ref: 010C05A6
                                                                                                    • LoadLibraryW.KERNEL32(shfolder.dll,?,?,?), ref: 010C05BC
                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 010C05EE
                                                                                                    • SHGetPathFromIDListW.SHELL32(?,?), ref: 010C065C
                                                                                                    • SHGetMalloc.SHELL32(00000000), ref: 010C0675
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DirectoryPath$FolderWindows$AddressAllocateFileFromHeapInit_thread_footerLibraryListLoadLocationMallocModuleNameProcSpecialSystemTemp
                                                                                                    • String ID: ProgramFiles64Folder$ProgramW6432$SETUPEXEDIR$SHGetFolderPathW$System32Folder$SystemFolder$TempFolder$WindowsFolder$WindowsVolume$shfolder.dll
                                                                                                    • API String ID: 3671250-2142986682
                                                                                                    • Opcode ID: e7d55de68f55e9669d03b14056ecc1bdc4c600a9ed5885a4258ccb7939d844f3
                                                                                                    • Instruction ID: b36f7bcc1aebad0705c674c4e4aaa49a3b24017f6677f49e4a12337faac70228
                                                                                                    • Opcode Fuzzy Hash: e7d55de68f55e9669d03b14056ecc1bdc4c600a9ed5885a4258ccb7939d844f3
                                                                                                    • Instruction Fuzzy Hash: 85221274600206CBEB64DF68CC84BAEB7B5EF54B14F5442DCF5869B295EB319A80CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01092DF0 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 327libraryloaderfileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 01092F6A
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32,?), ref: 01092FAC
                                                                                                    • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 01092FF4
                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDllDirectory), ref: 0109304C
                                                                                                    • __Init_thread_footer.LIBCMT ref: 0109305C
                                                                                                    • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 010930A4
                                                                                                    • __Init_thread_footer.LIBCMT ref: 01093004
                                                                                                      • Part of subcall function 01144B58: EnterCriticalSection.KERNEL32(01257FD8,00000000,?,010B3CA1,01259C74), ref: 01144B62
                                                                                                      • Part of subcall function 01144B58: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3CA1,01259C74), ref: 01144B95
                                                                                                      • Part of subcall function 01144B58: RtlWakeAllConditionVariable.NTDLL ref: 01144C0C
                                                                                                    • __Init_thread_footer.LIBCMT ref: 010930B4
                                                                                                      • Part of subcall function 01067A10: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 01067A51
                                                                                                    Strings
                                                                                                    • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1del "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r ", xrefs: 01092E87
                                                                                                    • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1rd "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r ", xrefs: 01092E80, 01092E8F
                                                                                                    • SetDefaultDllDirectories, xrefs: 0109309E
                                                                                                    • kernel32, xrefs: 01092FA7
                                                                                                    • SetDllDirectory, xrefs: 01093046
                                                                                                    • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try del "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls, xrefs: 01092E62
                                                                                                    • @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try rd "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls, xrefs: 01092E67, 01092E6F
                                                                                                    • kernel32.dll, xrefs: 010931AF
                                                                                                    • SetSearchPathMode, xrefs: 01092FEE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$AddressProc$CriticalSection$ConditionDirectoryEnterFileHandleHeapLeaveModuleMoveProcessSystemVariableWake
                                                                                                    • String ID: @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try del "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try rd "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1rd "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r "$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1del "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r "$SetDefaultDllDirectories$SetDllDirectory$SetSearchPathMode$kernel32$kernel32.dll
                                                                                                    • API String ID: 3437638698-3455668873
                                                                                                    • Opcode ID: 1b186c904f03d4fa5222884c52869414ad7b82d12d63ecc53bbb859bdad9ae89
                                                                                                    • Instruction ID: a3d6c900a197653ac2c87d5332a8f3b3a5f88930524405388d819a0334aaad32
                                                                                                    • Opcode Fuzzy Hash: 1b186c904f03d4fa5222884c52869414ad7b82d12d63ecc53bbb859bdad9ae89
                                                                                                    • Instruction Fuzzy Hash: BAE14BB0900689DFDF28DFA8D948BDEBBE4FB14318F108159E858AB251D7349948CF51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010C6470 Relevance: 25.3, APIs: 3, Strings: 11, Instructions: 773COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 916 10c6470-10c64b0 call 10e9820 call f99cc0 921 10c64b6-10c64d2 916->921 922 10c6847-10c688d call f99980 916->922 926 10c64df-10c64e6 call f99800 921->926 927 10c64d4-10c64dd call f992a0 921->927 928 10c688f-10c6898 call f99cc0 922->928 929 10c68f3-10c6905 922->929 933 10c64eb-10c651e call 1144f55 926->933 927->933 937 10c689a-10c68e9 call fb0880 call 10aa3c0 call 10dcf60 928->937 938 10c6906-10c6971 call f99980 call 10dbe40 928->938 942 10c655e-10c6567 call f99cc0 933->942 943 10c6520-10c6523 933->943 937->929 975 10c68eb-10c68ee 937->975 953 10c6b7f-10c6b85 938->953 954 10c6977-10c6983 call f99cc0 938->954 942->922 957 10c656d-10c6587 call fcd5a0 942->957 943->942 946 10c6525-10c6538 WideCharToMultiByte 943->946 946->942 950 10c653a-10c6558 call 1144f5a WideCharToMultiByte 946->950 950->942 960 10c6b88-10c6b90 953->960 967 10c6989-10c699d 954->967 968 10c6e97-10c6e9c call f99980 954->968 981 10c6589-10c658d call 1095310 957->981 982 10c6592-10c659f call f99cc0 957->982 964 10c6dab-10c6db2 960->964 965 10c6b96-10c6b9b 960->965 969 10c6db8-10c6dc1 call f99cc0 964->969 970 10c6e6a-10c6e6d call 10d25a0 964->970 965->964 972 10c6ba1-10c6bca call 10cb6b0 call f99cc0 965->972 990 10c699f-10c69a5 967->990 991 10c69d1 967->991 980 10c6ea1-10c6ea6 call f99980 968->980 992 10c6eb5-10c6ebf call f99980 969->992 993 10c6dc7-10c6dff call fb0880 call 10d30d0 969->993 986 10c6e72-10c6e96 call 114469a 970->986 972->968 1010 10c6bd0-10c6bea call fcd5a0 972->1010 975->929 996 10c6eab-10c6eb0 call f99980 980->996 981->982 982->922 1005 10c65a5-10c65b9 982->1005 999 10c69b5-10c69ba 990->999 1000 10c69a7-10c69b3 call f992a0 990->1000 1003 10c69d3-10c69d8 call f99800 991->1003 1034 10c6e1f-10c6e41 call 10dcf60 993->1034 1035 10c6e01-10c6e03 993->1035 996->992 1009 10c69c0-10c69c9 999->1009 1012 10c69dd-10c6a13 call 10ae510 call 10d2f70 call 10d2990 1000->1012 1003->1012 1022 10c65bb-10c65c1 1005->1022 1023 10c65d1-10c65d5 call 1094b40 1005->1023 1009->1009 1015 10c69cb-10c69cf 1009->1015 1030 10c6bec-10c6bf0 call 1095310 1010->1030 1031 10c6bf5-10c6c01 1010->1031 1055 10c6a15-10c6a20 call 10d2940 1012->1055 1056 10c6a63-10c6a81 call 10d2b40 1012->1056 1015->1003 1022->1023 1027 10c65c3-10c65cf call f992a0 1022->1027 1036 10c65da-10c6619 call 10a0490 call 10e98c0 1023->1036 1027->1036 1030->1031 1039 10c6c0c-10c6c25 1031->1039 1040 10c6c03-10c6c09 call 114e536 1031->1040 1052 10c6e4b-10c6e60 1034->1052 1053 10c6e43-10c6e46 1034->1053 1043 10c6e06-10c6e0f 1035->1043 1064 10c661b-10c661e 1036->1064 1065 10c6623-10c6637 1036->1065 1062 10c6c27 1039->1062 1063 10c6c80-10c6c87 1039->1063 1040->1039 1043->1043 1049 10c6e11-10c6e1a call fb0880 1043->1049 1049->1034 1052->970 1060 10c6e62-10c6e65 1052->1060 1053->1052 1055->1056 1075 10c6a22-10c6a29 1055->1075 1071 10c6a87-10c6a90 call f99cc0 1056->1071 1072 10c6b52-10c6b66 1056->1072 1060->970 1070 10c6c30-10c6c42 call 10c11d0 1062->1070 1068 10c6ced 1063->1068 1069 10c6c89-10c6c92 call f99cc0 1063->1069 1064->1065 1073 10c6639-10c663c 1065->1073 1074 10c6641-10c6652 1065->1074 1076 10c6cf0-10c6d04 1068->1076 1069->980 1094 10c6c98-10c6ce1 call fb0880 call 10aa3c0 call 10dcf60 1069->1094 1097 10c6c58-10c6c5a 1070->1097 1098 10c6c44-10c6c56 call 10c11d0 1070->1098 1071->968 1104 10c6a96-10c6abd call fb0880 call f99cc0 1071->1104 1079 10c6b68-10c6b6b 1072->1079 1080 10c6b70-10c6b74 1072->1080 1073->1074 1082 10c665c-10c668b call 1144f55 1074->1082 1083 10c6654-10c6657 1074->1083 1084 10c6a30-10c6a36 1075->1084 1085 10c6d0e-10c6d10 1076->1085 1086 10c6d06-10c6d09 1076->1086 1079->1080 1080->986 1089 10c6b7a-10c6b7d 1080->1089 1112 10c668d-10c6690 1082->1112 1113 10c6695-10c6699 1082->1113 1083->1082 1092 10c6a38-10c6a3b 1084->1092 1093 10c6a56-10c6a58 1084->1093 1095 10c6da8 1085->1095 1096 10c6d16-10c6d36 call 10d2b40 1085->1096 1086->1085 1089->960 1106 10c6a3d-10c6a45 1092->1106 1107 10c6a52-10c6a54 1092->1107 1101 10c6a5b-10c6a5d 1093->1101 1094->1076 1154 10c6ce3-10c6ceb 1094->1154 1095->964 1096->986 1115 10c6d3c-10c6d45 call f99cc0 1096->1115 1102 10c6c5c-10c6c5e 1097->1102 1103 10c6c64-10c6c7a 1097->1103 1098->1097 1101->1056 1101->1072 1102->1103 1111 10c6c60-10c6c62 1102->1111 1103->1070 1125 10c6c7c 1103->1125 1104->968 1149 10c6ac3-10c6aeb call f98d40 1104->1149 1106->1093 1114 10c6a47-10c6a50 1106->1114 1107->1101 1111->1103 1116 10c6c7e 1111->1116 1112->1113 1120 10c669b-10c66af call 10d1c20 call f99cc0 1113->1120 1121 10c66f3-10c675d SetEvent call 10e9ea0 1113->1121 1114->1084 1114->1107 1115->996 1137 10c6d4b-10c6d95 call fb0880 call 10aa3c0 call 10dcf60 1115->1137 1116->1063 1120->922 1147 10c66b5 1120->1147 1133 10c67e8-10c6801 call 10e9dc0 1121->1133 1134 10c6763-10c6774 call 10d1c20 call f99cc0 1121->1134 1125->1063 1145 10c6806-10c6818 1133->1145 1134->922 1160 10c677a-10c67c0 call 10cd520 call 10e9b50 1134->1160 1137->986 1181 10c6d9b-10c6da3 1137->1181 1152 10c681a-10c681d 1145->1152 1153 10c6822-10c6844 call 10e99c0 1145->1153 1158 10c66ba-10c66ee call 10d38e0 call 10cd520 SetEvent 1147->1158 1171 10c6aed-10c6aef 1149->1171 1172 10c6b0b-10c6b1c 1149->1172 1152->1153 1154->1076 1158->1145 1190 10c67ca-10c67de 1160->1190 1191 10c67c2-10c67c5 1160->1191 1174 10c6af2-10c6afb 1171->1174 1176 10c6b1e-10c6b21 1172->1176 1177 10c6b26-10c6b48 call 10dcf60 1172->1177 1174->1174 1182 10c6afd-10c6b06 call fb0880 1174->1182 1176->1177 1177->1072 1189 10c6b4a-10c6b4d 1177->1189 1181->986 1182->1172 1189->1072 1190->1133 1192 10c67e0-10c67e3 1190->1192 1191->1190 1192->1133
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 010C652E
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 010C6558
                                                                                                      • Part of subcall function 00F992A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00FB1134,00000000,?,00000010,?,*.*,?,80070057), ref: 00F992C3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharInit_thread_footerMultiWide$FindHeapProcessResource
                                                                                                    • String ID: %hu$A valid language was received from commnad line. This is:$AI_BOOTSTRAPPERLANGS$Advinst_Extract_$Code returned to Windows by setup:$Language of a related product is:$Language selected programatically for UI:$Language used for UI:$Languages of setup:$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$Software\Caphyon\Advanced Installer\
                                                                                                    • API String ID: 1419962739-297406034
                                                                                                    • Opcode ID: ee3c245041482cb03042951a48020c97ebeb382e891819d41424cc5968279d79
                                                                                                    • Instruction ID: 92060b93279c910649413f56e37483c6c91f3fcd1ded46dfc9387ae5a3772185
                                                                                                    • Opcode Fuzzy Hash: ee3c245041482cb03042951a48020c97ebeb382e891819d41424cc5968279d79
                                                                                                    • Instruction Fuzzy Hash: DF52D17090064A9BEB24DBACCC54BAEBBF4EF44714F1481ACE955AB391EB359904CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010C6130 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 648threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetActiveWindow.USER32 ref: 010C6300
                                                                                                    • SetLastError.KERNEL32(0000000E), ref: 010C631D
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 010C6335
                                                                                                    • EnterCriticalSection.KERNEL32(0125957C), ref: 010C6352
                                                                                                    • LeaveCriticalSection.KERNEL32(0125957C), ref: 010C6375
                                                                                                    • DialogBoxParamW.USER32(000007D0,00000000,01006090,00000000), ref: 010C6392
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 010C652E
                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 010C6558
                                                                                                      • Part of subcall function 01094B40: MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,00000000,00000000,?,?,01259384,010DDA40,?), ref: 01094B58
                                                                                                      • Part of subcall function 01094B40: MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,?,-00000001), ref: 01094B8A
                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,00000001), ref: 010C66E8
                                                                                                    • SetEvent.KERNEL32(?), ref: 010C6749
                                                                                                      • Part of subcall function 010D1C20: DeleteFileW.KERNEL32(?,?,?,?,?,010C676B,?), ref: 010D1C4B
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$CriticalEventInit_thread_footerSection$ActiveCurrentDeleteDialogEnterErrorFileHeapLastLeaveParamProcessThreadWindow
                                                                                                    • String ID: v$Advinst_Extract_$Code returned to Windows by setup:
                                                                                                    • API String ID: 2923632737-2472245143
                                                                                                    • Opcode ID: edc52e2e4dd1ea44fb6e8fbeec45e5e7d3ec40d01c1b31f2638f344c44b275f6
                                                                                                    • Instruction ID: c8b55694e4c62e96f05611031e123663d4a2ace55f7449a39f44354feb1639a4
                                                                                                    • Opcode Fuzzy Hash: edc52e2e4dd1ea44fb6e8fbeec45e5e7d3ec40d01c1b31f2638f344c44b275f6
                                                                                                    • Instruction Fuzzy Hash: 6D42AD70900249DFEB14DFA8C848BDEBBF8AF15314F1482ADE855AB391DB759A04CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010D3590 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 179threadCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1550 10d3590-10d35c1 1551 10d35c7-10d35e1 GetActiveWindow 1550->1551 1552 10d3786-10d3797 1550->1552 1553 10d35ef-10d35f7 1551->1553 1554 10d35e3-10d35e5 call 10cc1b0 1551->1554 1556 10d35f9-10d3603 call 1144245 1553->1556 1557 10d3612-10d3621 call 1144347 1553->1557 1558 10d35ea KiUserCallbackDispatcher 1554->1558 1556->1557 1563 10d3605-10d360d SetLastError 1556->1563 1564 10d37af-10d37b6 call fa8590 1557->1564 1565 10d3627-10d368c GetCurrentThreadId EnterCriticalSection CreateDialogParamW 1557->1565 1558->1553 1567 10d3692-10d36a9 GetCurrentThreadId 1563->1567 1569 10d37bb-10d37c5 call f99980 1564->1569 1565->1567 1572 10d370e 1567->1572 1573 10d36ab-10d36b2 1567->1573 1574 10d3711-10d3739 SetWindowTextW GetDlgItem SetWindowTextW 1572->1574 1576 10d36c5-10d3702 call 10ae990 call f98d40 1573->1576 1577 10d36b4-10d36c0 call fb11a0 call 10b5480 1573->1577 1574->1552 1578 10d373b-10d3744 call f99cc0 1574->1578 1576->1574 1589 10d3704-10d370c 1576->1589 1577->1576 1578->1569 1587 10d3746-10d3768 call f992a0 1578->1587 1594 10d379a-10d37ad GetDlgItem SetWindowTextW 1587->1594 1595 10d376a-10d377c 1587->1595 1589->1574 1594->1595 1595->1552 1596 10d377e-10d3781 1595->1596 1596->1552
                                                                                                    APIs
                                                                                                    • GetActiveWindow.USER32 ref: 010D35CA
                                                                                                    • SetLastError.KERNEL32(0000000E,?,?,?,?,?,?), ref: 010D3607
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 010D3692
                                                                                                    • SetWindowTextW.USER32(?,?), ref: 010D371C
                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 010D3726
                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 010D3732
                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 010D379F
                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 010D37A7
                                                                                                      • Part of subcall function 010CC1B0: GetDlgItem.USER32(?,00000002), ref: 010CC1D0
                                                                                                      • Part of subcall function 010CC1B0: GetWindowRect.USER32(00000000,?), ref: 010CC1E6
                                                                                                      • Part of subcall function 010CC1B0: ShowWindow.USER32(00000000,00000000,?,?,?,?,?,?,?,010D35EA,?,?,?,?,?,?), ref: 010CC1FF
                                                                                                      • Part of subcall function 010CC1B0: InvalidateRect.USER32(00000000,00000000,00000001,?,?,?,?,?,?,?,010D35EA,?,?), ref: 010CC20A
                                                                                                      • Part of subcall function 010CC1B0: GetDlgItem.USER32(?,000003E9), ref: 010CC21C
                                                                                                      • Part of subcall function 010CC1B0: GetWindowRect.USER32(00000000,?), ref: 010CC232
                                                                                                      • Part of subcall function 010CC1B0: SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000206,?,?,?,?,?,?,?,010D35EA), ref: 010CC275
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Item$RectText$ActiveCurrentErrorInvalidateLastShowThread
                                                                                                    • String ID: v
                                                                                                    • API String ID: 127311041-3261393531
                                                                                                    • Opcode ID: af6936ecadf287ec715e3dbb9d40ad104969ceb37571a920b9c2a8d9e81e0643
                                                                                                    • Instruction ID: defc6db12d5a05fa183ce637bac4765c48c24ff1a0039172c32afd9df5ff8504
                                                                                                    • Opcode Fuzzy Hash: af6936ecadf287ec715e3dbb9d40ad104969ceb37571a920b9c2a8d9e81e0643
                                                                                                    • Instruction Fuzzy Hash: 1261CDB1900705EFDB21DF68DC88B9ABBF4FF04324F148299E9699B295C770A940CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01143FD7 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1843 1143fd7-1143fe2 1844 1143fe4-1143ff0 DecodePointer 1843->1844 1845 1143ff1-1144008 LoadLibraryExA 1843->1845 1846 1144082 1845->1846 1847 114400a-114401f call 1144087 1845->1847 1848 1144084-1144086 1846->1848 1847->1846 1851 1144021-1144036 call 1144087 1847->1851 1851->1846 1854 1144038-114404d call 1144087 1851->1854 1854->1846 1857 114404f-1144064 call 1144087 1854->1857 1857->1846 1860 1144066-1144080 DecodePointer 1857->1860 1860->1848
                                                                                                    APIs
                                                                                                    • DecodePointer.KERNEL32(?,?,?,01144376,01257F88,?,00000000,?,010D361C,?,00000000,00000000,?,?), ref: 01143FE9
                                                                                                    • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,01144376,01257F88,?,00000000,?,010D361C,?,00000000,00000000), ref: 01143FFE
                                                                                                    • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0114407A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DecodePointer$LibraryLoad
                                                                                                    • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                                                                    • API String ID: 1423960858-1745123996
                                                                                                    • Opcode ID: 3fe8ee0619611aba4714ad2c0944fcc0d89e6d4a33fe2b5d03b4b082002f1702
                                                                                                    • Instruction ID: b09b31c4fae456b846a6d72d6d8d56d4760217d89bb6889f61e394555d6f8601
                                                                                                    • Opcode Fuzzy Hash: 3fe8ee0619611aba4714ad2c0944fcc0d89e6d4a33fe2b5d03b4b082002f1702
                                                                                                    • Instruction Fuzzy Hash: 7E01C4305803146BEB2EE719AD07BDA3F585F21F4CF04009CFD0467545E7A18A28C6C6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01093420 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 253COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1861 1093420-109347c call 1093310 call f99cc0 1866 109356d-10935e4 call f99980 FreeLibrary EnterCriticalSection 1861->1866 1867 1093482 1861->1867 1871 109362e-109364f 1866->1871 1872 10935e6-10935ea 1866->1872 1869 1093485-10934b5 call f98d40 call 10ab170 1867->1869 1896 10934ea-10934fa 1869->1896 1897 10934b7-10934ce 1869->1897 1883 109368f-1093697 1871->1883 1884 1093651-1093655 1871->1884 1874 10935fc-10935fe 1872->1874 1875 10935ec-10935f6 DestroyWindow 1872->1875 1874->1871 1878 1093600-1093604 1874->1878 1875->1874 1881 1093615-109362b call 11446a8 1878->1881 1882 1093606-109360f call 114e536 1878->1882 1881->1871 1882->1881 1888 1093699-109369c 1883->1888 1889 10936c3-10936d1 1883->1889 1890 1093657-1093660 call 114e536 1884->1890 1891 1093666-109366b 1884->1891 1888->1889 1900 109369e 1888->1900 1892 10936ed-1093701 call 10959b0 1889->1892 1893 10936d3-10936d7 1889->1893 1890->1891 1894 109367d-109368c call 11446a8 1891->1894 1895 109366d-1093676 call 114e536 1891->1895 1926 1093709-109371a 1892->1926 1927 1093703 1892->1927 1902 10936d9-10936e0 1893->1902 1903 10936e6-10936eb 1893->1903 1894->1883 1895->1894 1910 10934fc-1093500 1896->1910 1911 1093540-109354f 1896->1911 1906 10934d8-10934e2 call f99cc0 1897->1906 1907 10934d0-10934d3 1897->1907 1909 10936a0-10936a5 1900->1909 1902->1903 1903->1892 1903->1893 1906->1866 1930 10934e8 1906->1930 1907->1906 1919 10936ad-10936c1 1909->1919 1920 10936a7-10936a9 1909->1920 1921 1093532-1093538 call f99800 1910->1921 1922 1093502-1093506 1910->1922 1917 1093559-109356c 1911->1917 1918 1093551-1093554 1911->1918 1918->1917 1919->1889 1919->1909 1920->1919 1929 109353d 1921->1929 1922->1921 1928 1093508-109351e call f994e0 1922->1928 1927->1926 1934 109352b-1093530 1928->1934 1935 1093520-1093528 1928->1935 1929->1911 1930->1869 1934->1929 1935->1934
                                                                                                    APIs
                                                                                                      • Part of subcall function 01093420: GetModuleFileNameW.KERNEL32(00000000,?,00000104,8C278AEA,00000000,?,011A83F6,000000FF), ref: 01093368
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • FreeLibrary.KERNEL32(00000001,8C278AEA,?,00000001,?,?,?), ref: 010935B7
                                                                                                    • EnterCriticalSection.KERNEL32(01259338), ref: 010935D2
                                                                                                    • DestroyWindow.USER32(00000000), ref: 010935F0
                                                                                                    • LeaveCriticalSection.KERNEL32(01259338), ref: 01093639
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalInit_thread_footerSection$DestroyEnterFileFreeHeapLeaveLibraryModuleNameProcessWindow
                                                                                                    • String ID: v$%s%lu$.local
                                                                                                    • API String ID: 3496055493-1141559199
                                                                                                    • Opcode ID: 6aa45e3f23dd4da584ac6b2b296ebc5c47dfd49f984f1fcc0bd95c999e6abf68
                                                                                                    • Instruction ID: 8f038325b1d417de63df33decc3ddd2720ab491014c7d87bc8e1b65988d14f77
                                                                                                    • Opcode Fuzzy Hash: 6aa45e3f23dd4da584ac6b2b296ebc5c47dfd49f984f1fcc0bd95c999e6abf68
                                                                                                    • Instruction Fuzzy Hash: 7591AC71A01605DBEF24DF68D898B6ABBF4FF44314F1485ADE895AB380DB74A800CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B4F80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 173fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 1937 10b4f80-10b4fc0 call 10b0240 1940 10b5193-10b519b call 10b5220 1937->1940 1941 10b4fc6-10b4fe2 SHGetFolderPathW 1937->1941 1949 10b519f 1940->1949 1942 10b4fee-10b4ffd 1941->1942 1943 10b4fe4-10b4fec 1941->1943 1945 10b4fff 1942->1945 1946 10b5012-10b5023 call 1090860 1942->1946 1943->1942 1943->1943 1948 10b5000-10b5008 1945->1948 1954 10b5047-10b50a4 call 1146bd0 GetTempPathW call 1146bd0 GetTempFileNameW 1946->1954 1955 10b5025 1946->1955 1948->1948 1952 10b500a-10b500c 1948->1952 1953 10b51a1-10b51bc call 114469a 1949->1953 1952->1940 1952->1946 1964 10b50af-10b50be 1954->1964 1965 10b50a6-10b50ac call 1144f55 1954->1965 1957 10b5030-10b503c 1955->1957 1957->1940 1960 10b5042-10b5045 1957->1960 1960->1954 1960->1957 1967 10b50ca-10b50f4 call 1144f5a 1964->1967 1968 10b50c0-10b50c8 1964->1968 1965->1964 1972 10b5112-10b515e Wow64DisableWow64FsRedirection CopyFileW 1967->1972 1973 10b50f6-10b50ff 1967->1973 1968->1967 1968->1968 1975 10b5168-10b5176 1972->1975 1976 10b5160-10b5163 call 10b5220 1972->1976 1974 10b5101-10b5110 1973->1974 1974->1972 1974->1974 1975->1949 1978 10b5178-10b5188 Wow64RevertWow64FsRedirection 1975->1978 1976->1975 1978->1953 1979 10b518a-10b5191 1978->1979 1979->1953
                                                                                                    APIs
                                                                                                      • Part of subcall function 010B0240: __Init_thread_footer.LIBCMT ref: 010B0312
                                                                                                    • SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,8C278AEA,00000000,00000000,?), ref: 010B4FD5
                                                                                                    • GetTempPathW.KERNEL32(00000104,?), ref: 010B5069
                                                                                                    • GetTempFileNameW.KERNEL32(?,shim_clone,00000000,?), ref: 010B509A
                                                                                                    • Wow64DisableWow64FsRedirection.KERNEL32(?), ref: 010B512D
                                                                                                    • CopyFileW.KERNEL32(?,?,00000000), ref: 010B514F
                                                                                                    • Wow64RevertWow64FsRedirection.KERNEL32(?), ref: 010B517E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Wow64$FilePathRedirectionTemp$CopyDisableFolderInit_thread_footerNameRevert
                                                                                                    • String ID: shim_clone
                                                                                                    • API String ID: 4264308349-3944563459
                                                                                                    • Opcode ID: bdaa9055a97c91b14130e036187c728f8e84092782c6708a8a492d4d37853f27
                                                                                                    • Instruction ID: 459d7f16f890557c53a4d20fdefc9d5e8f3f17e88d5ba33825ef00464ae987e8
                                                                                                    • Opcode Fuzzy Hash: bdaa9055a97c91b14130e036187c728f8e84092782c6708a8a492d4d37853f27
                                                                                                    • Instruction Fuzzy Hash: 3D515974A002189FEB29DF24CC84BEEBBF9EF54700F4440E9E589D7180EB319A81CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010C4E40 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 290COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 010C4CA0: GetTickCount.KERNEL32 ref: 010C4D24
                                                                                                      • Part of subcall function 010C4CA0: __Xtime_get_ticks.LIBCPMT ref: 010C4D2C
                                                                                                      • Part of subcall function 010C4CA0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 010C4D76
                                                                                                      • Part of subcall function 010E81C0: GetUserNameW.ADVAPI32(00000000,?), ref: 010E824E
                                                                                                      • Part of subcall function 010E81C0: GetLastError.KERNEL32 ref: 010E8254
                                                                                                      • Part of subcall function 010E81C0: GetUserNameW.ADVAPI32(00000000,?), ref: 010E829C
                                                                                                      • Part of subcall function 010E81C0: GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000), ref: 010E82D2
                                                                                                      • Part of subcall function 010E81C0: GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000,00000000,00000000), ref: 010E831C
                                                                                                    • __Init_thread_footer.LIBCMT ref: 010C4F64
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: EnvironmentNameUserVariable$CountErrorInit_thread_footerLastTickUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                                                    • String ID: \/:*?"<>|
                                                                                                    • API String ID: 2099558200-3830478854
                                                                                                    • Opcode ID: 28ae0602581e063b22572af1b96626d0878306d479091114a3fb8e454a64c52f
                                                                                                    • Instruction ID: 45b795c9b76d462343207231d186db5e8281a7b04fe820899f916df966b4fa95
                                                                                                    • Opcode Fuzzy Hash: 28ae0602581e063b22572af1b96626d0878306d479091114a3fb8e454a64c52f
                                                                                                    • Instruction Fuzzy Hash: 99C18970A01349CFEF14DFA8C898BAEBBB0BF54708F24416CE545AB291DB746A45CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010A88D0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 212registrylibraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 2326 10a88d0-10a8992 call f96610 call 10a8ff0 2331 10a89c1-10a89d2 call f978a0 2326->2331 2332 10a8994-10a89be call f978a0 2326->2332 2337 10a89d8-10a89de 2331->2337 2338 10a8a91-10a8aaf 2331->2338 2332->2331 2341 10a89e2-10a89e8 2337->2341 2342 10a89e0 2337->2342 2339 10a8ab3-10a8ac2 2338->2339 2340 10a8ab1 2338->2340 2343 10a8b07-10a8b13 RegOpenKeyExW 2339->2343 2344 10a8ac4-10a8ac7 2339->2344 2340->2339 2345 10a89ea-10a8a04 call f96bd0 2341->2345 2346 10a8a06-10a8a18 call f96610 2341->2346 2342->2341 2349 10a8b19-10a8b1e 2343->2349 2347 10a8ac9-10a8ad6 GetModuleHandleW 2344->2347 2348 10a8b01-10a8b05 2344->2348 2358 10a8a1d-10a8a3f call f98d60 2345->2358 2346->2358 2353 10a8b4a 2347->2353 2354 10a8ad8-10a8ae8 GetProcAddress 2347->2354 2348->2343 2348->2353 2355 10a8b4d-10a8b73 call 114469a 2349->2355 2356 10a8b20-10a8b24 2349->2356 2353->2355 2354->2353 2360 10a8aea-10a8aff 2354->2360 2361 10a8b33-10a8b48 2356->2361 2362 10a8b26-10a8b2d RegCloseKey 2356->2362 2367 10a8a43-10a8a65 call f97050 call f978a0 2358->2367 2368 10a8a41 2358->2368 2360->2349 2361->2355 2362->2361 2373 10a8a78-10a8a81 2367->2373 2374 10a8a67-10a8a75 call f978a0 2367->2374 2368->2367 2373->2338 2376 10a8a83-10a8a8c call f978a0 2373->2376 2374->2373 2376->2338
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll,?,8C278AEA), ref: 010A8ACE
                                                                                                    • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 010A8ADE
                                                                                                    • RegOpenKeyExW.KERNEL32(?,?,00000000,000000FF,00000000,?,8C278AEA), ref: 010A8B13
                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 010A8B27
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressCloseHandleModuleOpenProc
                                                                                                    • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                    • API String ID: 823179699-3913318428
                                                                                                    • Opcode ID: 9e1f2fd6fb0566cea8dd107d4922248c3feb68968645c8e1de3e4c640cf30fc5
                                                                                                    • Instruction ID: 578fef7687381289b3b2e311d853cb9b9a239eaa4bc59b3f40554345ab9a0e42
                                                                                                    • Opcode Fuzzy Hash: 9e1f2fd6fb0566cea8dd107d4922248c3feb68968645c8e1de3e4c640cf30fc5
                                                                                                    • Instruction Fuzzy Hash: 45916CB0D14308DFEB14CFA8C959B9EBBF4FF54300F54855AE859AB281D774AA04CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010ED430 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 2379 10ed430-10ed47b call 10ada90 2382 10ed47d-10ed482 2379->2382 2383 10ed487-10ed495 2379->2383 2384 10ed631-10ed65b call 1144f55 2382->2384 2385 10ed4a0-10ed4c1 2383->2385 2387 10ed4cb-10ed4e2 SetFilePointer 2385->2387 2388 10ed4c3-10ed4c9 2385->2388 2390 10ed4e4-10ed4ec GetLastError 2387->2390 2391 10ed4f2-10ed507 ReadFile 2387->2391 2388->2387 2390->2391 2392 10ed62c 2390->2392 2391->2392 2393 10ed50d-10ed514 2391->2393 2392->2384 2393->2392 2394 10ed51a-10ed52b 2393->2394 2394->2385 2395 10ed531-10ed53d 2394->2395 2396 10ed540-10ed544 2395->2396 2397 10ed546-10ed54f 2396->2397 2398 10ed551-10ed555 2396->2398 2397->2396 2397->2398 2399 10ed578-10ed57a 2398->2399 2400 10ed557-10ed55d 2398->2400 2402 10ed57d-10ed57f 2399->2402 2400->2399 2401 10ed55f-10ed562 2400->2401 2403 10ed574-10ed576 2401->2403 2404 10ed564-10ed56a 2401->2404 2405 10ed594-10ed596 2402->2405 2406 10ed581-10ed584 2402->2406 2403->2402 2404->2399 2407 10ed56c-10ed572 2404->2407 2409 10ed598-10ed5a1 2405->2409 2410 10ed5a6-10ed5cc SetFilePointer 2405->2410 2406->2395 2408 10ed586-10ed58f 2406->2408 2407->2399 2407->2403 2408->2385 2409->2385 2410->2392 2411 10ed5ce-10ed5e3 ReadFile 2410->2411 2411->2392 2412 10ed5e5-10ed5e9 2411->2412 2412->2392 2413 10ed5eb-10ed5f5 2412->2413 2414 10ed60f-10ed614 2413->2414 2415 10ed5f7-10ed5fd 2413->2415 2414->2384 2415->2414 2416 10ed5ff-10ed607 2415->2416 2416->2414 2417 10ed609-10ed60d 2416->2417 2417->2414 2418 10ed616-10ed62a 2417->2418 2418->2384
                                                                                                    APIs
                                                                                                    • SetFilePointer.KERNEL32(011B902D,-00000400,?,00000002,00000400,8C278AEA,?,?,?), ref: 010ED4D6
                                                                                                    • GetLastError.KERNEL32(?,?), ref: 010ED4E4
                                                                                                    • ReadFile.KERNEL32(011B902D,00000000,00000400,?,00000000,?,?), ref: 010ED4FF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$ErrorLastPointerRead
                                                                                                    • String ID: ADVINSTSFX
                                                                                                    • API String ID: 64821003-4038163286
                                                                                                    • Opcode ID: cd77fc116b723a97f169e027403baff5c1bf0bf961830834cee0ae4f9dce0ab5
                                                                                                    • Instruction ID: a7312a4ebace683aea26aa2455de4551c9a69cc421a83e06f3925ca40cc84d37
                                                                                                    • Opcode Fuzzy Hash: cd77fc116b723a97f169e027403baff5c1bf0bf961830834cee0ae4f9dce0ab5
                                                                                                    • Instruction Fuzzy Hash: DC61C6B1E002099FDB15CFA9C888BBEBBF5FF49324F1442A5E555AB281D734E941CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01096C10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96registrylibraryloaderCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 2419 1096c10-1096c47 2420 1096c49-1096c4c 2419->2420 2421 1096cb2-1096cc9 RegCreateKeyExW 2419->2421 2423 1096c4e-1096c5b GetModuleHandleW 2420->2423 2424 1096ca5-1096ca9 2420->2424 2422 1096ccf-1096cd1 2421->2422 2426 1096cd3-1096cd9 2422->2426 2427 1096cf4-1096d05 2422->2427 2428 1096c5d-1096c73 2423->2428 2429 1096c76-1096c84 GetProcAddress 2423->2429 2424->2421 2425 1096cab-1096cb0 2424->2425 2425->2422 2430 1096cdb-1096ce2 RegCloseKey 2426->2430 2431 1096ce4-1096cf1 2426->2431 2429->2425 2432 1096c86-1096ca3 2429->2432 2430->2431 2431->2427 2432->2422
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll,8C278AEA,00000000,?,75A8EB20,?,?,0116CB30,000000FF), ref: 01096C53
                                                                                                    • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 01096C7C
                                                                                                    • RegCreateKeyExW.KERNEL32(?,010E887A,00000000,00000000,00000000,0116CB30,00000000,00000000,0116CB30,8C278AEA,00000000,?,75A8EB20,?,?,0116CB30), ref: 01096CC9
                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,75A8EB20,?,?,0116CB30,000000FF), ref: 01096CDC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressCloseCreateHandleModuleProc
                                                                                                    • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                    • API String ID: 1765684683-2994018265
                                                                                                    • Opcode ID: 7395f8aa448e9d1323be45b4772fc6ee0109047d71d1b6fa08d95f09db6b5c22
                                                                                                    • Instruction ID: 8b23d80ff7993629e82487d924fe6d75078eb745833cba34bf2499a579b4af20
                                                                                                    • Opcode Fuzzy Hash: 7395f8aa448e9d1323be45b4772fc6ee0109047d71d1b6fa08d95f09db6b5c22
                                                                                                    • Instruction Fuzzy Hash: 4A31A272A40249BFEF258F49DC55FAABBA8FB04750F10816AF915D7280D776A810DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010CC1B0 Relevance: 10.6, APIs: 7, Instructions: 73COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 010CC1D0
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 010CC1E6
                                                                                                    • ShowWindow.USER32(00000000,00000000,?,?,?,?,?,?,?,010D35EA,?,?,?,?,?,?), ref: 010CC1FF
                                                                                                    • InvalidateRect.USER32(00000000,00000000,00000001,?,?,?,?,?,?,?,010D35EA,?,?), ref: 010CC20A
                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 010CC21C
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 010CC232
                                                                                                    • SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000206,?,?,?,?,?,?,?,010D35EA), ref: 010CC275
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Rect$Item$InvalidateShow
                                                                                                    • String ID:
                                                                                                    • API String ID: 2147159307-0
                                                                                                    • Opcode ID: 70e3fc84ec4441bc582a7d55a1f1fefa90962f6b43bb7f91fd360d9899be878f
                                                                                                    • Instruction ID: 06e8409ab0631aa36665c343e4fe7a2a45f05240b7cc84c32fe2d3a4eb71470a
                                                                                                    • Opcode Fuzzy Hash: 70e3fc84ec4441bc582a7d55a1f1fefa90962f6b43bb7f91fd360d9899be878f
                                                                                                    • Instruction Fuzzy Hash: 02213B71644340AFD310DF24E989B6B7BE9EF8C714F008659F859D6281E730E9818B52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010D0160 Relevance: 9.4, APIs: 6, Instructions: 354fileCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 2439 10d0160-10d0195 2440 10d019b-10d01c0 SetFilePointer 2439->2440 2441 10d0437-10d0448 2439->2441 2442 10d024a-10d026a 2440->2442 2443 10d01c6-10d01fa GetLastError call 10ae5b0 call 10ab2f0 2440->2443 2445 10d041c 2442->2445 2446 10d0270-10d028c ReadFile 2442->2446 2461 10d01fc 2443->2461 2462 10d01ff-10d0229 call 10baf30 2443->2462 2450 10d041e-10d0435 call 1144f55 2445->2450 2447 10d04f3-10d0527 GetLastError call 10ae5b0 call 10ab2f0 2446->2447 2448 10d0292-10d0296 2446->2448 2467 10d052c-10d0555 call 10baf30 2447->2467 2468 10d0529 2447->2468 2448->2447 2452 10d029c-10d02a9 call f99cc0 2448->2452 2450->2441 2464 10d02af-10d02c8 2452->2464 2465 10d0569-10d0573 call f99980 2452->2465 2461->2462 2473 10d022b-10d022e 2462->2473 2474 10d0233-10d0249 2462->2474 2477 10d02da-10d02ec call 10bf720 2464->2477 2478 10d02ca-10d02d3 call 1144f55 2464->2478 2479 10d055f-10d0564 2467->2479 2480 10d0557-10d055a 2467->2480 2468->2467 2473->2474 2485 10d04bc 2477->2485 2486 10d02f2-10d0309 ReadFile 2477->2486 2478->2477 2479->2450 2480->2479 2487 10d04c1-10d04e0 2485->2487 2488 10d030f-10d0313 2486->2488 2489 10d0449-10d047d GetLastError call 10ae5b0 call 10ab2f0 2486->2489 2487->2450 2490 10d04e6-10d04ee 2487->2490 2488->2489 2491 10d0319-10d0324 2488->2491 2503 10d047f 2489->2503 2504 10d0482-10d04ab call 10baf30 2489->2504 2490->2450 2493 10d033f-10d035d call f99800 2491->2493 2494 10d0326-10d032b 2491->2494 2505 10d035f-10d0366 2493->2505 2506 10d03a2-10d03b6 2493->2506 2496 10d0330-10d0339 2494->2496 2496->2496 2500 10d033b-10d033d 2496->2500 2500->2493 2503->2504 2520 10d04ad-10d04b0 2504->2520 2521 10d04b5-10d04ba 2504->2521 2510 10d0378-10d037a 2505->2510 2511 10d0368-10d0372 2505->2511 2507 10d03d9-10d03dd 2506->2507 2508 10d03b8-10d03d5 call f994e0 2506->2508 2513 10d03e0-10d03ff 2507->2513 2508->2507 2515 10d037c-10d037f 2510->2515 2516 10d0381-10d0383 2510->2516 2511->2465 2511->2510 2518 10d0409-10d0416 2513->2518 2519 10d0401-10d0404 2513->2519 2522 10d038d-10d039b call 114e551 2515->2522 2516->2513 2523 10d0385-10d038b 2516->2523 2518->2445 2518->2446 2519->2518 2520->2521 2521->2487 2522->2513 2526 10d039d-10d03a0 2522->2526 2523->2513 2523->2522 2526->2506
                                                                                                    APIs
                                                                                                    • SetFilePointer.KERNEL32(?,?,?,00000000,8C278AEA,?,?,00000002,?,?,?,?,?,?,00000000,011B32F2), ref: 010D01B7
                                                                                                    • GetLastError.KERNEL32(?,00000002), ref: 010D0449
                                                                                                    • GetLastError.KERNEL32(?,00000002), ref: 010D04F3
                                                                                                    • GetLastError.KERNEL32(?,00000002,?,?,?,?,?,?,00000000,011B32F2,000000FF,?,010CF05A,00000010), ref: 010D01C6
                                                                                                      • Part of subcall function 010AE5B0: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,8C278AEA,?,00000000), ref: 010AE5FB
                                                                                                      • Part of subcall function 010AE5B0: GetLastError.KERNEL32(?,00000000), ref: 010AE605
                                                                                                    • ReadFile.KERNEL32(?,00000000,00000008,80070057,00000000,?,00000002), ref: 010D0288
                                                                                                    • ReadFile.KERNEL32(?,8C278AEA,00000000,00000000,00000000,00000001,?,00000002), ref: 010D0305
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$File$Read$FormatMessagePointer
                                                                                                    • String ID:
                                                                                                    • API String ID: 3903527278-0
                                                                                                    • Opcode ID: cfb075050a394911b3968b007cb6b69311119c0ff324196f9e1e169a779ab63b
                                                                                                    • Instruction ID: 5397ddbf48d7e8184248d2866a41992ecf0cf553dbe520a1f19876e25259455c
                                                                                                    • Opcode Fuzzy Hash: cfb075050a394911b3968b007cb6b69311119c0ff324196f9e1e169a779ab63b
                                                                                                    • Instruction Fuzzy Hash: 8FD19371D00209DFDB04DFA8C884BAEFBB5FF44314F1482A9E959AB395EB749905CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AB720 Relevance: 9.2, APIs: 6, Instructions: 233COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PathIsUNCW.SHLWAPI(?,8C278AEA,00000000,?,?), ref: 010AB76B
                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,00000000,011E4494,00000001,?,?,?,?,?,00000000,011AC395,000000FF,?,010EEC41), ref: 010AB82A
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,011AC395,000000FF,?,010EEC41,00000000,?,00000000), ref: 010AB838
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateDirectoryErrorLastPath
                                                                                                    • String ID:
                                                                                                    • API String ID: 953296794-0
                                                                                                    • Opcode ID: 157efd6ca05f0ff7b8583290a2dbe5ffd8aaa69e667fbf09d33c0ee815919a1d
                                                                                                    • Instruction ID: 55d02be875a2d317288b0da796e13033148cfcf7502223e529d52608ddf71dda
                                                                                                    • Opcode Fuzzy Hash: 157efd6ca05f0ff7b8583290a2dbe5ffd8aaa69e667fbf09d33c0ee815919a1d
                                                                                                    • Instruction Fuzzy Hash: EE81AF31A046099FDB15DFACC888BEDBBF4EF15324F644269E960A72D0DB759A04CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010D37D0 Relevance: 9.1, APIs: 6, Instructions: 69threadsynchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_0015EF30,011F0B08,00000000,?), ref: 010D384D
                                                                                                    • GetLastError.KERNEL32 ref: 010D385A
                                                                                                    • WaitForSingleObject.KERNEL32(00000000,FFFFFFFF), ref: 010D3883
                                                                                                    • GetExitCodeThread.KERNEL32(00000000,?), ref: 010D389D
                                                                                                    • TerminateThread.KERNEL32(00000000,00000000), ref: 010D38B5
                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000), ref: 010D38BE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Thread$ChangeCloseCodeCreateErrorExitFindLastNotificationObjectSingleTerminateWait
                                                                                                    • String ID:
                                                                                                    • API String ID: 766675602-0
                                                                                                    • Opcode ID: 6320fb92cefc4d453aa2ffd430cb443492b70f34666efbbfdf1c387c9d94783a
                                                                                                    • Instruction ID: fc160e25ef5163e5c2d9e5eba60560fc0f7f21dc87d042b4c74622c5dc1cd52e
                                                                                                    • Opcode Fuzzy Hash: 6320fb92cefc4d453aa2ffd430cb443492b70f34666efbbfdf1c387c9d94783a
                                                                                                    • Instruction Fuzzy Hash: CB31E6B090031DAFDF14CFA4C949BDEBBB8FB08314F104269E960B6290D7799A54CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B5480 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 196COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileVersionInfoSizeW.KERNELBASE(80004005,011B3C95,8C278AEA,?,?,?,?,?,00000000,011B3C95,000000FF,?,80004005,8C278AEA,?), ref: 010B54E5
                                                                                                    • GetFileVersionInfoW.KERNELBASE(80004005,?,00000000,000000FF,00000000,?,?,?,?,00000000,011B3C95,000000FF,?,80004005,8C278AEA,?), ref: 010B5533
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileInfoVersion$Size
                                                                                                    • String ID: ProductName$\StringFileInfo\%04x%04x\%s$\VarFileInfo\Translation
                                                                                                    • API String ID: 2104008232-2149928195
                                                                                                    • Opcode ID: 9b430b5cf15f9a602ff26cd48983ce5d0730b1187748d6d7e8f4ec74710e2f72
                                                                                                    • Instruction ID: 2caa97a2e176419061243f8cbafa0a014c04f127c58409e649f4f237d1fbddef
                                                                                                    • Opcode Fuzzy Hash: 9b430b5cf15f9a602ff26cd48983ce5d0730b1187748d6d7e8f4ec74710e2f72
                                                                                                    • Instruction Fuzzy Hash: E661BE719012099FDB14DFACDC99AEEBBF8EF15315F1481A9E451E7290EB349900CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B5370 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 010B4F80: SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,8C278AEA,00000000,00000000,?), ref: 010B4FD5
                                                                                                      • Part of subcall function 010B4F80: GetTempPathW.KERNEL32(00000104,?), ref: 010B5069
                                                                                                      • Part of subcall function 010B4F80: GetTempFileNameW.KERNEL32(?,shim_clone,00000000,?), ref: 010B509A
                                                                                                    • GetFileVersionInfoSizeW.KERNELBASE(?,000000FF,Shlwapi.dll,8C278AEA,00000000,?,?,00000000,011AD9C5,000000FF,Shlwapi.dll,010B5326,?,?,?), ref: 010B53BD
                                                                                                    • GetFileVersionInfoW.KERNELBASE(?,?,?,00000000,00000000,?,?), ref: 010B53E9
                                                                                                    • GetLastError.KERNEL32(?,?), ref: 010B542E
                                                                                                    • DeleteFileW.KERNEL32(?), ref: 010B5441
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$InfoPathTempVersion$DeleteErrorFolderLastNameSize
                                                                                                    • String ID: Shlwapi.dll
                                                                                                    • API String ID: 2355151265-1687636465
                                                                                                    • Opcode ID: 7143fee03707996ecf95dda97a5cfe204a7776281e92f014591d1c37df8af374
                                                                                                    • Instruction ID: 6ba6cd34f44b03632218dd996e9e008e2be4a5dbf47d662613742dc631561d99
                                                                                                    • Opcode Fuzzy Hash: 7143fee03707996ecf95dda97a5cfe204a7776281e92f014591d1c37df8af374
                                                                                                    • Instruction Fuzzy Hash: 93318471A01209AFDB15CFA9DD84BEEBBF8EF08615F1441A9E945A3240DB359901CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010EE990 Relevance: 7.7, APIs: 5, Instructions: 166threadsynchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,8C278AEA,?,?,00000000,?,?,?,?,011B941D,000000FF,?,010D0E0E), ref: 010EE9D0
                                                                                                    • CreateThread.KERNEL32(00000000,00000000,010EECE0,?,00000000,?), ref: 010EEA06
                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 010EEB0F
                                                                                                    • GetExitCodeThread.KERNEL32(00000000,?), ref: 010EEB1A
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 010EEB3A
                                                                                                      • Part of subcall function 00FA8590: RaiseException.KERNEL32(8C278AEA,8C278AEA,00000000,00000000,01143F71,C000008C,00000001,?,01143FA2,00000000,?,?,?,00F990D7,00000000,8C278AEA), ref: 00FA859C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateThread$CloseCodeEventExceptionExitHandleObjectRaiseSingleWait
                                                                                                    • String ID:
                                                                                                    • API String ID: 3595790897-0
                                                                                                    • Opcode ID: 77c45cba1f34db03c440ee52b370fe396202745edbb7d3dcd9d14a9203ea4b4f
                                                                                                    • Instruction ID: 1e071821a33dc0371591012f0238bf4b9b4a9e9638572d5ff379fa05a264b795
                                                                                                    • Opcode Fuzzy Hash: 77c45cba1f34db03c440ee52b370fe396202745edbb7d3dcd9d14a9203ea4b4f
                                                                                                    • Instruction Fuzzy Hash: 7F516A74A00709DFCB24CF69C888BAABBF5FF49314F244669EA56A7751D730A840CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA845B Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 00FA8470
                                                                                                    • GetWindowLongW.USER32(?,000000FC), ref: 00FA8485
                                                                                                    • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 00FA849B
                                                                                                    • GetWindowLongW.USER32(?,000000FC), ref: 00FA84B5
                                                                                                    • SetWindowLongW.USER32(?,000000FC,?), ref: 00FA84C5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Long$CallProc
                                                                                                    • String ID:
                                                                                                    • API String ID: 513923721-0
                                                                                                    • Opcode ID: 969b203d5368e288196773f72c64b59bf2b2e0ff58ac5543b80ae30066f02772
                                                                                                    • Instruction ID: 7b843e8af4ff3dacd185ce30c05e2eab3971b9be464a1b52147d73e5b0354929
                                                                                                    • Opcode Fuzzy Hash: 969b203d5368e288196773f72c64b59bf2b2e0ff58ac5543b80ae30066f02772
                                                                                                    • Instruction Fuzzy Hash: 4F210EB1504700AFC720DF29DC84917FBF5FF89760B508A1EF99A82660D772E8559B50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010ABFF0 Relevance: 7.6, APIs: 5, Instructions: 64windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MsgWaitForMultipleObjectsEx.USER32(00000001,00000000,000000FF,000005FF,00000004), ref: 010AC011
                                                                                                    • PeekMessageW.USER32(?,00000000), ref: 010AC057
                                                                                                    • TranslateMessage.USER32(00000000), ref: 010AC062
                                                                                                    • DispatchMessageW.USER32(00000000), ref: 010AC069
                                                                                                    • MsgWaitForMultipleObjectsEx.USER32(00000001,?,000000FF,000005FF,00000004), ref: 010AC07B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Message$MultipleObjectsWait$DispatchPeekTranslate
                                                                                                    • String ID:
                                                                                                    • API String ID: 4084795276-0
                                                                                                    • Opcode ID: 63a252d38db03c97e0dd104f561c8e9aca0e5384f583554e3affa29d5c3c9a4a
                                                                                                    • Instruction ID: ab5194937c22fb20642a6bed20b4a6759770ca0006c85028793e853c8a93823f
                                                                                                    • Opcode Fuzzy Hash: 63a252d38db03c97e0dd104f561c8e9aca0e5384f583554e3affa29d5c3c9a4a
                                                                                                    • Instruction Fuzzy Hash: 4B1159716803057EF320CA55AD81FA7B7DCEB89760F900226FA50960C0D770E5448771
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010CCC60 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 326COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PathIsUNCW.SHLWAPI(?,8C278AEA,?,00000010,?), ref: 010CCF2A
                                                                                                      • Part of subcall function 010ACF90: GetCurrentProcess.KERNEL32 ref: 010ACFD8
                                                                                                      • Part of subcall function 010ACF90: OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 010ACFE5
                                                                                                      • Part of subcall function 010ACF90: GetLastError.KERNEL32 ref: 010ACFEF
                                                                                                      • Part of subcall function 010ACF90: FindCloseChangeNotification.KERNEL32(00000000), ref: 010AD0D0
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                      • Part of subcall function 00F992A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00FB1134,00000000,?,00000010,?,*.*,?,80070057), ref: 00F992C3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$FindInit_thread_footer$ChangeCloseCurrentErrorHeapLastNotificationOpenPathResourceToken
                                                                                                    • String ID: Extraction path set to:$[WindowsVolume]$\\?\
                                                                                                    • API String ID: 2914359614-3538578949
                                                                                                    • Opcode ID: d40a073d5b76f318144d28bf98715df51fe6c542b57a271e89c95d4fd1fab05d
                                                                                                    • Instruction ID: 30330dbd18a8380cd3a50d0d5d367ef8d0fa175f2d5d1589fd0a41162579221b
                                                                                                    • Opcode Fuzzy Hash: d40a073d5b76f318144d28bf98715df51fe6c542b57a271e89c95d4fd1fab05d
                                                                                                    • Instruction Fuzzy Hash: 18C1E3309006469FEB14DFACC984BAEFBF4AF45714F1482ACE555AB292DB74D901CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010E9FE0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 257filepipeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ConnectNamedPipe.KERNEL32(?,00000000,8C278AEA,?,000000FF,?,?,00000000,011B863E,000000FF,?,010EA25A,000000FF,?,00000001), ref: 010EA01C
                                                                                                    • GetLastError.KERNEL32(?,?,00000000,011B863E,000000FF,?,010EA25A,000000FF,?,00000001), ref: 010EA026
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • ReadFile.KERNEL32(?,?,00007F90,?,00000000,8C278AEA,?,000000FF,?,?,00000000,011B863E,000000FF,?,010EA25A,000000FF), ref: 010EA073
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$ConnectErrorFileHeapLastNamedPipeProcessRead
                                                                                                    • String ID: \\.\pipe\ToServer
                                                                                                    • API String ID: 2973225359-63420281
                                                                                                    • Opcode ID: e2078e9a4029f228b4c6efd7585815e4d5b350d2686cab0bf70372ef8397c5f1
                                                                                                    • Instruction ID: 01ed1288293e611ce1d404dd749f9870e948bfffbebb89568b283c8bce9bfdb2
                                                                                                    • Opcode Fuzzy Hash: e2078e9a4029f228b4c6efd7585815e4d5b350d2686cab0bf70372ef8397c5f1
                                                                                                    • Instruction Fuzzy Hash: 7191A071A04205DFEB14DF69CC09BAEBBE4EF48324F0086ADF9559B381DB759900CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B30C0 Relevance: 6.3, APIs: 4, Instructions: 292COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadStringW.USER32(?,?,?,00000100), ref: 010B31BC
                                                                                                    • LoadStringW.USER32(?,?,?,00000001), ref: 010B3264
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LoadString
                                                                                                    • String ID:
                                                                                                    • API String ID: 2948472770-0
                                                                                                    • Opcode ID: bd091b410c2dd26e7d5cf491b488e52357054a8f36246467dfb8fbb920709919
                                                                                                    • Instruction ID: 979c4ed84d150f4709480bf881b31f5b1b8c58cab36c7ba7e8732baf8a419725
                                                                                                    • Opcode Fuzzy Hash: bd091b410c2dd26e7d5cf491b488e52357054a8f36246467dfb8fbb920709919
                                                                                                    • Instruction Fuzzy Hash: 55B15E71D01209EFDB04DFA8D885BEEBBB5FF48714F248219E915A7380DB756A44CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010C49A0 Relevance: 6.1, APIs: 4, Instructions: 145fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,8C278AEA,?,00000010,?,010C7D90,?), ref: 010C4A06
                                                                                                    • SetFilePointer.KERNEL32(00000000,?,00000010,00000000), ref: 010C4A4F
                                                                                                    • ReadFile.KERNEL32(00000000,8C278AEA,?,?,00000000,00000078,?), ref: 010C4A91
                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000), ref: 010C4B0A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$ChangeCloseCreateFindNotificationPointerRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 2405668454-0
                                                                                                    • Opcode ID: c87ef981262ab68d9e839c04b58eb346f594e099a85c11dc6413823e5f204125
                                                                                                    • Instruction ID: e3e3ee3551052aa3bfe601c3b7b12397a0bb362ed1cde257400f7c9388be9d71
                                                                                                    • Opcode Fuzzy Hash: c87ef981262ab68d9e839c04b58eb346f594e099a85c11dc6413823e5f204125
                                                                                                    • Instruction Fuzzy Hash: E4518C70900609AFEB15CBACC898BEEFBB8FF45724F148259E451AB2D0D7749904CF64
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA0570 Relevance: 4.8, APIs: 3, Instructions: 345fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempFileNameW.KERNEL32(?,?,00000000,?,8C278AEA,?), ref: 00FA05E2
                                                                                                    • MoveFileW.KERNEL32(?,00000000), ref: 00FA0835
                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00FA087F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$DeleteMoveNameTemp
                                                                                                    • String ID:
                                                                                                    • API String ID: 788073729-0
                                                                                                    • Opcode ID: ef9244b3206819b84fe5e03026f3b5909981863ef0f3ef725d9513f0dfb132cf
                                                                                                    • Instruction ID: 9654ddd95a5657416f11b9284160712aff68b0cab3c5e8cd1a946e9c3a9c7594
                                                                                                    • Opcode Fuzzy Hash: ef9244b3206819b84fe5e03026f3b5909981863ef0f3ef725d9513f0dfb132cf
                                                                                                    • Instruction Fuzzy Hash: 07F198B0D11269CBDB28DF28CC9879DBBB0BF55304F1042D9D409A7291EB786B84DF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA01A0 Relevance: 4.8, APIs: 3, Instructions: 275fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempFileNameW.KERNEL32(?,?,00000000,?,8C278AEA,?,00000004), ref: 00FA01FB
                                                                                                    • DeleteFileW.KERNEL32(?,?,00000004), ref: 00FA023E
                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,00000004), ref: 00FA024D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$CreateDeleteDirectoryNameTemp
                                                                                                    • String ID:
                                                                                                    • API String ID: 2411147693-0
                                                                                                    • Opcode ID: 21ffaa9dfb7b2a243df57d811eb75eb56e960c21cc3f7a99c092d117fc7ef1b5
                                                                                                    • Instruction ID: 49bacdb18de6ed86c83df7ce08cf394ad6b898e6dee2021b6e34001579e1558c
                                                                                                    • Opcode Fuzzy Hash: 21ffaa9dfb7b2a243df57d811eb75eb56e960c21cc3f7a99c092d117fc7ef1b5
                                                                                                    • Instruction Fuzzy Hash: 7CB18AB0D10248DFDB14DF68D9987EEBBB4FF59314F24429DD405A7281DB786A84CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115EA0C Relevance: 4.7, APIs: 3, Instructions: 202COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __freea.LIBCMT ref: 0115EBBB
                                                                                                      • Part of subcall function 0115CA67: RtlAllocateHeap.NTDLL(00000000,011645BE,?,?,011645BE,00000220,?,?,?), ref: 0115CA99
                                                                                                    • __freea.LIBCMT ref: 0115EBD0
                                                                                                    • __freea.LIBCMT ref: 0115EBE0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __freea$AllocateHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 2243444508-0
                                                                                                    • Opcode ID: dccff32a190e67b056e409595940f322d1ad908e3697306c00325af3b06c27d3
                                                                                                    • Instruction ID: 2fc73b0b5e761fc689886b449665d94c5043280f3202fb4c8dac0b9a3fe977a8
                                                                                                    • Opcode Fuzzy Hash: dccff32a190e67b056e409595940f322d1ad908e3697306c00325af3b06c27d3
                                                                                                    • Instruction Fuzzy Hash: C451D472A02216EFEF6D9F68CC80EBBBAA9EF44615F150128FD29D6140E731CE108761
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010CFC90 Relevance: 4.7, APIs: 3, Instructions: 191fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetFilePointer.KERNEL32(?,?,?,00000000,8C278AEA,?,?), ref: 010CFCF7
                                                                                                    • ReadFile.KERNEL32(?,00000000,00000018,?,00000000), ref: 010CFE04
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$PointerRead
                                                                                                    • String ID:
                                                                                                    • API String ID: 3154509469-0
                                                                                                    • Opcode ID: 863ba76dffa69a1640e8a1125c5017b7a7778f95030bb90ce260d384834a4207
                                                                                                    • Instruction ID: 00038f16364f2daf536d6113ba591157b87736f7cec2ad2a2c1f275deefb551c
                                                                                                    • Opcode Fuzzy Hash: 863ba76dffa69a1640e8a1125c5017b7a7778f95030bb90ce260d384834a4207
                                                                                                    • Instruction Fuzzy Hash: D6617171D00609AFDB04DFA8C844BDDFBF4FB09720F10826AE924A7390EB75A914CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010CD040 Relevance: 4.7, APIs: 3, Instructions: 183fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,8C278AEA,?,00000000,?,80004005,?,00000000), ref: 010CD0DE
                                                                                                    • GetLastError.KERNEL32 ref: 010CD116
                                                                                                    • GetLastError.KERNEL32(?), ref: 010CD1AF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast$CreateFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 1722934493-0
                                                                                                    • Opcode ID: fe08166db85aef9c80da2078403f82a606092f0476f52f92d3e17d88fca984f1
                                                                                                    • Instruction ID: ef101525b6cd59f47ff78f9b0ac03e0900db54d5c88054f54f08992d04e77762
                                                                                                    • Opcode Fuzzy Hash: fe08166db85aef9c80da2078403f82a606092f0476f52f92d3e17d88fca984f1
                                                                                                    • Instruction Fuzzy Hash: A351C371A006069FDB24DFA9C844B9EFBF5FF94720F10866DE95597390EB31A905CB80
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FC670 Relevance: 4.7, APIs: 3, Instructions: 181fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(010FD5B6,40000000,00000001,00000000,00000002,00000080,00000000,8C278AEA,?,00000001), ref: 010FC6D2
                                                                                                    • WriteFile.KERNEL32(00000000,0000C800,0000C800,0000C800,00000000,?,0000C800), ref: 010FC768
                                                                                                    • CloseHandle.KERNEL32(00000000,?,0000C800), ref: 010FC7DC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$CloseCreateHandleWrite
                                                                                                    • String ID:
                                                                                                    • API String ID: 1065093856-0
                                                                                                    • Opcode ID: d6b8c1cf700c8bdca4c34f4f84dca50b87264acc9d70593b47eb2a8bfabf4055
                                                                                                    • Instruction ID: c9a380d016773fda730fe13086110e38316d934d9b01761b0b5698496c5b27c6
                                                                                                    • Opcode Fuzzy Hash: d6b8c1cf700c8bdca4c34f4f84dca50b87264acc9d70593b47eb2a8bfabf4055
                                                                                                    • Instruction Fuzzy Hash: A5518D71A00219AFEB14DFA8DD46FDEBBB9FF48714F104259E910B7680DB759900CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010CC140 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 010CC149
                                                                                                    • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,011B12D0,000000FF), ref: 010CC158
                                                                                                    • IsWindow.USER32(?), ref: 010CC185
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$CurrentDestroyThread
                                                                                                    • String ID:
                                                                                                    • API String ID: 2303547079-0
                                                                                                    • Opcode ID: b70a344c0b92d678d3f06ffd8772fe787920f29626f89f14a067781341bbf6b4
                                                                                                    • Instruction ID: 5adfd318d447b801d5008eb07743028d8bf39c6eed728d5b905b5ed0ea6cf3c8
                                                                                                    • Opcode Fuzzy Hash: b70a344c0b92d678d3f06ffd8772fe787920f29626f89f14a067781341bbf6b4
                                                                                                    • Instruction Fuzzy Hash: 64F05E71005B409EE3719B2DFB48B4ABFE5AB89F14F410A8DE58696A84C3B0F4418B24
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0114FD83 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(?,?,0114FD7D,?,?,?,?,8C278AEA), ref: 0114FD94
                                                                                                    • TerminateProcess.KERNEL32(00000000,?,0114FD7D,?,?,?,?,8C278AEA), ref: 0114FD9B
                                                                                                    • ExitProcess.KERNEL32 ref: 0114FDAD
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                    • String ID:
                                                                                                    • API String ID: 1703294689-0
                                                                                                    • Opcode ID: 87c9671855160523013db4d782b0fca20005cc3a598094847767416a09e971a9
                                                                                                    • Instruction ID: c6b51de49adc27f3ddc397530bc6c8eadbc194bfbd056dc3251f61601397984e
                                                                                                    • Opcode Fuzzy Hash: 87c9671855160523013db4d782b0fca20005cc3a598094847767416a09e971a9
                                                                                                    • Instruction Fuzzy Hash: 9BD09E31000109AFDF692FA5EC0C8DD3F2AEF44749B144064B96A56125CB7199E7DB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010ABB70 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000025,00000000,8C278AEA), ref: 010ABD10
                                                                                                      • Part of subcall function 010ABDD0: GetEnvironmentVariableW.KERNEL32(00000000,00000000,00000000,?,?,?,80004005), ref: 010ABDDD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$EnvironmentFolderHeapPathProcessSpecialVariable
                                                                                                    • String ID: USERPROFILE
                                                                                                    • API String ID: 1777821646-2419442777
                                                                                                    • Opcode ID: 5b5b70a7ba7fc264bc66d73d145227a795405a37eadbf9f80ce1b9b770f903be
                                                                                                    • Instruction ID: 76f843ae943a488c53540486c33a0ed80a7fd67ee90248559bcf83a7cf452fe3
                                                                                                    • Opcode Fuzzy Hash: 5b5b70a7ba7fc264bc66d73d145227a795405a37eadbf9f80ce1b9b770f903be
                                                                                                    • Instruction Fuzzy Hash: 8561CE71A006099FDB14DFACCC59BAEBBF4EF44310F50866DE856DB291EB749900CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010EA1A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,8C278AEA,?,00000010,?,?,011B868E,000000FF), ref: 010EA228
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                      • Part of subcall function 010E9FE0: ConnectNamedPipe.KERNEL32(?,00000000,8C278AEA,?,000000FF,?,?,00000000,011B863E,000000FF,?,010EA25A,000000FF,?,00000001), ref: 010EA01C
                                                                                                      • Part of subcall function 010E9FE0: GetLastError.KERNEL32(?,?,00000000,011B863E,000000FF,?,010EA25A,000000FF,?,00000001), ref: 010EA026
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$ConnectErrorFileHeapLastNamedPipeProcessWrite
                                                                                                    • String ID: \\.\pipe\ToServer
                                                                                                    • API String ID: 3549655173-63420281
                                                                                                    • Opcode ID: 7e061e1158fbfb170efc35fb3c07de412699e9c07a86dd7426f45af7a402d9b1
                                                                                                    • Instruction ID: c7dfeeb70af211b2a2f4e01fef4657d97cdf2f8d98242e0311ddfc2a5632f839
                                                                                                    • Opcode Fuzzy Hash: 7e061e1158fbfb170efc35fb3c07de412699e9c07a86dd7426f45af7a402d9b1
                                                                                                    • Instruction Fuzzy Hash: 19417F71A04215EFDB14CF59D845BAEBBE8EF48714F00865EF915DB380DBB699008B90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 011647BA Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 011642EA: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 01164315
                                                                                                    • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,01164601,?,00000000,?,?,?), ref: 0116481B
                                                                                                    • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,01164601,?,00000000,?,?,?), ref: 0116485D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CodeInfoPageValid
                                                                                                    • String ID:
                                                                                                    • API String ID: 546120528-0
                                                                                                    • Opcode ID: 66cafddaef54c480f516509bf5c8a8ff9a944e6df3071f3fd7d0f4677ad69728
                                                                                                    • Instruction ID: ebc7437f7d5277d77693a2aa866d9179568d578c1a7397fe38cc8d06586d2a67
                                                                                                    • Opcode Fuzzy Hash: 66cafddaef54c480f516509bf5c8a8ff9a944e6df3071f3fd7d0f4677ad69728
                                                                                                    • Instruction Fuzzy Hash: AC516870A003858FEB2DCFB9C4946AABBFDEF45304F18406EC1968BA41E7769556CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010EF3D0 Relevance: 3.1, APIs: 2, Instructions: 129COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsWindow.USER32(00000000), ref: 010EF421
                                                                                                    • EndDialog.USER32(00000000,00000001), ref: 010EF430
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DialogWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 2634769047-0
                                                                                                    • Opcode ID: 935f5317f8401f0696bd9a35c5f501879f82c3e11adf41bd701c4fb273ec7839
                                                                                                    • Instruction ID: 38f66f3ebf0333065ef8ae426af66c5c562a8301822bddfe21cd3a679e96020a
                                                                                                    • Opcode Fuzzy Hash: 935f5317f8401f0696bd9a35c5f501879f82c3e11adf41bd701c4fb273ec7839
                                                                                                    • Instruction Fuzzy Hash: D3519970A01746DFE711CF6DCA48B4ABBF4EF49310F14829DD4599B2A1DB70AA04CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010CBF40 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(010CB881), ref: 010CBF40
                                                                                                    • DestroyWindow.USER32(?,?,?), ref: 010CBFF7
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DestroyErrorLastWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 1182162058-0
                                                                                                    • Opcode ID: f890be275f4a6f4fd9c6bb01b0892dd890bcda7264a8da0732ff26c59a62ea89
                                                                                                    • Instruction ID: 8b284f8998d74c18316edc2e1f1ca9a602cded2c35b0d46efaaf80f908e75354
                                                                                                    • Opcode Fuzzy Hash: f890be275f4a6f4fd9c6bb01b0892dd890bcda7264a8da0732ff26c59a62ea89
                                                                                                    • Instruction Fuzzy Hash: E221C3B160010A5BEB219F1CE845BAEB794EB55321F00426AFC48C7781D776E861DBE1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AF130 Relevance: 3.0, APIs: 2, Instructions: 41windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 010AE740: LoadLibraryW.KERNEL32(ComCtl32.dll,8C278AEA,?,?,00000000), ref: 010AE77E
                                                                                                      • Part of subcall function 010AE740: GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 010AE7A1
                                                                                                      • Part of subcall function 010AE740: FreeLibrary.KERNEL32(00000000), ref: 010AE81F
                                                                                                    • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 010AF174
                                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 010AF17F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LibraryMessageSend$AddressFreeLoadProc
                                                                                                    • String ID:
                                                                                                    • API String ID: 3032493519-0
                                                                                                    • Opcode ID: 4eeeb276a33a9a0a1fa0580718610f537f8af16c0af2340aae38421caf81256a
                                                                                                    • Instruction ID: 9578508aa310783043b72bdb212885df0a0a2969bccf1ba1a5d51e198da2a731
                                                                                                    • Opcode Fuzzy Hash: 4eeeb276a33a9a0a1fa0580718610f537f8af16c0af2340aae38421caf81256a
                                                                                                    • Instruction Fuzzy Hash: 94F0653178131837F660215A5C56F7BBA4DE781B64F544276FA98AF2C1ECD67C0003E9
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115E778 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LCMapStringEx.KERNEL32(?,0115EAFA,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 0115E7AC
                                                                                                    • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,0115EAFA,?,?,00000000,?,00000000), ref: 0115E7CA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String
                                                                                                    • String ID:
                                                                                                    • API String ID: 2568140703-0
                                                                                                    • Opcode ID: e2ad93367c7358c3b4332462be35f369ad2ae889425aa85fa250d83255a07995
                                                                                                    • Instruction ID: b4e59cc64f9e79d789d4d99ad7402a4a8175178c0f64cc52b045ec3d9ed925c7
                                                                                                    • Opcode Fuzzy Hash: e2ad93367c7358c3b4332462be35f369ad2ae889425aa85fa250d83255a07995
                                                                                                    • Instruction Fuzzy Hash: 92F07A3240151AFBCF165F90DC04DDE7F26EF48364F058420FE2865020C732D971AB94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115CA2D Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RtlFreeHeap.NTDLL(00000000,00000000,?,0116593D,?,00000000,?,?,01165BDE,?,00000007,?,?,01166030,?,?), ref: 0115CA43
                                                                                                    • GetLastError.KERNEL32(?,?,0116593D,?,00000000,?,?,01165BDE,?,00000007,?,?,01166030,?,?), ref: 0115CA4E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFreeHeapLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 485612231-0
                                                                                                    • Opcode ID: 214b12d69ba86a6b6b7ce7efca3e571febe9407a4c10a337d6a65b004eb4562d
                                                                                                    • Instruction ID: fa7c3f0469ae65c070b40bed052c58d959065c2b0c88e7e5b21a8984151126df
                                                                                                    • Opcode Fuzzy Hash: 214b12d69ba86a6b6b7ce7efca3e571febe9407a4c10a337d6a65b004eb4562d
                                                                                                    • Instruction Fuzzy Hash: DAE08631500318EBDB296FA5A80CB453F5C9B44B59F004060F61896050E73085908794
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 011463CC Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 011463EA
                                                                                                    • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 011463F5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                    • String ID:
                                                                                                    • API String ID: 1660781231-0
                                                                                                    • Opcode ID: e1e420f516787d288171dad1f5ca08baf215e494b2b95a94770c47bb8b15d2a1
                                                                                                    • Instruction ID: 2a0e4df480126a6ce6a3df2d4b77e806212ecde1fa6449edb28b12219cae84b9
                                                                                                    • Opcode Fuzzy Hash: e1e420f516787d288171dad1f5ca08baf215e494b2b95a94770c47bb8b15d2a1
                                                                                                    • Instruction Fuzzy Hash: D2D0A77054C38617595C23B5689159E2244AB63DBC7A0069EE815850C1DF608000D122
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01094B40 Relevance: 2.6, APIs: 2, Instructions: 68COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,00000000,00000000,?,?,01259384,010DDA40,?), ref: 01094B58
                                                                                                    • MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,?,-00000001), ref: 01094B8A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide
                                                                                                    • String ID:
                                                                                                    • API String ID: 626452242-0
                                                                                                    • Opcode ID: 37abf5118d60ccfb44fbe58276d51cad3b663891a7d6596694841b2af0ae0d6d
                                                                                                    • Instruction ID: 31f9679e81a97d9a200e391b4419dfd96bfe394d806349aeaf9b036094455a39
                                                                                                    • Opcode Fuzzy Hash: 37abf5118d60ccfb44fbe58276d51cad3b663891a7d6596694841b2af0ae0d6d
                                                                                                    • Instruction Fuzzy Hash: 48012631300111AFEA149B4DDC98F5EB799EFD4331F20426DF354EB2C0CA605801D7A0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010D1C20 Relevance: 1.7, APIs: 1, Instructions: 214fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,?,010C676B,?), ref: 010D1C4B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DeleteFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 4033686569-0
                                                                                                    • Opcode ID: d10f200b3bbef7710ca5b524cfa8d698ecc2be7042618eee1843732a20b0d874
                                                                                                    • Instruction ID: 1beb0b3edb1295be5ca2051fe9505c8cbc73485f2dd5077be56fc01d6d5d4041
                                                                                                    • Opcode Fuzzy Hash: d10f200b3bbef7710ca5b524cfa8d698ecc2be7042618eee1843732a20b0d874
                                                                                                    • Instruction Fuzzy Hash: F751E372A006559FDB14DF5CD884BAAFBE4FF05720F148669EA659B780DB71A800CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 011643BE Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCPInfo.KERNEL32(E8458D00,?,0116460D,01164601,00000000), ref: 011643F0
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Info
                                                                                                    • String ID:
                                                                                                    • API String ID: 1807457897-0
                                                                                                    • Opcode ID: 98ac94b3ac46f74e2ea4bfd22422a55aead53ed5b81beca910a4ce4ef400a7e3
                                                                                                    • Instruction ID: 93968b58f1e159c76c79a2acab81cd588b0933883e06c9280bf8bae0a8d95152
                                                                                                    • Opcode Fuzzy Hash: 98ac94b3ac46f74e2ea4bfd22422a55aead53ed5b81beca910a4ce4ef400a7e3
                                                                                                    • Instruction Fuzzy Hash: A5515B71A081589ADB298E28CD84BE67BBCEB56304F1405EDD59AC7942C3329D55CF21
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AA540 Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempPathW.KERNEL32(00000104,?,8C278AEA,?,8C278AEA,011ABFAE,000000FF), ref: 010AA58F
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$HeapPathProcessTemp
                                                                                                    • String ID:
                                                                                                    • API String ID: 764064751-0
                                                                                                    • Opcode ID: 4ba78c4160b5ed804eb0f6973c4a1a8f29833d9235a63e143ae18fc5fd155220
                                                                                                    • Instruction ID: a320fa3635a4af81ad6d7b0b23a4a27f27b147b58a641543009f74cd3eabbe59
                                                                                                    • Opcode Fuzzy Hash: 4ba78c4160b5ed804eb0f6973c4a1a8f29833d9235a63e143ae18fc5fd155220
                                                                                                    • Instruction Fuzzy Hash: E631A070600249DFDF18DFA8C809BAE7BE4EF48704F50456DE856C7281EB749504CB54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010D2F70 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnumResourceLanguagesW.KERNEL32(?,00000010,00000001,010D30A0,?), ref: 010D2FBB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: EnumLanguagesResource
                                                                                                    • String ID:
                                                                                                    • API String ID: 4141015960-0
                                                                                                    • Opcode ID: 06ae9c0907f93a24dcf2588e8f712a261a46db2df0ddded6659d4d78fd0fb774
                                                                                                    • Instruction ID: 5276478f19b91db287c284596b05004e40e0d2e25fd3ec1585d8f016886e55a5
                                                                                                    • Opcode Fuzzy Hash: 06ae9c0907f93a24dcf2588e8f712a261a46db2df0ddded6659d4d78fd0fb774
                                                                                                    • Instruction Fuzzy Hash: 9241A3B190034A9BDB10DFA8C894BDEBBF4FF44714F104659E560AB281DBB69944CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B0100 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 010B0370: __Init_thread_footer.LIBCMT ref: 010B03E6
                                                                                                      • Part of subcall function 01144BA2: EnterCriticalSection.KERNEL32(01257FD8,?,00000000,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BAD
                                                                                                      • Part of subcall function 01144BA2: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BEA
                                                                                                    • __Init_thread_footer.LIBCMT ref: 010B01E0
                                                                                                      • Part of subcall function 01144B58: EnterCriticalSection.KERNEL32(01257FD8,00000000,?,010B3CA1,01259C74), ref: 01144B62
                                                                                                      • Part of subcall function 01144B58: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3CA1,01259C74), ref: 01144B95
                                                                                                      • Part of subcall function 01144B58: RtlWakeAllConditionVariable.NTDLL ref: 01144C0C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterInit_thread_footerLeave$ConditionVariableWake
                                                                                                    • String ID:
                                                                                                    • API String ID: 984842325-0
                                                                                                    • Opcode ID: f5d0414c9c0941f53fbd108189103fa7d4e57158eb4b5210edbcc5cd46d48aea
                                                                                                    • Instruction ID: 6326e5d58aef910fbf4e6cec6707450b80b9b563416d2f7588fcc658f319c6dc
                                                                                                    • Opcode Fuzzy Hash: f5d0414c9c0941f53fbd108189103fa7d4e57158eb4b5210edbcc5cd46d48aea
                                                                                                    • Instruction Fuzzy Hash: AB31EE71640741DBEF25CF04F8C9B9AB3F0F704B28F108658E85147A88E3B56980CB95
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010EECE0 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 327e59d9aedb2f2faf0185868ed2820800d6d393f2d98c5f3ad2121c787889a3
                                                                                                    • Instruction ID: e40ee80ebf220f0592bb470b45fa2084899105eb0f8daada8d54db1dbb4b59ee
                                                                                                    • Opcode Fuzzy Hash: 327e59d9aedb2f2faf0185868ed2820800d6d393f2d98c5f3ad2121c787889a3
                                                                                                    • Instruction Fuzzy Hash: 7A110231304A2F9F8721AF8EC4C8D06FBE9FF147003024265EA909B221D722FC118BD0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01090A10 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 01144BA2: EnterCriticalSection.KERNEL32(01257FD8,?,00000000,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BAD
                                                                                                      • Part of subcall function 01144BA2: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BEA
                                                                                                    • __Init_thread_footer.LIBCMT ref: 01090A82
                                                                                                      • Part of subcall function 01144B58: EnterCriticalSection.KERNEL32(01257FD8,00000000,?,010B3CA1,01259C74), ref: 01144B62
                                                                                                      • Part of subcall function 01144B58: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3CA1,01259C74), ref: 01144B95
                                                                                                      • Part of subcall function 01144B58: RtlWakeAllConditionVariable.NTDLL ref: 01144C0C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                    • String ID:
                                                                                                    • API String ID: 2296764815-0
                                                                                                    • Opcode ID: fe11ded91953e60b4860cf3aa7f2fa900478d7d8f2e9a6c77437416daab24993
                                                                                                    • Instruction ID: 0ae31db2c1b70f1bac2e7eb0491b9284a67f9693a31396a883e3365b630a86a9
                                                                                                    • Opcode Fuzzy Hash: fe11ded91953e60b4860cf3aa7f2fa900478d7d8f2e9a6c77437416daab24993
                                                                                                    • Instruction Fuzzy Hash: 6C018FB1A44684DFCB68DF58E985B48BBA4E768B38F10436DE82683780D739AD409A51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B0370 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 01144BA2: EnterCriticalSection.KERNEL32(01257FD8,?,00000000,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BAD
                                                                                                      • Part of subcall function 01144BA2: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BEA
                                                                                                      • Part of subcall function 010B0410: RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 010B047E
                                                                                                      • Part of subcall function 010B0410: RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 010B04C5
                                                                                                      • Part of subcall function 010B0410: RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 010B04E4
                                                                                                      • Part of subcall function 010B0410: RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 010B0513
                                                                                                      • Part of subcall function 010B0410: RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 010B0588
                                                                                                    • __Init_thread_footer.LIBCMT ref: 010B03E6
                                                                                                      • Part of subcall function 01144B58: EnterCriticalSection.KERNEL32(01257FD8,00000000,?,010B3CA1,01259C74), ref: 01144B62
                                                                                                      • Part of subcall function 01144B58: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3CA1,01259C74), ref: 01144B95
                                                                                                      • Part of subcall function 01144B58: RtlWakeAllConditionVariable.NTDLL ref: 01144C0C
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalQuerySectionValue$EnterLeave$ConditionInit_thread_footerOpenVariableWake
                                                                                                    • String ID:
                                                                                                    • API String ID: 3563064969-0
                                                                                                    • Opcode ID: 641229a83ac478a22503578ff6ce744589f65db46298cbe93d2cd5ce6236a9e9
                                                                                                    • Instruction ID: d6dac917a8ba1844fba8c581a00f65aca8e354e82174be067f5e8375bda65711
                                                                                                    • Opcode Fuzzy Hash: 641229a83ac478a22503578ff6ce744589f65db46298cbe93d2cd5ce6236a9e9
                                                                                                    • Instruction Fuzzy Hash: F901F2B1A04784DFCB60DF5CD9C9B8AB3B8EB04B28F104768F921977C4C734A9408B51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00F99980 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0114641A: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,00000007,?,01142091,?,0124B8A4,010A9CF1,?,010A9CF1,?), ref: 0114647A
                                                                                                    • RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocateExceptionHeapRaise
                                                                                                    • String ID:
                                                                                                    • API String ID: 3789339297-0
                                                                                                    • Opcode ID: 2fcbfb700dfdc3cf2bc4223af8d602d26d1752de4e697945dc44e1471426c7e5
                                                                                                    • Instruction ID: 306afd7ea709725ca480be73a22d5c6a5d81e0508ab8d988cd92189731978e67
                                                                                                    • Opcode Fuzzy Hash: 2fcbfb700dfdc3cf2bc4223af8d602d26d1752de4e697945dc44e1471426c7e5
                                                                                                    • Instruction Fuzzy Hash: A5F0A771644648FFCB19DF54DD05F55BBA8F708B14F00466DF91586790DB36A820CB44
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115CA67 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RtlAllocateHeap.NTDLL(00000000,011645BE,?,?,011645BE,00000220,?,?,?), ref: 0115CA99
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 1279760036-0
                                                                                                    • Opcode ID: 561989c2b5b8dd436521b8ab5ee7fd6b6d5668d531986101c1a8b0059df9696b
                                                                                                    • Instruction ID: 7e0a3dd964a99cea1757f5fa366202e79a9fe535bb08f2c5d79f9eadc59a58de
                                                                                                    • Opcode Fuzzy Hash: 561989c2b5b8dd436521b8ab5ee7fd6b6d5668d531986101c1a8b0059df9696b
                                                                                                    • Instruction Fuzzy Hash: 17E06535640726DAF7BDAE6DDC04B9A3E8CAB456E4F050161AD3596080FBA0C84082E6
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115A77B Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: H_prolog3
                                                                                                    • String ID:
                                                                                                    • API String ID: 431132790-0
                                                                                                    • Opcode ID: a551ca2cfbf7e2bbb226d3f16131b4ee07ce49cfa8f73efaeb731dfb546f4d2f
                                                                                                    • Instruction ID: 984dd98bc90a0658be0b70247dca1714a497b93d34488680071ccfc956de0ee2
                                                                                                    • Opcode Fuzzy Hash: a551ca2cfbf7e2bbb226d3f16131b4ee07ce49cfa8f73efaeb731dfb546f4d2f
                                                                                                    • Instruction Fuzzy Hash: 7FE0E572D4020E9BDB44DFD4C441AEFBBB8AB14A04F504116D204E6140EB7457458BA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115DFCF Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: f227ce526328f95c14246b39978c2eea986b6783604397c9c02da24bd0724d20
                                                                                                    • Instruction ID: 17591a8161aa2050b4154fdbdc88f8699f385498400b0fc8a0b15a1f9793bebf
                                                                                                    • Opcode Fuzzy Hash: f227ce526328f95c14246b39978c2eea986b6783604397c9c02da24bd0724d20
                                                                                                    • Instruction Fuzzy Hash: 8EE0CD31E41329E7DFBD3E569804B1B7E5CAF10F90B0540516D2467140CB60D901C7E1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0114109A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 01141091
                                                                                                      • Part of subcall function 01141B8B: DloadAcquireSectionWriteAccess.DELAYIMP ref: 01141B96
                                                                                                      • Part of subcall function 01141B8B: DloadReleaseSectionWriteAccess.DELAYIMP ref: 01141BFE
                                                                                                      • Part of subcall function 01141B8B: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 01141C0F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 697777088-0
                                                                                                    • Opcode ID: bf70860b59129ca100b0cc3f56aeddb396a02bed0bcdce9fde04e67cdf6d37ed
                                                                                                    • Instruction ID: ae82cdb76306a9e28a292f3a208d72aa8b58a9bec611a5b7b53cae197e441ad9
                                                                                                    • Opcode Fuzzy Hash: bf70860b59129ca100b0cc3f56aeddb396a02bed0bcdce9fde04e67cdf6d37ed
                                                                                                    • Instruction Fuzzy Hash: 13B012E53FD0017F324CA11D1F41E36252CC2E0D21320414FFC00D1080E5503C820036
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 011410EA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 01141091
                                                                                                      • Part of subcall function 01141B8B: DloadAcquireSectionWriteAccess.DELAYIMP ref: 01141B96
                                                                                                      • Part of subcall function 01141B8B: DloadReleaseSectionWriteAccess.DELAYIMP ref: 01141BFE
                                                                                                      • Part of subcall function 01141B8B: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 01141C0F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AccessDloadSectionWrite$AcquireExceptionHelper2@8LoadRaiseRelease___delay
                                                                                                    • String ID:
                                                                                                    • API String ID: 697777088-0
                                                                                                    • Opcode ID: 4138e5118bdb0910e148b9aaf498f5d4dac65ba61b4ceb3c51e90ab9006c1d2e
                                                                                                    • Instruction ID: 4166fe802e4806c7aeee6ab4916f46e3283def5ad9e96994c1b287658a3540fd
                                                                                                    • Opcode Fuzzy Hash: 4138e5118bdb0910e148b9aaf498f5d4dac65ba61b4ceb3c51e90ab9006c1d2e
                                                                                                    • Instruction Fuzzy Hash: 5BB012D53FD001BF324C621D1E41E36112CCAD0D21320414FFC00D1001E5503CC20036
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 00F93010 Relevance: 170.0, Strings: 134, Instructions: 2486COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 100$10000$100000$12000$120000$1500$15000$1500000$1800$2000$20000$200000$3000$30000$3000000$500$5000$6000$800$8000$AI_AppSearchEx$AI_ChainProductsPseudo$AI_CountRowAction$AI_DefaultActionCost$AI_DownloadPrereq$AI_ExtractPrereq$AI_Game$AI_GxInstall$AI_GxUninstall$AI_InstallPostPrerequisite$AI_InstallPrerequisite$AI_PreRequisite$AI_ProcessAccounts$AI_ProcessGroups$AI_ProcessTasks$AI_ScheduledTasks$AI_UninstallAccounts$AI_UninstallGroups$AI_UninstallTasks$AI_UserAccounts$AI_UserGroups$AI_XmlAttribute$AI_XmlElement$AI_XmlInstall$AI_XmlUninstall$AppId$AppSearch$BindImage$Complus$Component$Component_$CostFinalize$CostInitialize$CreateFolder$CreateFolders$CreateShortcuts$DuplicateFile$DuplicateFiles$Environment$Extension$Feature$Feature_$File$FileCost$FileSize$Font$IniFile$InstallFiles$InstallFinalize$InstallInitialize$InstallODBC$InstallServices$InstallValidate$Location$MIME$MoveFile$MoveFiles$MsiAssembly$MsiConfigureServices$MsiPublishAssemblies$MsiUnpublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$Options$Patch$PatchFiles$PatchSize$ProcessComponents$ProgId$PublishComponent$PublishComponents$PublishFeatures$RegisterClassInfo$RegisterComPlus$RegisterExtensionInfo$RegisterFonts$RegisterMIMEInfo$RegisterProgIdInfo$RegisterTypeLibraries$Registry$RemoveDuplicateFiles$RemoveEnvironmentStrings$RemoveExistingProducts$RemoveFile$RemoveFiles$RemoveFolders$RemoveIniFile$RemoveIniValues$RemoveODBC$RemoveRegistry$RemoveRegistryValues$RemoveShortcuts$SelfReg$SelfRegModules$SelfUnregModules$ServiceControl$ServiceInstall$Shortcut$StartServices$StopServices$TypeLib$UnpublishComponents$UnpublishFeatures$UnregisterClassInfo$UnregisterComPlus$UnregisterExtensionInfo$UnregisterFonts$UnregisterMIMEInfo$UnregisterProgIdInfo$WriteEnvironmentStrings$WriteIniValues$WriteRegistryValues$~
                                                                                                    • API String ID: 0-2910470256
                                                                                                    • Opcode ID: 4b3ab471047195ff2a38956add3f7202d9f1ea24042e406902e1d4cdd9fe3197
                                                                                                    • Instruction ID: aae06dedf0620df14eaf8813eabc570b84553a21965e132a3278280e77e0d7a5
                                                                                                    • Opcode Fuzzy Hash: 4b3ab471047195ff2a38956add3f7202d9f1ea24042e406902e1d4cdd9fe3197
                                                                                                    • Instruction Fuzzy Hash: 71330B20A693C4F9EB1AFBB4BD9976E7950AF51704F10524CF1412B7C2CBB81A44EBE1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00F945FE Relevance: 141.5, Strings: 112, Instructions: 1547COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: 100$10000$100000$12000$120000$1500$15000$1500000$1800$2000$20000$200000$3000$30000$3000000$500$5000$6000$8000$AI_AppSearchEx$AI_ChainProductsPseudo$AI_CountRowAction$AI_DefaultActionCost$AI_DownloadPrereq$AI_ExtractPrereq$AI_Game$AI_GxInstall$AI_GxUninstall$AI_InstallPostPrerequisite$AI_InstallPrerequisite$AI_PreRequisite$AI_ProcessAccounts$AI_ProcessGroups$AI_ProcessTasks$AI_ScheduledTasks$AI_UninstallAccounts$AI_UninstallGroups$AI_UninstallTasks$AI_UserAccounts$AI_UserGroups$AI_XmlAttribute$AI_XmlElement$AI_XmlInstall$AI_XmlUninstall$AppId$BindImage$Complus$Component_$CreateFolder$CreateFolders$CreateShortcuts$DuplicateFile$DuplicateFiles$Environment$Extension$Feature$Feature_$File$FileSize$Font$IniFile$InstallFiles$InstallFinalize$InstallInitialize$InstallODBC$InstallServices$Location$MIME$MoveFile$MoveFiles$MsiAssembly$MsiConfigureServices$MsiPublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$Options$Patch$PatchFiles$PatchSize$ProgId$PublishComponent$PublishComponents$PublishFeatures$RegisterClassInfo$RegisterComPlus$RegisterExtensionInfo$RegisterFonts$RegisterMIMEInfo$RegisterProgIdInfo$RegisterTypeLibraries$Registry$RemoveDuplicateFiles$RemoveEnvironmentStrings$RemoveFile$RemoveFiles$RemoveFolders$RemoveIniFile$RemoveIniValues$RemoveShortcuts$SelfReg$SelfRegModules$ServiceControl$ServiceInstall$Shortcut$StartServices$TypeLib$UnregisterMIMEInfo$WriteEnvironmentStrings$WriteIniValues$WriteRegistryValues$~
                                                                                                    • API String ID: 0-1090619422
                                                                                                    • Opcode ID: 7bdbecf1c21db8a627703dd0e7f7f6f9a44154676ade73defe62e3d823de70f3
                                                                                                    • Instruction ID: 1afe2d6d27ce0415bfa8a1b5b7a50a9b5c602f4e2f235ae3475f346b75127bae
                                                                                                    • Opcode Fuzzy Hash: 7bdbecf1c21db8a627703dd0e7f7f6f9a44154676ade73defe62e3d823de70f3
                                                                                                    • Instruction Fuzzy Hash: 05E24910A783C4F9DB5AF7F92D5636DB9106F62710F10538DF2912B6C2DBB41A40ABE2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FBB461 Relevance: 64.6, APIs: 25, Strings: 11, Instructions: 1644memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • VariantClear.OLEAUT32 ref: 00FBB70F
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBB86A
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBB892
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBBA1E
                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00FBBA2F
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBBA79
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBBAA2
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00FBBAAD
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBBBBB
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBBBEC
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBBC45
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBBCF4
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBB73D
                                                                                                      • Part of subcall function 00F992A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00FB1134,00000000,?,00000010,?,*.*,?,80070057), ref: 00F992C3
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBB80E
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBB836
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBBE38
                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00FBBE49
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBBE93
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBBEBC
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00FBBEC7
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBBFD5
                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00FBBFE2
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBC02A
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FBC052
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00FBC05C
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ClearVariant$String$AllocFree$HeapInit_thread_footer$AllocateFindProcessResource
                                                                                                    • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted$MsiSetProperty
                                                                                                    • API String ID: 3540692479-3153392536
                                                                                                    • Opcode ID: dac07652db4a5c13cb13c609a3a89ba2b7a3a60662cd7125e9a7aa0750d86b54
                                                                                                    • Instruction ID: 0f64a44ca8cec3df43f14b5bc0abe8ab4590544cb48bac92e35f47ba33974cab
                                                                                                    • Opcode Fuzzy Hash: dac07652db4a5c13cb13c609a3a89ba2b7a3a60662cd7125e9a7aa0750d86b54
                                                                                                    • Instruction Fuzzy Hash: 54E29B71D00249DFDB14DFA9C884BEEBBB4FF48314F248219E415AB291EB74AA45DF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DD260 Relevance: 44.3, APIs: 16, Strings: 9, Instructions: 517fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(012593A8,C0000000,00000003,00000000,00000004,00000080,00000000,8C278AEA,01259384,0125939C,?), ref: 010DD2E0
                                                                                                    • GetLastError.KERNEL32 ref: 010DD2FD
                                                                                                    • OutputDebugStringW.KERNEL32(00000000,00000020), ref: 010DD376
                                                                                                    • OutputDebugStringW.KERNEL32(00000000,?,0000001C), ref: 010DD47A
                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,0000001C), ref: 010DD4EB
                                                                                                    • WriteFile.KERNEL32(00000000,01258C20,00000000,00000000,00000000,?,0000001C), ref: 010DD51B
                                                                                                    • WriteFile.KERNEL32(00000000,000000B7,?,00000000,00000000,011D6D60,00000002), ref: 010DD5C6
                                                                                                    • FlushFileBuffers.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0000001C), ref: 010DD5CF
                                                                                                    • FlushFileBuffers.KERNEL32(00000000,?,0000001C), ref: 010DD520
                                                                                                      • Part of subcall function 00F992A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00FB1134,00000000,?,00000010,?,*.*,?,80070057), ref: 00F992C3
                                                                                                    • OutputDebugStringW.KERNEL32(00000000,?,0000001D), ref: 010DD6C3
                                                                                                    • WriteFile.KERNEL32(00000000,00000000,00000002,?,00000000,?,0000001D), ref: 010DD749
                                                                                                    • FlushFileBuffers.KERNEL32(00000000,?,0000001D), ref: 010DD754
                                                                                                    • WriteFile.KERNEL32(00000000,000000FF,?,00000000,00000000,011D6D60,00000002,?,?,CPU: ,00000005), ref: 010DD7C8
                                                                                                    • FlushFileBuffers.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0000001C), ref: 010DD7D1
                                                                                                    • WriteFile.KERNEL32(00000000,000000B7,?,00000000,00000000,011D6D60,00000002), ref: 010DD856
                                                                                                    • FlushFileBuffers.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0000001C), ref: 010DD85F
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$BuffersFlushWrite$DebugOutputString$Init_thread_footer$CreateErrorFindHeapLastPointerProcessResource
                                                                                                    • String ID: CPU: $LOGGER->Creating LOG file at:$LOGGER->Reusing LOG file at:$LOGGER->failed to create LOG at:$OS Version: %u.%u.%u SP%u (%s) [%s]$server$workstation$x64$x86
                                                                                                    • API String ID: 4051163352-1312762833
                                                                                                    • Opcode ID: ff5e7de6f7042a9b770e0af1dc9258623d85ad23af8942b5af8e8c1b8f7eee18
                                                                                                    • Instruction ID: 492c54d1492cfdd4690ae1f791f42459a03cf73186f267db466b091a46507fcb
                                                                                                    • Opcode Fuzzy Hash: ff5e7de6f7042a9b770e0af1dc9258623d85ad23af8942b5af8e8c1b8f7eee18
                                                                                                    • Instruction Fuzzy Hash: 0B129E70A016099FEB10DFA8CD49BAEBBF4FF44314F1482A8E855AB2D5DB74D944CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA4BC0 Relevance: 22.9, APIs: 15, Instructions: 390memorynativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00FA5050: EnterCriticalSection.KERNEL32(0125957C,8C278AEA,00000000,?,?,?,?,?,?,00FA487E,0116F9CD,000000FF), ref: 00FA508D
                                                                                                      • Part of subcall function 00FA5050: LoadCursorW.USER32(00000000,00007F00), ref: 00FA5108
                                                                                                      • Part of subcall function 00FA5050: LoadCursorW.USER32(00000000,00007F00), ref: 00FA51AE
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00FA4C63
                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00FA4C94
                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00FA4D6B
                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00FA4D7B
                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00FA4D86
                                                                                                    • NtdllDefWindowProc_W.NTDLL(?,?,00000001,?), ref: 00FA4D94
                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00FA4DA2
                                                                                                    • SetWindowTextW.USER32(?,011D446C), ref: 00FA4E41
                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00FA4E76
                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00FA4E84
                                                                                                    • GlobalUnlock.KERNEL32(?), ref: 00FA4ED8
                                                                                                    • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00FA4F63
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00FA4F7C
                                                                                                    • NtdllDefWindowProc_W.NTDLL(?,?,?,00000000), ref: 00FA4FC3
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00FA4FE5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Long$String$FreeGlobal$AllocCursorLoadNtdllProc_$CriticalEnterLockSectionTextUnlock
                                                                                                    • String ID:
                                                                                                    • API String ID: 4180125975-0
                                                                                                    • Opcode ID: d7267fdf88e70066b6d1a6a1c68c2d94d36bd3c40c41ab17d5693c8a60dbcb92
                                                                                                    • Instruction ID: 3dc720a8b3cfd1fb7e94e95b046ba635a2b318c042cff6370331fd3ea7b05b6f
                                                                                                    • Opcode Fuzzy Hash: d7267fdf88e70066b6d1a6a1c68c2d94d36bd3c40c41ab17d5693c8a60dbcb92
                                                                                                    • Instruction Fuzzy Hash: 64D1B7B1901209EFDB10DFA4DC48BAF7BB9FF86724F144158F911A7280D7B5A901DBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FAEAF0 Relevance: 21.6, APIs: 14, Instructions: 608COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00FAEBA3
                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00FAEBC2
                                                                                                    • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00FAEBD0
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00FAEBE7
                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00FAEC08
                                                                                                    • SetWindowLongW.USER32(?,000000EB,?), ref: 00FAEC1F
                                                                                                      • Part of subcall function 00FA8590: RaiseException.KERNEL32(8C278AEA,8C278AEA,00000000,00000000,01143F71,C000008C,00000001,?,01143FA2,00000000,?,?,?,00F990D7,00000000,8C278AEA), ref: 00FA859C
                                                                                                    • ShowWindow.USER32(?,?), ref: 00FAED5D
                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 00FAED8C
                                                                                                    • ShowWindow.USER32(?,?), ref: 00FAEDA9
                                                                                                    • GetWindowRect.USER32(?,?), ref: 00FAEDCE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$LongShow$Rect$ExceptionRaise
                                                                                                    • String ID:
                                                                                                    • API String ID: 777556035-0
                                                                                                    • Opcode ID: 824349186803f3567c3df27533328746b6e3228fb3ed845bb2eb1bc2285383eb
                                                                                                    • Instruction ID: 82d98aebddeca6e48ca5b71a7529353ea7a71ce2972901f63c51983b81815904
                                                                                                    • Opcode Fuzzy Hash: 824349186803f3567c3df27533328746b6e3228fb3ed845bb2eb1bc2285383eb
                                                                                                    • Instruction Fuzzy Hash: 1E4227B1E04249DFCB24CFA8D884AADBBF5FF89314F14452DE859AB260D730A945DF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B8F30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 419fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • FindFirstFileW.KERNEL32(?,?,?,00000001), ref: 010B92D2
                                                                                                    • FindClose.KERNEL32(00000000), ref: 010B9300
                                                                                                    • FindClose.KERNEL32(00000000), ref: 010B9389
                                                                                                    Strings
                                                                                                    • No acceptable version found. It is already downloaded and it will be installed., xrefs: 010B9895
                                                                                                    • No acceptable version found. It must be installed from package., xrefs: 010B9879
                                                                                                    • No acceptable version found. Operating System not supported., xrefs: 010B988E
                                                                                                    • No acceptable version found., xrefs: 010B989C
                                                                                                    • No acceptable version found. It must be downloaded., xrefs: 010B9880
                                                                                                    • No acceptable version found. It must be downloaded manually from a site., xrefs: 010B9887
                                                                                                    • Not selected for install., xrefs: 010B98A3
                                                                                                    • An acceptable version was found., xrefs: 010B9872
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Find$CloseInit_thread_footer$FileFirstHeapProcess
                                                                                                    • String ID: An acceptable version was found.$No acceptable version found.$No acceptable version found. It is already downloaded and it will be installed.$No acceptable version found. It must be downloaded manually from a site.$No acceptable version found. It must be downloaded.$No acceptable version found. It must be installed from package.$No acceptable version found. Operating System not supported.$Not selected for install.
                                                                                                    • API String ID: 544434140-749633484
                                                                                                    • Opcode ID: 49eedb343633f283eb2e2177a6497e7c62798e0971da58afcc173ff07708c2ab
                                                                                                    • Instruction ID: 37d07766016b0d511aaae392aba0c53b67c729d09b636fc853d6d4e08a531435
                                                                                                    • Opcode Fuzzy Hash: 49eedb343633f283eb2e2177a6497e7c62798e0971da58afcc173ff07708c2ab
                                                                                                    • Instruction Fuzzy Hash: 64F1AE70A046068FEB50DF38C8887AEFBF1EF45314F1486A8D9999B391DB349A45DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010BCFD0 Relevance: 19.1, APIs: 2, Strings: 8, Instructions: 1614fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                      • Part of subcall function 00F992A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00FB1134,00000000,?,00000010,?,*.*,?,80070057), ref: 00F992C3
                                                                                                    • CopyFileW.KERNEL32(?,?,00000000,00000000,00000000), ref: 010BD558
                                                                                                    • CopyFileW.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?), ref: 010BDA59
                                                                                                      • Part of subcall function 01094B40: MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,00000000,00000000,?,?,01259384,010DDA40,?), ref: 01094B58
                                                                                                      • Part of subcall function 01094B40: MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,?,-00000001), ref: 01094B8A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharCopyFileHeapInit_thread_footerMultiWide$AllocateFindProcessResource
                                                                                                    • String ID: AI_PRODUCTNAME_ARP$InstanceId$ProductCode$ProductName$\\?\$instname-custom.mst$instname-target.msi${%0.8X-%0.4X-%0.4X-%0.2X%0.2X-%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X}
                                                                                                    • API String ID: 2868415777-2893908338
                                                                                                    • Opcode ID: 4fdfd5c8ad72c4ff189a4eff8a08af9fac5ce4a21a8aba81fbb88ee80093c404
                                                                                                    • Instruction ID: 8db91d90deba793b8d5fa133dab811f2079657e7f289483b5061155d598a35a7
                                                                                                    • Opcode Fuzzy Hash: 4fdfd5c8ad72c4ff189a4eff8a08af9fac5ce4a21a8aba81fbb88ee80093c404
                                                                                                    • Instruction Fuzzy Hash: BAD29E70A016499FDB04DFACCC88BEEFBF4EF55318F1481A9E455AB291EB749904CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA44A0 Relevance: 16.9, APIs: 11, Instructions: 417nativememoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00FA46CB
                                                                                                    • GetWindowLongW.USER32(00000000,000000EC), ref: 00FA46DB
                                                                                                    • SetWindowLongW.USER32(00000000,000000EC,00000000), ref: 00FA46E6
                                                                                                    • NtdllDefWindowProc_W.NTDLL(00000000,00000000,00000001,?), ref: 00FA46F4
                                                                                                    • GetWindowLongW.USER32(00000000,000000EB), ref: 00FA4702
                                                                                                    • SetWindowTextW.USER32(00000000,011D446C), ref: 00FA47A1
                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00FA47D6
                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00FA47E4
                                                                                                    • GlobalUnlock.KERNEL32(?), ref: 00FA4838
                                                                                                    • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00FA489D
                                                                                                    • NtdllDefWindowProc_W.NTDLL(00000000,00000000,8C278AEA,00000000), ref: 00FA48EF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Long$Global$NtdllProc_$AllocLockTextUnlock
                                                                                                    • String ID:
                                                                                                    • API String ID: 3555041256-0
                                                                                                    • Opcode ID: 7b013313f6d2551c4d168bb82682de4e84bbfb301303c3689f7d255e929e7ae4
                                                                                                    • Instruction ID: 27213d1f20b49af0ccd7f39febbb0cfbaef5e7e3ea785ba06eb082f535a7cff1
                                                                                                    • Opcode Fuzzy Hash: 7b013313f6d2551c4d168bb82682de4e84bbfb301303c3689f7d255e929e7ae4
                                                                                                    • Instruction Fuzzy Hash: D1E1D6B1E012469FDB14DF68DC48BAFB7B9EF86724F144129E911D7280DBB4E900DBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FBC116 Relevance: 13.1, Strings: 10, Instructions: 592COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted
                                                                                                    • API String ID: 0-2027876840
                                                                                                    • Opcode ID: a4bc2e68a69e9eb1883177a7e462ed853864782d2e09481968b17feaadbbe2a0
                                                                                                    • Instruction ID: 40fe7e83291d87773a11eb12718d94bff791e28dda38d5c3487ccaaa4277f04f
                                                                                                    • Opcode Fuzzy Hash: a4bc2e68a69e9eb1883177a7e462ed853864782d2e09481968b17feaadbbe2a0
                                                                                                    • Instruction Fuzzy Hash: 2B4229B1D10249DFDB14CFA9C884BEEBBB1FF49314F20821AE015AB691E7746685DF84
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FBC127 Relevance: 13.1, Strings: 10, Instructions: 591COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted
                                                                                                    • API String ID: 0-2027876840
                                                                                                    • Opcode ID: 752cbb6eb7708ec7ba60f469f037ccfe8568fd4693d81e3ceacb4284ef61c25e
                                                                                                    • Instruction ID: 469185b925439dc4cc3b62abe9cd5264519b5f3a22bdc4593afb10c52e1298d1
                                                                                                    • Opcode Fuzzy Hash: 752cbb6eb7708ec7ba60f469f037ccfe8568fd4693d81e3ceacb4284ef61c25e
                                                                                                    • Instruction Fuzzy Hash: 97422AB1D10249DFDB14CFA9C884BEEBBB1FF49314F20821AE015AB690E7746685DF84
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010D9310 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 410COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 010D949D
                                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 010D94C5
                                                                                                    • GetLogicalDriveStringsW.KERNEL32(00000064,?), ref: 010D951E
                                                                                                    • GetDriveTypeW.KERNEL32(?), ref: 010D953A
                                                                                                    • Wow64DisableWow64FsRedirection.KERNEL32(00000000,00000000), ref: 010D95C1
                                                                                                    • Wow64RevertWow64FsRedirection.KERNEL32(00000000,00000000), ref: 010D9821
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Wow64$DriveInit_thread_footerRedirection_wcsrchr$DisableHeapLogicalProcessRevertStringsType
                                                                                                    • String ID: ]%!
                                                                                                    • API String ID: 139206881-1069524040
                                                                                                    • Opcode ID: 93169cc214e99c76f7106baf30bdce5c3b982c6e4c86ecf5c72db85c8112f6f6
                                                                                                    • Instruction ID: 9df4615761a2e407615cc392b5119978fc0793a1901232999b3dce4624916ad1
                                                                                                    • Opcode Fuzzy Hash: 93169cc214e99c76f7106baf30bdce5c3b982c6e4c86ecf5c72db85c8112f6f6
                                                                                                    • Instruction Fuzzy Hash: C9F1A23190025ACFDB25DF68CC48BEDBBB5AF44318F0582E8D559AB291DB749E84CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0108AA20 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 373windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 0108ACDA
                                                                                                    • SendMessageW.USER32(?,00000443,00000000), ref: 0108AD44
                                                                                                    • MulDiv.KERNEL32(?,00000000), ref: 0108AD7B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSendWindow
                                                                                                    • String ID: NumberValidationTipMsg$NumberValidationTipTitle$Segoe UI
                                                                                                    • API String ID: 701072176-2319862951
                                                                                                    • Opcode ID: b03f9b10ccb19f5083085b34994a419f3976022407bfcbac68f5dc755a84553f
                                                                                                    • Instruction ID: 7092a714b5cafb1518a09139368b278e8070523b540eeb13adc10f59bcd9f0b2
                                                                                                    • Opcode Fuzzy Hash: b03f9b10ccb19f5083085b34994a419f3976022407bfcbac68f5dc755a84553f
                                                                                                    • Instruction Fuzzy Hash: 13E1CF71A007099FEB18DF64CC99BEEBBB1EF48300F108659E595A72D0DB746A45CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01167AA7 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __floor_pentium4
                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                    • Opcode ID: 433a0a4117339c2a626b10016efa003fd7506931173070dd3cab35956666fee5
                                                                                                    • Instruction ID: 6b6a8a2215c9ca96cbf23fefa7b0726c8b745af543daba59ac35bab69cb946d2
                                                                                                    • Opcode Fuzzy Hash: 433a0a4117339c2a626b10016efa003fd7506931173070dd3cab35956666fee5
                                                                                                    • Instruction Fuzzy Hash: 33D25A71E082298FDB69CF28DD407EAB7B9EB44305F1441EAD90DE7240E739AE918F41
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 011441D9 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000C,011440F5,00000000,?,0114428D,?,?,?,?,?,?,?), ref: 011441DB
                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,?,0114428D,?,?,?,?,?,?,?), ref: 01144202
                                                                                                    • HeapAlloc.KERNEL32(00000000,?,0114428D,?,?,?,?,?,?,?), ref: 01144209
                                                                                                    • InitializeSListHead.KERNEL32(00000000,?,0114428D,?,?,?,?,?,?,?), ref: 01144216
                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,0114428D,?,?,?,?,?,?,?), ref: 0114422B
                                                                                                    • HeapFree.KERNEL32(00000000,?,0114428D,?,?,?,?,?,?,?), ref: 01144232
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                                                                                                    • String ID:
                                                                                                    • API String ID: 1475849761-0
                                                                                                    • Opcode ID: 0236227b3378f75e11df6a87905e2ddca8f2acb1643c4893bf617a71f877eca8
                                                                                                    • Instruction ID: f20d8785e24b93302bed3bfea2d8e8209dc0b2b4e801b80193115fd3faf6abe5
                                                                                                    • Opcode Fuzzy Hash: 0236227b3378f75e11df6a87905e2ddca8f2acb1643c4893bf617a71f877eca8
                                                                                                    • Instruction Fuzzy Hash: 9DF049756806019FE7399F79A808B167AFDFB98B1AF104438EA96D3248EB30D4418B60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AA850 Relevance: 7.7, APIs: 5, Instructions: 240fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 010AA8A8
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • FindFirstFileW.KERNEL32(?,00000000,?,?,00000000), ref: 010AA9A8
                                                                                                    • FindFirstFileW.KERNEL32(?,00000000,0000002A,?,00000000,?,?,00000000), ref: 010AAA45
                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 010AAA6B
                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 010AAAB5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Find$CloseFileFirstInit_thread_footer$HeapProcess_wcsrchr
                                                                                                    • String ID:
                                                                                                    • API String ID: 352340201-0
                                                                                                    • Opcode ID: b47d860a747b8c59193778dea71ad5b05f0719f6712c96dc54db221002ef9938
                                                                                                    • Instruction ID: 669c4a07fb0dca9b4a6ea5f1ff65ccf30330b94776dbce33f235d02d56475c14
                                                                                                    • Opcode Fuzzy Hash: b47d860a747b8c59193778dea71ad5b05f0719f6712c96dc54db221002ef9938
                                                                                                    • Instruction Fuzzy Hash: E671CC31A00209DBDB24DFA8CD58BAEBBE4EF55328F508269E965972C0E7749904CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115CBBA Relevance: 6.3, APIs: 4, Instructions: 337COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _strrchr
                                                                                                    • String ID:
                                                                                                    • API String ID: 3213747228-0
                                                                                                    • Opcode ID: 4b0df9e47e3501a0fdf36530a187d8046a4d4681afede5a31496330b3cc6e4b9
                                                                                                    • Instruction ID: ed4a87a2fb2ecfd11869e8e2af52b400efa575cf32c736ff7534f4cb2e66b637
                                                                                                    • Opcode Fuzzy Hash: 4b0df9e47e3501a0fdf36530a187d8046a4d4681afede5a31496330b3cc6e4b9
                                                                                                    • Instruction Fuzzy Hash: A9B12132A0435ADFDB198E68C880BFEBFA9EF55314F15816ADD20EB241D3359901CBE1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DA4B0 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 230f79c281a5e16416af6d8d4b726b9ba97489245349862eb27d28b7ed5ed076
                                                                                                    • Instruction ID: a7a8bddbbe340ce4afd50578e7659d25a1ae5ff50c3ff4b64d6694f4f1ebe0ab
                                                                                                    • Opcode Fuzzy Hash: 230f79c281a5e16416af6d8d4b726b9ba97489245349862eb27d28b7ed5ed076
                                                                                                    • Instruction Fuzzy Hash: A2819B70A01219DFDB64DF68CC89B99BBF4EF45314F1482D8E858AB291DB709E84CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FBDAC0 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 656COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 01144BA2: EnterCriticalSection.KERNEL32(01257FD8,?,00000000,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BAD
                                                                                                      • Part of subcall function 01144BA2: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BEA
                                                                                                    • __Init_thread_footer.LIBCMT ref: 00FBDB5E
                                                                                                      • Part of subcall function 01144B58: EnterCriticalSection.KERNEL32(01257FD8,00000000,?,010B3CA1,01259C74), ref: 01144B62
                                                                                                      • Part of subcall function 01144B58: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3CA1,01259C74), ref: 01144B95
                                                                                                      • Part of subcall function 01144B58: RtlWakeAllConditionVariable.NTDLL ref: 01144C0C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                    • String ID: AiFeatIco$Icon
                                                                                                    • API String ID: 2296764815-1280411655
                                                                                                    • Opcode ID: 6adb714c7d26a3cf4887b448144771076b18082baeec92121533b6483f26a277
                                                                                                    • Instruction ID: a6566127122c2ba3fda91eae1bd4f070ed3d733a8b0a78815d8e4151f1c43b90
                                                                                                    • Opcode Fuzzy Hash: 6adb714c7d26a3cf4887b448144771076b18082baeec92121533b6483f26a277
                                                                                                    • Instruction Fuzzy Hash: 2B527970E00658DFDB28DF68CC98BEDBBB4BB49304F144199E409AB291DB746E84DF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB4200 Relevance: 5.7, Strings: 4, Instructions: 720COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: AI_CONTROL_VISUAL_STYLE$AI_CONTROL_VISUAL_STYLE_EX$AI_NO_BORDER_HOVER$AI_NO_BORDER_NORMAL
                                                                                                    • API String ID: 0-932585912
                                                                                                    • Opcode ID: b1963e6b343b95fcaa16a8d0e96fbb18be88b38c416d469529b7668a0e24ca05
                                                                                                    • Instruction ID: f2329b7ea10cca345440fe3195e150922b88d3214e280c4aa6a7a2829e64e7ef
                                                                                                    • Opcode Fuzzy Hash: b1963e6b343b95fcaa16a8d0e96fbb18be88b38c416d469529b7668a0e24ca05
                                                                                                    • Instruction Fuzzy Hash: 2B42FF71D002288BDB18CF69CD98BEEB7B1FF85314F148259E455AB382C778A905DFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DA8B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 173fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(?,?,00000000,?), ref: 010DA96C
                                                                                                    • FindClose.KERNEL32(00000000), ref: 010DAAB7
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                    • String ID: %d.%d.%d.%d
                                                                                                    • API String ID: 1673784098-3491811756
                                                                                                    • Opcode ID: ee9a5e4089348bd3155a66e5d92467a25f74afc17a006edd769f3774cf4102ca
                                                                                                    • Instruction ID: 8ba410780b9310f712a81938783f3ed8f44fb6a5124fe7d48143ff8ae00c36c1
                                                                                                    • Opcode Fuzzy Hash: ee9a5e4089348bd3155a66e5d92467a25f74afc17a006edd769f3774cf4102ca
                                                                                                    • Instruction Fuzzy Hash: D6616B70A05219DFDF64DF68CD48B9DBBB4EF44314F1082D9E858AB291DB759A84CF80
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB8080 Relevance: 5.4, Strings: 4, Instructions: 371COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: MultipleInstances$MultipleInstancesProps$OldProductCode$ProductCode
                                                                                                    • API String ID: 0-469785651
                                                                                                    • Opcode ID: bd36d26f5297aeff10ea8da182151f0e5d623a8463ef6ad19bad707cdf237725
                                                                                                    • Instruction ID: af44220bf8662da0930b7b70af8dea304c5e4597a7c808f272f445b04d7ecac5
                                                                                                    • Opcode Fuzzy Hash: bd36d26f5297aeff10ea8da182151f0e5d623a8463ef6ad19bad707cdf237725
                                                                                                    • Instruction Fuzzy Hash: 68D1E375A00206CBDB18DF59C991BEEB7B9FF94794F14855DD802AB280EB30AD06DF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010D30D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • GetLocaleInfoW.KERNEL32(?,00000002,011D446C,00000000), ref: 010D3141
                                                                                                    • GetLocaleInfoW.KERNEL32(?,00000002,010D2CC5,-00000001,00000078,-00000001), ref: 010D317D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InfoInit_thread_footerLocale$HeapProcess
                                                                                                    • String ID: %d-%s
                                                                                                    • API String ID: 1688948774-1781338863
                                                                                                    • Opcode ID: 22f7d864f06019b510ed6aff4c0839c785907ef065de111aa8d9e827130bcf3d
                                                                                                    • Instruction ID: 8f25ce7d7120a5853f1adfeb50363e338bb2abefeb9eea378ecc1bbc899fc96a
                                                                                                    • Opcode Fuzzy Hash: 22f7d864f06019b510ed6aff4c0839c785907ef065de111aa8d9e827130bcf3d
                                                                                                    • Instruction Fuzzy Hash: 43319FB1900209AFDB14DFA9CC49BAEFBB4FF44714F10865DE115AB281DB755904CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 011419D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VirtualQuery.KERNEL32(80000000,01141916,0000001C,01141B0B,00000000,?,?,?,?,?,?,?,01141916,00000004,01257A44,01141B9B), ref: 011419E2
                                                                                                    • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,01141916,00000004,01257A44,01141B9B), ref: 011419FD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: InfoQuerySystemVirtual
                                                                                                    • String ID: D
                                                                                                    • API String ID: 401686933-2746444292
                                                                                                    • Opcode ID: 5eff916bcbd6d7c3456a0e900409aa22d0b54dd0a610965ab02c8ab7667fbdfc
                                                                                                    • Instruction ID: a2f187780a19dc538eecf0cf087b9332fa1e7f97c17826c6067a52076c7f9497
                                                                                                    • Opcode Fuzzy Hash: 5eff916bcbd6d7c3456a0e900409aa22d0b54dd0a610965ab02c8ab7667fbdfc
                                                                                                    • Instruction Fuzzy Hash: 8001F7766001096BDF18DE29CC05BEE7FE9AFC4328F1CC225ED59D7245EB74E8818680
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0108FE80 Relevance: 4.7, APIs: 3, Instructions: 193fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FindFirstFileW.KERNEL32(?,?,?,8C278AEA,?), ref: 0108FF4C
                                                                                                    • FindNextFileW.KERNEL32(000000FF,00000010,?,8C278AEA,?), ref: 010900A5
                                                                                                    • FindClose.KERNEL32(000000FF,?,?,8C278AEA,?), ref: 01090104
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                    • String ID:
                                                                                                    • API String ID: 3541575487-0
                                                                                                    • Opcode ID: d3999b64917474f7f4ee318de62d669361224c71900ca5d9b22a12425cbc586b
                                                                                                    • Instruction ID: fcdecd82baf451a5c23b20b17a96da7e3e104143f1f6e008dd1b99ce51dbdcb8
                                                                                                    • Opcode Fuzzy Hash: d3999b64917474f7f4ee318de62d669361224c71900ca5d9b22a12425cbc586b
                                                                                                    • Instruction Fuzzy Hash: 7781AD70D04259DFDF24EF68C859BEDBBB8EF05304F1082D9E459A7282D7746A85CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FAE6B0 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsWindow.USER32(00000004), ref: 00FAE6FE
                                                                                                    • GetWindowLongW.USER32(00000004,000000FC), ref: 00FAE717
                                                                                                    • SetWindowLongW.USER32(00000004,000000FC,?), ref: 00FAE729
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Long
                                                                                                    • String ID:
                                                                                                    • API String ID: 847901565-0
                                                                                                    • Opcode ID: 9634232b0a47fc4147e5192efe549bd8f0f3ffe73932ca0c2a243eb6a428e898
                                                                                                    • Instruction ID: 5df45d0ba6e3de56af199fb3735162ed6dd3318cb2ce418bbbca0517da225392
                                                                                                    • Opcode Fuzzy Hash: 9634232b0a47fc4147e5192efe549bd8f0f3ffe73932ca0c2a243eb6a428e898
                                                                                                    • Instruction Fuzzy Hash: C6419EB0A00746EFDB24CF68D948B5AFBB4FF05324F104268E424D7A80D776E924DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB2390 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowLongW.USER32(00000003,000000FC), ref: 00FB23E6
                                                                                                    • SetWindowLongW.USER32(00000003,000000FC,?), ref: 00FB23F8
                                                                                                    • DeleteCriticalSection.KERNEL32(?,8C278AEA,?,?,?,?,01171D64,000000FF), ref: 00FB2423
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LongWindow$CriticalDeleteSection
                                                                                                    • String ID:
                                                                                                    • API String ID: 1978754570-0
                                                                                                    • Opcode ID: 970334e3390c90350d198f51728e984d6a0e3aef60bd15bad26968897c7c7996
                                                                                                    • Instruction ID: a0e80941757acab0571263f7699ec1e707c2b0a43f291b9e7babe69e409be2b9
                                                                                                    • Opcode Fuzzy Hash: 970334e3390c90350d198f51728e984d6a0e3aef60bd15bad26968897c7c7996
                                                                                                    • Instruction Fuzzy Hash: 3B31B070A04746FFCB24DF29DC48B99BFB8BF15724F148259E824A3A81D771E910DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01149913 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 01149A0B
                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 01149A15
                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 01149A22
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                    • String ID:
                                                                                                    • API String ID: 3906539128-0
                                                                                                    • Opcode ID: d1b1dd264f1a18e530951da408cb41d338b885809cac385c8e3c07c0f6093479
                                                                                                    • Instruction ID: cc54e4432927a9a13fe6c3984b070c98d3cd88ba62ce597a8eed070cc48bca6f
                                                                                                    • Opcode Fuzzy Hash: d1b1dd264f1a18e530951da408cb41d338b885809cac385c8e3c07c0f6093479
                                                                                                    • Instruction Fuzzy Hash: C531C37590122DABCB25DF28D988BCDBBB8BF18714F5041EAE81CA7250E7709F818F45
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00F99160 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadResource.KERNEL32(00000000,00000000,8C278AEA,00000001,00000000,?,00000000,0116C480,000000FF,?,00F9910C,8C278AEA,?,?,*.*,?), ref: 00F9918B
                                                                                                    • LockResource.KERNEL32(00000000,?,00F9910C,8C278AEA,?,?,*.*,?,00000000,0116CB30,000000FF,?,00F992B0,?,?,*.*), ref: 00F99196
                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,00F9910C,8C278AEA,?,?,*.*,?,00000000,0116CB30,000000FF,?,00F992B0,?,?), ref: 00F991A4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Resource$LoadLockSizeof
                                                                                                    • String ID:
                                                                                                    • API String ID: 2853612939-0
                                                                                                    • Opcode ID: 75dd755741ee24eacadf1182fb19248ab125917f7c1c637d57d4c77ac93b3fd9
                                                                                                    • Instruction ID: fa19effab72e4fd67da4e7faf3205eaf4e5a9d972bf74129f0d049ad812b0db9
                                                                                                    • Opcode Fuzzy Hash: 75dd755741ee24eacadf1182fb19248ab125917f7c1c637d57d4c77ac93b3fd9
                                                                                                    • Instruction Fuzzy Hash: 3511C136E04A559BDB358F69D848B66B7ECFB88724F014A7EEC1AD3240E6759C408690
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA7190 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowLongW.USER32(0000001B,000000FC), ref: 00FA71A9
                                                                                                    • SetWindowLongW.USER32(0000001B,000000FC,?), ref: 00FA71B7
                                                                                                    • DestroyWindow.USER32(0000001B), ref: 00FA71E3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Long$Destroy
                                                                                                    • String ID:
                                                                                                    • API String ID: 3055081903-0
                                                                                                    • Opcode ID: cd83318ae61da8a1efd1f29946afd44be736c5beeb9414a3d6453be706892159
                                                                                                    • Instruction ID: 7169dd25fa3aa83465a46b20df460c3ab7f6237972233a712112167db10bd113
                                                                                                    • Opcode Fuzzy Hash: cd83318ae61da8a1efd1f29946afd44be736c5beeb9414a3d6453be706892159
                                                                                                    • Instruction Fuzzy Hash: 5AF03070008B119FD7706F28FD49F92BBE0BF05721F504718E4AA825E4D730A844EB10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DD180 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76timeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLocalTime.KERNEL32(?,8C278AEA), ref: 010DD1DE
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    Strings
                                                                                                    • %04d-%02d-%02d %02d-%02d-%02d, xrefs: 010DD220
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$HeapLocalProcessTime
                                                                                                    • String ID: %04d-%02d-%02d %02d-%02d-%02d
                                                                                                    • API String ID: 219929307-3768011868
                                                                                                    • Opcode ID: 31e4299b3d8872988e48f23229cb032187c5934b6d18383eaa10e8f2beed9f42
                                                                                                    • Instruction ID: 8dbfcba77f1dc5e7ce1be2913d8bf5dde6e265e418dc8672b5b51ce67a4a754d
                                                                                                    • Opcode Fuzzy Hash: 31e4299b3d8872988e48f23229cb032187c5934b6d18383eaa10e8f2beed9f42
                                                                                                    • Instruction Fuzzy Hash: FA217FB1D04208AFDB14DF99D941BBEB7F8EB0C710F10421EF955A7280E7785940C7A5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01154860 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 298cd0eb4f69172c183035d0fd2b76c10ff2b175f95b85964a33c67947bd53d1
                                                                                                    • Instruction ID: 1dc0b6ad8681c0d51fde93cd22550286b937ec400feb7d13739b304167edb5e3
                                                                                                    • Opcode Fuzzy Hash: 298cd0eb4f69172c183035d0fd2b76c10ff2b175f95b85964a33c67947bd53d1
                                                                                                    • Instruction Fuzzy Hash: 59F15171E00219DFDF58CFA9C8806ADBBF1FF88324F158269D925A7785E730A941CB84
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FBF4E0 Relevance: 3.3, APIs: 2, Instructions: 257windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendMessageW.USER32(?,0000102B,00000000,00000001), ref: 00FBF60B
                                                                                                    • SendMessageW.USER32(?,0000102B,?,-00000002), ref: 00FBF7F5
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend
                                                                                                    • String ID:
                                                                                                    • API String ID: 3850602802-0
                                                                                                    • Opcode ID: 6f11c844a85e1116c351c14b0d17070c31cb3d56be23f4d7f5f398c89090e1dc
                                                                                                    • Instruction ID: d5241425741ab05593b98c8600199b8343b98cb8b0bd682fe4624b89777d254b
                                                                                                    • Opcode Fuzzy Hash: 6f11c844a85e1116c351c14b0d17070c31cb3d56be23f4d7f5f398c89090e1dc
                                                                                                    • Instruction Fuzzy Hash: 52B1DF71A00246AFCB18CF29C995BE9FBF5FB08314F188269E859DB281D734E945DF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AE5B0 Relevance: 3.1, APIs: 2, Instructions: 134windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,8C278AEA,?,00000000), ref: 010AE5FB
                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 010AE605
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocateErrorFormatHeapLastMessage
                                                                                                    • String ID:
                                                                                                    • API String ID: 4114510652-0
                                                                                                    • Opcode ID: aa79fcde8ee0fb9549f4e50741e02e339d09cecd535c56b211ea45c0f3d58d02
                                                                                                    • Instruction ID: 129c3be72ec0aa3811c7453ac1927b9c05aacbfd164030755fffb8c9c0ef0575
                                                                                                    • Opcode Fuzzy Hash: aa79fcde8ee0fb9549f4e50741e02e339d09cecd535c56b211ea45c0f3d58d02
                                                                                                    • Instruction Fuzzy Hash: 8041E271A052199FEB14CFA8CC057AEFBF8EF44754F5406AEE905EB380D7B559008B90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010010D0 Relevance: 3.1, APIs: 2, Instructions: 75COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowLongW.USER32(00000000,000000FC), ref: 0100113F
                                                                                                    • SetWindowLongW.USER32(00000000,000000FC,?), ref: 0100114D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LongWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 1378638983-0
                                                                                                    • Opcode ID: 2f267d4394c62eb4d0f0e8580d38759786fb6ae053a2d8f597e7f476c33ec6bd
                                                                                                    • Instruction ID: 79be3a9d65964353ba115b160e416eef5b8670b10e9ec94e72a076a11ed6e4dd
                                                                                                    • Opcode Fuzzy Hash: 2f267d4394c62eb4d0f0e8580d38759786fb6ae053a2d8f597e7f476c33ec6bd
                                                                                                    • Instruction Fuzzy Hash: F6317871900605EFDB15DF69D984B9AFBF4FF04320F5442A9E924A76D0C731EA50CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FCD8C0 Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __set_se_translator.LIBVCRUNTIME ref: 00FCD8C5
                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0011A060), ref: 00FCD8DB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFilterUnhandled__set_se_translator
                                                                                                    • String ID:
                                                                                                    • API String ID: 2480343447-0
                                                                                                    • Opcode ID: 709eab9d4c1ac139f3643ac7a6c17a40942d713d5a16f70c960987f69d0453ba
                                                                                                    • Instruction ID: e379ca5b0d455703eafbed27b96420b4e6492f526c704f2ae80ffa2058dd26de
                                                                                                    • Opcode Fuzzy Hash: 709eab9d4c1ac139f3643ac7a6c17a40942d713d5a16f70c960987f69d0453ba
                                                                                                    • Instruction Fuzzy Hash: 37D01274A84345DFDF295BA1A55FF283FA0E7A1B1CF44006DD48605285C7F15C84EB63
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115F711 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0115F70C,?,?,00000008,?,?,0116A8F4,00000000), ref: 0115F93E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionRaise
                                                                                                    • String ID:
                                                                                                    • API String ID: 3997070919-0
                                                                                                    • Opcode ID: 22e4aa71d77edf171bd514ebb01b979367bd45ad615584a454078bfe6aef7c16
                                                                                                    • Instruction ID: e00b8636d92207d67d9a1356a350437abc742b3e1d7b93d1de40eeffca05ebca
                                                                                                    • Opcode Fuzzy Hash: 22e4aa71d77edf171bd514ebb01b979367bd45ad615584a454078bfe6aef7c16
                                                                                                    • Instruction Fuzzy Hash: 81B13D3161060ADFE759CF2CC486B657BB0FF45364F258658E9A9CF2A1C335E992CB40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010045B0 Relevance: 1.8, Strings: 1, Instructions: 521COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionRaise__floor_pentium4
                                                                                                    • String ID: unordered_map/set too long
                                                                                                    • API String ID: 996205981-306623848
                                                                                                    • Opcode ID: 3d125a80e6361d34c245b7be1c22cfe611bd13d9a15bba308c5eed249d234eca
                                                                                                    • Instruction ID: daba2876f908469baf63b1efe0bae5ad5cfb4f19800721af9584b53a6310dd38
                                                                                                    • Opcode Fuzzy Hash: 3d125a80e6361d34c245b7be1c22cfe611bd13d9a15bba308c5eed249d234eca
                                                                                                    • Instruction Fuzzy Hash: EF12D171A002099FDB1ADF68C880AADFBF5FF48310F14826AE955EB391D735E941CB94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB7AC0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • NtdllDefWindowProc_W.NTDLL(?,-00002000,?,?,00FB60F7,?,?,?,?,?,?,?,?,00FB5F68,?,?), ref: 00FB7B10
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: NtdllProc_Window
                                                                                                    • String ID:
                                                                                                    • API String ID: 4255912815-0
                                                                                                    • Opcode ID: e87fc440e6792d1d58b477bd8e7024a131078bb6c8e04f4e946e05c38daf34a9
                                                                                                    • Instruction ID: f27501b1783b77bef2f22f5442dd78a0a97fd38f3b96f34176f179e9c7469c9d
                                                                                                    • Opcode Fuzzy Hash: e87fc440e6792d1d58b477bd8e7024a131078bb6c8e04f4e946e05c38daf34a9
                                                                                                    • Instruction Fuzzy Hash: BDF05E70008345DED711BB15D898AA9BBA6FBC4315F4485E5E044C5469C2398E44EF10
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01161639 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: c11bfd95d153fbcc8800d30bf3e19b851f8d9a6afebc8e1bcd8c14d2212a2947
                                                                                                    • Instruction ID: e8f6b32ee6286f5a8653d60644a41365786196710a9f2ab311bab57c7300b75c
                                                                                                    • Opcode Fuzzy Hash: c11bfd95d153fbcc8800d30bf3e19b851f8d9a6afebc8e1bcd8c14d2212a2947
                                                                                                    • Instruction Fuzzy Hash: 5B322621D2AF414DD72B5538C822339AA4DAFB73C5F15D737F82AB599AEB29C4D34200
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FC010 Relevance: .4, Instructions: 436COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: aa0cf873ce5ce24cf5cdf6b31c8e242ed30d4079ac5e5b7bc595c0271f0b9d3a
                                                                                                    • Instruction ID: 6a755e8260896ab57fce5e9d21bbba1c09e1df2edae2b7fb19104c0b46addd19
                                                                                                    • Opcode Fuzzy Hash: aa0cf873ce5ce24cf5cdf6b31c8e242ed30d4079ac5e5b7bc595c0271f0b9d3a
                                                                                                    • Instruction Fuzzy Hash: F90268B1D002089FEB14CFA8C94ABEEBBF5FF48308F14465DD559AB680D775AA44CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0114CEC0 Relevance: .3, Instructions: 344COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 26d0f29648b79e64e64f6ec946172529454e792f52270b8e945f5408c182bd98
                                                                                                    • Instruction ID: cb52b8265edaab2ebf8d15505c9ea6a964382f7bc68dbb074eec39312a8a9676
                                                                                                    • Opcode Fuzzy Hash: 26d0f29648b79e64e64f6ec946172529454e792f52270b8e945f5408c182bd98
                                                                                                    • Instruction Fuzzy Hash: 20C12F70A006068FDF2CCFACD480BBEBBB1AF65F04F144619D9569B291C735E846CB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA5220 Relevance: .1, Instructions: 140COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: ff728348b4ae81dcacabfeecc8e0052547c9acfe313c7cba267e55af0b7f68ae
                                                                                                    • Instruction ID: a5b8fd352df047ed14d13967a3733c99f721a7ef2db20a91d80d5e1f8524d34e
                                                                                                    • Opcode Fuzzy Hash: ff728348b4ae81dcacabfeecc8e0052547c9acfe313c7cba267e55af0b7f68ae
                                                                                                    • Instruction Fuzzy Hash: FF7106B1801B48CFE761CF78C94478ABBF0BB05324F148A5DD4A99B3D1D3B9A608CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0104C330 Relevance: .1, Instructions: 85COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 289d11a16a7cf125df69cbe4eefe899ca272d195ee382718a23f274eec50da66
                                                                                                    • Instruction ID: 2ec0363b95fde3773d5b09dbf534383bbd4c3468ba89cce36368b6cba9464bb8
                                                                                                    • Opcode Fuzzy Hash: 289d11a16a7cf125df69cbe4eefe899ca272d195ee382718a23f274eec50da66
                                                                                                    • Instruction Fuzzy Hash: E441F4B0905B49EED708CF69C51878AFBF0BB19318F20825DC4589B781D3BAA618CFD5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FAE540 Relevance: .1, Instructions: 69COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9b742a5d34a6b512a06841696f0b6e2e737d216985ba5aa01dc56fab2a5cac0b
                                                                                                    • Instruction ID: 6d06baffa349fa203b9aa9fccfb19ddd45029019c9e8beba48b0b46eae50b312
                                                                                                    • Opcode Fuzzy Hash: 9b742a5d34a6b512a06841696f0b6e2e737d216985ba5aa01dc56fab2a5cac0b
                                                                                                    • Instruction Fuzzy Hash: 7D31F0B0405B84DEE321CF29C258747BFF0BB05718F108A4DD4A25BB91C3BAA508CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA78B0 Relevance: .1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: a09b008c3fc8068dcaf0405b91c1c240c634994071fa3f7f0f93d00db96ee55f
                                                                                                    • Instruction ID: 7aaad036656b20b7c9714f0b2912f0763050e0e575158caf3b9a1df146079c4e
                                                                                                    • Opcode Fuzzy Hash: a09b008c3fc8068dcaf0405b91c1c240c634994071fa3f7f0f93d00db96ee55f
                                                                                                    • Instruction Fuzzy Hash: C12188B1804788CFD710CF68C54478ABBF4FF09314F1186AED455AB791E3B9AA08CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA7E70 Relevance: .1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 908c1b5eaa8893369df03222eb1e502052715513b711cefceec384db7a5b8e1d
                                                                                                    • Instruction ID: 6f199939a5d0dc99debe8d877689fdf242f6394947d61d73a45c312abd34b4b1
                                                                                                    • Opcode Fuzzy Hash: 908c1b5eaa8893369df03222eb1e502052715513b711cefceec384db7a5b8e1d
                                                                                                    • Instruction Fuzzy Hash: 482158B1804788DFD710CF68C94478ABBF4FF19314F11869ED455AB791E7B9AA08CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FC58F0 Relevance: .0, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: b76ece4f9fa682e40eb23374e441ee2830fde15e2d10a4999d3ae9b6b2c70d4f
                                                                                                    • Instruction ID: 6d09396771e4fcbe315c3bfa5a67f563e30b87dbc904cdd89acac54e1cfd8e17
                                                                                                    • Opcode Fuzzy Hash: b76ece4f9fa682e40eb23374e441ee2830fde15e2d10a4999d3ae9b6b2c70d4f
                                                                                                    • Instruction Fuzzy Hash: 66110CB1905248DFC754CF58D544789BBF4FB09328F2086AEE8189B381D37A9A0ACF84
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115E8FB Relevance: .0, Instructions: 29COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 5208ff93917cac1753a3486b25e3d61fbebd09851aa9bcef3d1636bce1243e35
                                                                                                    • Instruction ID: 88ea0ed027d177714e6f4f6d66835ff0e4d7b55d2feec33463bf43377f864987
                                                                                                    • Opcode Fuzzy Hash: 5208ff93917cac1753a3486b25e3d61fbebd09851aa9bcef3d1636bce1243e35
                                                                                                    • Instruction Fuzzy Hash: 71F0A031A16320EBCBAACA4DC444A48B3B8EB08A14F111096F910D7251D3B0DE00C7D0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115E93F Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                    • Instruction ID: c3be4d16a1f33a9bd6e804fed5cdc17f526322db21d4042f9250bd53649c163d
                                                                                                    • Opcode Fuzzy Hash: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                    • Instruction Fuzzy Hash: 43E04632912228EBCBA8DB98890498AF7BCEB44A04B150896BA11E3200E270DF00CBD0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0114FDF7 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 16a962eb7063aa5dac9a286c1eb4be0eb6ad47394398426903ba7e2235a18e8e
                                                                                                    • Instruction ID: 043b286046ed2c6eb58c67df2b639c68290dcf373974c8a9ba5d9c8ea0de71f5
                                                                                                    • Opcode Fuzzy Hash: 16a962eb7063aa5dac9a286c1eb4be0eb6ad47394398426903ba7e2235a18e8e
                                                                                                    • Instruction Fuzzy Hash: BBC08C34002961CBCE3E891C93703E53364A391E83F80148CC9030B743EB1E9C83D600
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010E4100 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 335COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    • powershell.exe -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -WindowStyle Hidden -Command "$host.UI.RawUI.BufferSize = new, xrefs: 010E425F
                                                                                                    • Unable to create process: , xrefs: 010E4304
                                                                                                    • Unable to retrieve PowerShell output from file: , xrefs: 010E445E
                                                                                                    • Unable to get a temp file for script output, temp path: , xrefs: 010E420F
                                                                                                    • Unable to find file , xrefs: 010E4133
                                                                                                    • txt, xrefs: 010E41D3
                                                                                                    • Unable to retrieve exit code from process., xrefs: 010E4481
                                                                                                    • ps1, xrefs: 010E41A6, 010E41B8, 010E41C2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: Unable to create process: $Unable to find file $Unable to get a temp file for script output, temp path: $Unable to retrieve PowerShell output from file: $Unable to retrieve exit code from process.$powershell.exe -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -WindowStyle Hidden -Command "$host.UI.RawUI.BufferSize = new$ps1$txt
                                                                                                    • API String ID: 0-4129021124
                                                                                                    • Opcode ID: 4affc7058e6b59d594be9887708975e6956e7633bf8ea283a4e01b8535a33fb6
                                                                                                    • Instruction ID: d87e328176124536fcb9e65b4bc1b74be625ee020914b4fe7f6d79aaedf2877c
                                                                                                    • Opcode Fuzzy Hash: 4affc7058e6b59d594be9887708975e6956e7633bf8ea283a4e01b8535a33fb6
                                                                                                    • Instruction Fuzzy Hash: 7DC19E71E01609AFDF14DFA9CD49BAEBBF4AF09314F108299E554E7291DB749A00CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA71F0 Relevance: 28.5, APIs: 15, Strings: 1, Instructions: 460stringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ParentWindowlstrcmp
                                                                                                    • String ID: #32770
                                                                                                    • API String ID: 3676684576-463685578
                                                                                                    • Opcode ID: b893f4b051a3a3f6201a5e5795a9cc3392f792cbacbe72d11b149a508c2294a4
                                                                                                    • Instruction ID: 0419a5446c9042da0c6969d791ef04b73a3c70da1b406390e464f3b5c031e5b2
                                                                                                    • Opcode Fuzzy Hash: b893f4b051a3a3f6201a5e5795a9cc3392f792cbacbe72d11b149a508c2294a4
                                                                                                    • Instruction Fuzzy Hash: 8B028FB1A04309EFDB14DFA8DD48FAEBBF5EF4A314F144158E815A7290DB75A940EB20
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B6CC0 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 259COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetDlgItem.USER32(?,000001F6), ref: 010B6D0E
                                                                                                    • GetDlgItem.USER32(?,000001F8), ref: 010B6D1B
                                                                                                    • GetDlgItem.USER32(?,000001F7), ref: 010B6D6C
                                                                                                    • SetWindowTextW.USER32(00000000,00000000), ref: 010B6D7B
                                                                                                    • ShowWindow.USER32(?,00000005), ref: 010B6DE1
                                                                                                    • GetDlgItem.USER32(?,000001F7), ref: 010B6E03
                                                                                                    • SetWindowTextW.USER32(00000000,00000000), ref: 010B6E12
                                                                                                    • ShowWindow.USER32(?,00000000), ref: 010B6E77
                                                                                                    • ShowWindow.USER32(?,00000000), ref: 010B6E7E
                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000616), ref: 010B6EC7
                                                                                                    • GetDlgItem.USER32(?,00000000), ref: 010B6EF9
                                                                                                    • IsWindow.USER32(00000000), ref: 010B6F03
                                                                                                    • SetWindowPos.USER32(?,00000000,10C25DE5,01F66800,76FF0000,E815FF24,00000014,?,00000000,?,?,00000616), ref: 010B6F50
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Item$Show$Text
                                                                                                    • String ID: Details <<$Details >>
                                                                                                    • API String ID: 2476474966-3763984547
                                                                                                    • Opcode ID: 549f6e3a6d19fd65081f5c4a9278512c92c20b44e5835006bf3291e09622092f
                                                                                                    • Instruction ID: 45dda575dfc119d578b38b6c61998e101b48707a1a7c78cf37a5709eb0f0ad72
                                                                                                    • Opcode Fuzzy Hash: 549f6e3a6d19fd65081f5c4a9278512c92c20b44e5835006bf3291e09622092f
                                                                                                    • Instruction Fuzzy Hash: A591B071D0020AAFDF14DFA8DC99BEEBBB5FF08314F148219E915A7690D731A990CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DE0A0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 230memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LocalFree.KERNEL32(00000000,Everyone,10000000,00000000,8C278AEA), ref: 010DE152
                                                                                                    • LocalFree.KERNEL32(00000000,Everyone,10000000,00000000,8C278AEA), ref: 010DE163
                                                                                                    • LocalAlloc.KERNEL32(00000040,00000014), ref: 010DE1D8
                                                                                                    • GetLastError.KERNEL32 ref: 010DE1F6
                                                                                                    • LocalFree.KERNEL32(00000000), ref: 010DE207
                                                                                                    • GetLastError.KERNEL32 ref: 010DE226
                                                                                                    • LocalFree.KERNEL32(00000000), ref: 010DE237
                                                                                                    • CreateDirectoryW.KERNEL32(?,?), ref: 010DE260
                                                                                                    • LocalFree.KERNEL32(00000000,Everyone,10000000,00000000,8C278AEA), ref: 010DE2B4
                                                                                                    • LocalFree.KERNEL32(00000000,Everyone,10000000,00000000,8C278AEA), ref: 010DE317
                                                                                                    • LocalFree.KERNEL32(00000000,Everyone,10000000,00000000,8C278AEA), ref: 010DE321
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Local$Free$ErrorLast$AllocCreateDirectory
                                                                                                    • String ID: Everyone
                                                                                                    • API String ID: 2702579218-3285609282
                                                                                                    • Opcode ID: b8d0bdfcc780939deb2362f78081a94f0867ab4c8498fa173671083af78c56a6
                                                                                                    • Instruction ID: 763ac19d18326e498e27f15c61761f32847f6cd31188b950a9f8e8736a8cc32e
                                                                                                    • Opcode Fuzzy Hash: b8d0bdfcc780939deb2362f78081a94f0867ab4c8498fa173671083af78c56a6
                                                                                                    • Instruction Fuzzy Hash: 6F9119B0E00349AFEF24DFE9D888BEEBFF8AF04704F144059E551AB280DBB595448B91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010C8270 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 439COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetCurrentProcess.KERNEL32(?,8C278AEA), ref: 010C82D9
                                                                                                    • IsWow64Process.KERNEL32(00000000), ref: 010C82E0
                                                                                                      • Part of subcall function 010AAB00: _wcsrchr.LIBVCRUNTIME ref: 010AAB39
                                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 010C8361
                                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 010C83F7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _wcsrchr$Process$CurrentWow64
                                                                                                    • String ID: "%s" $ /fvomus //$ /i //$ /p //$ EXE_CMD_LINE="%s "$ TRANSFORMS=":%d"$%s AI_SETUPEXEPATH="%s" SETUPEXEDIR="%s"$.x64
                                                                                                    • API String ID: 657290924-2074823060
                                                                                                    • Opcode ID: 8c76a83c63eccf4c0e5bbf8987547b3155b8c6b8a4fa3ace5d03d97f393aae7f
                                                                                                    • Instruction ID: b35c8500da5712501f87f008e550cf93a7ece1201279e134ccf618f74a24baed
                                                                                                    • Opcode Fuzzy Hash: 8c76a83c63eccf4c0e5bbf8987547b3155b8c6b8a4fa3ace5d03d97f393aae7f
                                                                                                    • Instruction Fuzzy Hash: A4F1B130A006069FEB04DFA8CC48BAEBBE5BF55314F1486ADE955AB2D1DB74D904CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FCAFF0 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 353libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00000043), ref: 00FCB127
                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeEmbeddedUI), ref: 00FCB13F
                                                                                                    • GetProcAddress.KERNEL32(00000000,ShutdownEmbeddedUI), ref: 00FCB149
                                                                                                    • GetProcAddress.KERNEL32(00000000,EmbeddedUIHandler), ref: 00FCB154
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$HeapInit_thread_footer$AllocateLibraryLoadProcess
                                                                                                    • String ID: build $19.7.1$EmbeddedUIHandler$INAN$InitializeEmbeddedUI$SELECT `Data` FROM `Binary` WHERE `Name` = 'InstallerAnalytics.dll'$ShutdownEmbeddedUI$e09f3004
                                                                                                    • API String ID: 2564778481-2055252535
                                                                                                    • Opcode ID: 06b665e74efa10f6d9089f67fae3e02034a0159332009e236addcf95c2557aac
                                                                                                    • Instruction ID: 6a454c8303dc4cebfe76d07da75f98ab46e8f24731951883b99ae03005c43c17
                                                                                                    • Opcode Fuzzy Hash: 06b665e74efa10f6d9089f67fae3e02034a0159332009e236addcf95c2557aac
                                                                                                    • Instruction Fuzzy Hash: 75D17F75E0020A9FDB14DFA8CD56BEEBBB4FF04314F14462DE915A7281EB74AA04DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00F9DE70 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 263libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryW.KERNEL32(combase.dll,RoGetActivationFactory,8C278AEA,011EB768,?,?,?,?,?,?,?,?,8C278AEA,0116E035,000000FF), ref: 00F9DED8
                                                                                                    • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00F9DEDE
                                                                                                    • LoadLibraryW.KERNEL32(00000000,.dll,-00000001,00000000,?,011D446C,00000000,00000000,00000000), ref: 00F9E07D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoad$AddressProc
                                                                                                    • String ID: .dll$CoIncrementMTAUsage$DllGetActivationFactory$RoGetActivationFactory$combase.dll
                                                                                                    • API String ID: 1469910268-2454113998
                                                                                                    • Opcode ID: 409b6fb9fba9d74d6aca2dc9905131bfec736b042799f9f1f449518917ecb55a
                                                                                                    • Instruction ID: d6f53ea25676bd79b2d562ef33c17ea3c7132ad1a1d8164f8feaca78af7872fb
                                                                                                    • Opcode Fuzzy Hash: 409b6fb9fba9d74d6aca2dc9905131bfec736b042799f9f1f449518917ecb55a
                                                                                                    • Instruction Fuzzy Hash: D6A18F71E00209DFEF14DFA9C984BEEBBB5EF58714F244029E411B7290DB746944DBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DCF60 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 192fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(01259384,8C278AEA,?,00000010), ref: 010DCF9C
                                                                                                      • Part of subcall function 00F992A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00FB1134,00000000,?,00000010,?,*.*,?,80070057), ref: 00F992C3
                                                                                                    • EnterCriticalSection.KERNEL32(00000010,8C278AEA,?,00000010), ref: 010DCFA9
                                                                                                    • WriteFile.KERNEL32(00000000,?,?,000000FF,00000000), ref: 010DCFDB
                                                                                                    • FlushFileBuffers.KERNEL32(00000000,?,?,000000FF,00000000), ref: 010DCFE4
                                                                                                    • WriteFile.KERNEL32(00000000,010D2D47,9384B9EC,011B5BDD,00000000,011D443C,00000001,?,?,000000FF,00000000), ref: 010DD066
                                                                                                    • FlushFileBuffers.KERNEL32(00000000,?,?,000000FF,00000000), ref: 010DD06F
                                                                                                    • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,?,000000FF,00000000), ref: 010DD0A5
                                                                                                    • FlushFileBuffers.KERNEL32(00000000,?,?,?,00000000,?,?,000000FF,00000000), ref: 010DD0AE
                                                                                                    • WriteFile.KERNEL32(00000000,?,?,?,00000000,011D6D60,00000002,?,?,?,00000000,?,?,000000FF,00000000), ref: 010DD10F
                                                                                                    • FlushFileBuffers.KERNEL32(00000000,?,?,?,00000000,?,?,000000FF,00000000), ref: 010DD118
                                                                                                    • LeaveCriticalSection.KERNEL32(00000000,?,?,?,00000000,?,?,000000FF,00000000), ref: 010DD148
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$BuffersFlushWrite$CriticalSection$AllocateEnterFindHeapInitializeLeaveResource
                                                                                                    • String ID: v
                                                                                                    • API String ID: 201293332-3261393531
                                                                                                    • Opcode ID: d8a6cf88b6791e2c959ba7ee0022f5b86450a2e2f5da433c7477ca49607d0466
                                                                                                    • Instruction ID: b0bba32458b9438f11d3364a108b32502e1ebfd582fac54d5aec6d197bbf685d
                                                                                                    • Opcode Fuzzy Hash: d8a6cf88b6791e2c959ba7ee0022f5b86450a2e2f5da433c7477ca49607d0466
                                                                                                    • Instruction Fuzzy Hash: 7A61DD30900648AFEB10CFA8CD49BAEBFB8FF45314F1481A8F951A7291DB759854DFA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B9470 Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 410libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 010D3C70: GetSystemDefaultLangID.KERNEL32(8C278AEA,?,?,?,?), ref: 010D3CA6
                                                                                                    • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2,?,?,?,?,00000000), ref: 010B95D3
                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 010B95DA
                                                                                                    • __Init_thread_footer.LIBCMT ref: 010B95F1
                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,00000000), ref: 010B9610
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressCurrentDefaultHandleInit_thread_footerLangModuleProcProcessSystem
                                                                                                    • String ID: IsWow64Process2$Not selected for install.$Search result:$Searching for:$Undefined$Wrong OS or Os language for:$kernel32
                                                                                                    • API String ID: 52476621-4272450043
                                                                                                    • Opcode ID: cf5484a3efc492bab6d6e4d30bf8a2ed8f07f0c6b8fa0d50e40b9cba04c38c91
                                                                                                    • Instruction ID: 0bd2da449492198d621da4a6a63911784fbfcf4cc95683940c41845df24f3c8d
                                                                                                    • Opcode Fuzzy Hash: cf5484a3efc492bab6d6e4d30bf8a2ed8f07f0c6b8fa0d50e40b9cba04c38c91
                                                                                                    • Instruction Fuzzy Hash: 41F19FB0900606CFDB64DFACC884BEEBBF1BF44318F14825DD6969B295DB34A946CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B4730 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 340threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(0125944C,8C278AEA,?,?,?), ref: 010B4852
                                                                                                    • EnterCriticalSection.KERNEL32(?,8C278AEA,?,?,00000000,?,?,?,?,?,00000000,011AD8F7,000000FF), ref: 010B4864
                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,00000000,011AD8F7,000000FF), ref: 010B4871
                                                                                                    • GetCurrentThread.KERNEL32 ref: 010B487C
                                                                                                    • GetModuleHandleW.KERNEL32(00000000,*** Stack Trace (x86) ***,0000001F,?,011D446C,00000000), ref: 010B4AAE
                                                                                                    • LeaveCriticalSection.KERNEL32(?,00000000), ref: 010B4BDC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$Current$EnterHandleInitializeLeaveModuleProcessThread
                                                                                                    • String ID: *** Stack Trace (x86) ***$ v$<--------------------MORE--FRAMES-------------------->$MODULE_BASE_ADDRESS$[0x%.8Ix]
                                                                                                    • API String ID: 3051236879-1086252000
                                                                                                    • Opcode ID: eb17ca2d99cbe912f3436b34a070b705d80fbd7f58ccdf67147f96f2619399a4
                                                                                                    • Instruction ID: f24bbf7328d073fa6faa07012fc2b179a074b3f18e48f21dc73eb96df6fff70b
                                                                                                    • Opcode Fuzzy Hash: eb17ca2d99cbe912f3436b34a070b705d80fbd7f58ccdf67147f96f2619399a4
                                                                                                    • Instruction Fuzzy Hash: 70D199706003889FEF29DF68CC99BEE7BA8FF45708F104158E9599B282DB755B04CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B47E0 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 265threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(0125944C,8C278AEA,?,?,?), ref: 010B4852
                                                                                                    • EnterCriticalSection.KERNEL32(?,8C278AEA,?,?,00000000,?,?,?,?,?,00000000,011AD8F7,000000FF), ref: 010B4864
                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,00000000,011AD8F7,000000FF), ref: 010B4871
                                                                                                    • GetCurrentThread.KERNEL32 ref: 010B487C
                                                                                                    • GetModuleHandleW.KERNEL32(00000000,*** Stack Trace (x86) ***,0000001F,?,011D446C,00000000), ref: 010B4AAE
                                                                                                    • LeaveCriticalSection.KERNEL32(?,00000000), ref: 010B4BDC
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$Current$EnterHandleInitializeLeaveModuleProcessThread
                                                                                                    • String ID: *** Stack Trace (x86) ***$ v$<--------------------MORE--FRAMES-------------------->$MODULE_BASE_ADDRESS$[0x%.8Ix]
                                                                                                    • API String ID: 3051236879-1086252000
                                                                                                    • Opcode ID: 39655e90e9a328cf9544374fa6f8bf457d217251a01f452c31565fd0fbce53fb
                                                                                                    • Instruction ID: 56148d1299086c42347f1d07323dfb8f56c4d074b5623f32c66d39480c979a2e
                                                                                                    • Opcode Fuzzy Hash: 39655e90e9a328cf9544374fa6f8bf457d217251a01f452c31565fd0fbce53fb
                                                                                                    • Instruction Fuzzy Hash: 2CB19C705003889FEF2ADF64CC99BEE7BB8EF45308F104158EA49AB282DB755B04CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B69C0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 132windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 010AE740: LoadLibraryW.KERNEL32(ComCtl32.dll,8C278AEA,?,?,00000000), ref: 010AE77E
                                                                                                      • Part of subcall function 010AE740: GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 010AE7A1
                                                                                                      • Part of subcall function 010AE740: FreeLibrary.KERNEL32(00000000), ref: 010AE81F
                                                                                                    • GetDlgItem.USER32(?,000001F4), ref: 010B6A01
                                                                                                    • SendMessageW.USER32(00000000,00000170,00000000,00000000), ref: 010B6A12
                                                                                                    • MulDiv.KERNEL32(00000009,00000000), ref: 010B6A2A
                                                                                                    • GetDlgItem.USER32(?,000001F6), ref: 010B6A64
                                                                                                    • IsWindow.USER32(00000000), ref: 010B6A6D
                                                                                                    • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 010B6A84
                                                                                                    • GetDlgItem.USER32(?,000001F8), ref: 010B6A8E
                                                                                                    • GetWindowRect.USER32(?,?), ref: 010B6A9F
                                                                                                    • GetWindowRect.USER32(?,?), ref: 010B6AB2
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 010B6AC2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$ItemRect$LibraryMessageSend$AddressFreeLoadProc
                                                                                                    • String ID: Courier New
                                                                                                    • API String ID: 1717253393-2572734833
                                                                                                    • Opcode ID: 370d42ed14aa570e0349d07d19235276b586ec047bf6096e572b19a045555c41
                                                                                                    • Instruction ID: 8c029cad4376915e774aceb2a6806efd768011f4e8da932d470870c6ea7adf41
                                                                                                    • Opcode Fuzzy Hash: 370d42ed14aa570e0349d07d19235276b586ec047bf6096e572b19a045555c41
                                                                                                    • Instruction Fuzzy Hash: 2F41D671BC43097FEB249F259C86FEE7AA9EF58B04F400529BB057A1C0DAB1A8408B54
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FC4DB0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 229windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000063,80000000,80000000,80000000,80000000,?,00000000,00000000,8C278AEA), ref: 00FC4E38
                                                                                                      • Part of subcall function 00FA68F0: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00FA6926
                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00FC4F3B
                                                                                                    • SendMessageW.USER32(00000000,00000439,00000000,0000002C), ref: 00FC4F4F
                                                                                                    • SendMessageW.USER32(00000000,00000421,00000003,?), ref: 00FC4F64
                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,0000012C), ref: 00FC4F79
                                                                                                    • SendMessageW.USER32(?,000000D6,-00000001,00000000), ref: 00FC4F90
                                                                                                    • GetWindowRect.USER32(?,?), ref: 00FC4FC2
                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000), ref: 00FC5024
                                                                                                    • SendMessageW.USER32(00000000,00000411,00000001,0000002C), ref: 00FC5034
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$Window$CreateLongRect
                                                                                                    • String ID: tooltips_class32
                                                                                                    • API String ID: 1954517558-1918224756
                                                                                                    • Opcode ID: 085a1caf56b82808e800d1c14f8fbee1fbbcb0b068e50fea8d851d1b310023f9
                                                                                                    • Instruction ID: c1e9406e3880701c955e87835b1c2c31bbb04913b9d4be049c105c3ce4d4bb45
                                                                                                    • Opcode Fuzzy Hash: 085a1caf56b82808e800d1c14f8fbee1fbbcb0b068e50fea8d851d1b310023f9
                                                                                                    • Instruction Fuzzy Hash: 6C915E71A40309AFDB24CFA4DD95FAEBBF8FB08700F44452EE516EA294D774A904CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01006CB0 Relevance: 16.7, APIs: 11, Instructions: 170COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 01006CF7
                                                                                                    • GetParent.USER32 ref: 01006D0D
                                                                                                    • GetWindowRect.USER32(?,?), ref: 01006D18
                                                                                                    • GetParent.USER32(?), ref: 01006D20
                                                                                                    • GetWindow.USER32(?,00000004), ref: 01006D52
                                                                                                    • GetWindowRect.USER32(?,?), ref: 01006D60
                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 01006D6D
                                                                                                    • MonitorFromWindow.USER32(?,00000002), ref: 01006D85
                                                                                                    • GetMonitorInfoW.USER32(00000000,00000004), ref: 01006D9F
                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015), ref: 01006E4D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$LongMonitorParentRect$FromInfo
                                                                                                    • String ID:
                                                                                                    • API String ID: 1820395375-0
                                                                                                    • Opcode ID: 2e28dcbc3efdc88b46be7a15e89c4306176993e1ae215bb25cb6c2674bc55151
                                                                                                    • Instruction ID: dbe8182a0f66e9cc60e0effccb7c37300c8a8a2a5f148d32f6621a54fe1b5b01
                                                                                                    • Opcode Fuzzy Hash: 2e28dcbc3efdc88b46be7a15e89c4306176993e1ae215bb25cb6c2674bc55151
                                                                                                    • Instruction Fuzzy Hash: ED518272D002599FDB21CF68DD88AEDBBB9FB48710F544229E915F3284DB31AD54CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B6070 Relevance: 16.6, APIs: 11, Instructions: 150windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 010B60AF
                                                                                                    • GetWindowLongW.USER32(010B69AC,000000F0), ref: 010B60C0
                                                                                                    • SetWindowLongW.USER32(010B69AC,000000F0,00000000), ref: 010B60D2
                                                                                                    • GetWindowLongW.USER32(010B69AC,000000EC), ref: 010B60E5
                                                                                                    • SetWindowLongW.USER32(010B69AC,000000EC,00000000), ref: 010B60F4
                                                                                                    • SendMessageW.USER32(?,0000007F,00000000,00000000), ref: 010B6108
                                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 010B6117
                                                                                                    • GetWindowRect.USER32(?,?), ref: 010B6156
                                                                                                    • GetDlgItem.USER32(?,?), ref: 010B6192
                                                                                                    • IsWindow.USER32(00000000), ref: 010B619D
                                                                                                    • GetWindowRect.USER32(?,?), ref: 010B61B8
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Long$MessageRectSend$Item
                                                                                                    • String ID:
                                                                                                    • API String ID: 661679956-0
                                                                                                    • Opcode ID: b3b083760ae728e1a69af6becb4728b04ad9374f5f0cbbb8493ea15be60b010a
                                                                                                    • Instruction ID: b104579887e0b5797bd3b9c5ce8438c61559b9fa6bfac0820711511c33e29c14
                                                                                                    • Opcode Fuzzy Hash: b3b083760ae728e1a69af6becb4728b04ad9374f5f0cbbb8493ea15be60b010a
                                                                                                    • Instruction Fuzzy Hash: F341BE715043069FD720DF68EC84B6BB7E4BF98710F144A2DF9D592191DB31E8848B62
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DE730 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 302libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 01067A10: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 01067A51
                                                                                                    • GetLastError.KERNEL32(8C278AEA,?,?,?,011B602D,000000FF,?,010C2852,?), ref: 010DE79D
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetPackagePath), ref: 010DE92D
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetPackagePath), ref: 010DE986
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,011B602D,000000FF,?,010C2852,?), ref: 010DEA74
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$DirectoryErrorFreeLastLibrarySystem
                                                                                                    • String ID: GetPackagePath$Kernel32.dll$neutral$x64$x86
                                                                                                    • API String ID: 2155880084-4043905686
                                                                                                    • Opcode ID: 9c826dedab7428af8254c5feeea5944510671fc5fdfea8c7366e42820a82ecd3
                                                                                                    • Instruction ID: 3040b3e0d79f394661b9e9c44c9adc8d6f0662f4badb3bfdac6edc353b37d81f
                                                                                                    • Opcode Fuzzy Hash: 9c826dedab7428af8254c5feeea5944510671fc5fdfea8c7366e42820a82ecd3
                                                                                                    • Instruction Fuzzy Hash: 35C15970A0120ADFDF18CFA8C984B9DBBF5BF48314F14816DE805AB291DB75A945CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010C06D0 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 283COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 010B5290: LoadLibraryW.KERNEL32(Shlwapi.dll,?,?,?,?,010C0731,?,8C278AEA,?,?), ref: 010B52AB
                                                                                                      • Part of subcall function 010B5290: GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 010B52C1
                                                                                                      • Part of subcall function 010B5290: FreeLibrary.KERNEL32(00000000), ref: 010B52FA
                                                                                                    • GetEnvironmentVariableW.KERNEL32(APPDATA,?,00000104,8C278AEA,?,?), ref: 010C0910
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Library$AddressEnvironmentFreeLoadProcVariable
                                                                                                    • String ID: AI_BOOTSTRAPPERLANGS$APPDATA$AppDataFolder$PROGRAMFILES$ProgramFiles$ProgramFilesFolder$Shell32.dll$Shlwapi.dll
                                                                                                    • API String ID: 788177547-1020860216
                                                                                                    • Opcode ID: 7dc5fc6ac482058ee82427b5f03acea14b9b35398fe3c75645be0667b53432b6
                                                                                                    • Instruction ID: 6597f5ae2554456e28d0e323c3191384d83b2a6a943170093fe7321402da07f3
                                                                                                    • Opcode Fuzzy Hash: 7dc5fc6ac482058ee82427b5f03acea14b9b35398fe3c75645be0667b53432b6
                                                                                                    • Instruction Fuzzy Hash: 83911779A00205DBEB289F68D8487EEB3E5FF50B14F0086ADE986D7299D731D944CF80
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA5050 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 119COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(0125957C,8C278AEA,00000000,?,?,?,?,?,?,00FA487E,0116F9CD,000000FF), ref: 00FA508D
                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00FA5108
                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00FA51AE
                                                                                                    • LeaveCriticalSection.KERNEL32(0125957C), ref: 00FA5203
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalCursorLoadSection$EnterLeave
                                                                                                    • String ID: v$AtlAxWin140$AtlAxWinLic140$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                    • API String ID: 3727441302-4127849342
                                                                                                    • Opcode ID: 7ef87bd07037344ca84656633e5c42ae5f99b1fe930a54fc5ef7af5919c8b821
                                                                                                    • Instruction ID: 95011f45e72732043b581310738dbadc7eff76a0bd558a947beb1c7e83fc2229
                                                                                                    • Opcode Fuzzy Hash: 7ef87bd07037344ca84656633e5c42ae5f99b1fe930a54fc5ef7af5919c8b821
                                                                                                    • Instruction Fuzzy Hash: B95107B1D503199FDB51CFA4E8887EEBBF8BB09718F50411AE804B7280DBB55A05CFA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010ED8D0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 43libraryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryW.KERNEL32(?,00000000,010D098B,?,?,?,?,?), ref: 010ED8E5
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoad
                                                                                                    • String ID: EndExtraction$ExtractAllFiles$GetTotalFilesSize$InitExtraction
                                                                                                    • API String ID: 1029625771-3462492388
                                                                                                    • Opcode ID: f8b1889717639c65153f08f9c49dd525041ba5fc0fda17a8c25d350d735dfa4c
                                                                                                    • Instruction ID: 14a3423019111363c90903831b2be5bd71c9718b0f87f79b0dc7e6044cb30853
                                                                                                    • Opcode Fuzzy Hash: f8b1889717639c65153f08f9c49dd525041ba5fc0fda17a8c25d350d735dfa4c
                                                                                                    • Instruction Fuzzy Hash: C2017C79900365DFCF78AF66F88C9657FB2F71831A300916EE94543248D7348891DF80
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010E9380 Relevance: 15.3, APIs: 10, Instructions: 334COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 3dbbd5b59468f23e8a39118f48e668bc377c992e65f623406b1669c570f60fe2
                                                                                                    • Instruction ID: 67e3af7ac0885f30c9c20d3269ae8ab2f1a9c7c660cc403789a62db9df2e0f22
                                                                                                    • Opcode Fuzzy Hash: 3dbbd5b59468f23e8a39118f48e668bc377c992e65f623406b1669c570f60fe2
                                                                                                    • Instruction Fuzzy Hash: 9FA11771640205AFEB21AF69EC88FAEBBE4FF44718F1041A9FD459B291DB75D900CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA32F0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 267memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FA3335
                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00FA3349
                                                                                                    • VariantInit.OLEAUT32(?), ref: 00FA3384
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FA33DA
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FA33E4
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FA33EE
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FA33FB
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                    Strings
                                                                                                    • <body><h3 style="color:green;">Error loading resource:</h3><p style="white-space:nowrap">"%s"</p></body>, xrefs: 00FA347B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Variant$Clear$AllocAllocateHeapInitString
                                                                                                    • String ID: <body><h3 style="color:green;">Error loading resource:</h3><p style="white-space:nowrap">"%s"</p></body>
                                                                                                    • API String ID: 1547307772-1571955069
                                                                                                    • Opcode ID: 0fe0251f502d673207adc05731594d2169fdefd3fdae2706de82c5b061cd66ee
                                                                                                    • Instruction ID: 8945f3bd041e79e838b350b0bdcd53fd7fb86810acca79dde97da2b6e0b5537f
                                                                                                    • Opcode Fuzzy Hash: 0fe0251f502d673207adc05731594d2169fdefd3fdae2706de82c5b061cd66ee
                                                                                                    • Instruction Fuzzy Hash: 0D916CB1D04249DFDB14DFA8D948BEEBBB8FF49324F148259E415E7290D774AA04CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010E3EF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 178fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                      • Part of subcall function 00F992A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00FB1134,00000000,?,00000010,?,*.*,?,80070057), ref: 00F992C3
                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,ps1,ps1,00000003,?,010C30A8), ref: 010E3FE3
                                                                                                    • WriteFile.KERNEL32(00000000,0000FEFF,00000002,?,00000000), ref: 010E4027
                                                                                                    • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 010E4044
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 010E405E
                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,00000000), ref: 010E409D
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$CloseHandleInit_thread_footerWrite$CreateFindHeapProcessResource
                                                                                                    • String ID: Unable to get temp file $Unable to save script file $ps1
                                                                                                    • API String ID: 2821137686-4253966538
                                                                                                    • Opcode ID: 72f012ffeb32ff85a458b44a9fa14a37f6d63ea0a007cfeb9ce57d01e332318e
                                                                                                    • Instruction ID: 07b67638a008d9a6047a1e1aa8c5427f78e504892e79de39180f42eb6cfacf3b
                                                                                                    • Opcode Fuzzy Hash: 72f012ffeb32ff85a458b44a9fa14a37f6d63ea0a007cfeb9ce57d01e332318e
                                                                                                    • Instruction Fuzzy Hash: 1351D470A00649AFEB14CBA9CD49BEEBFF8AF05714F148198F950EB2C1D7759904CBA4
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010D2DC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetSystemDefaultLangID.KERNEL32 ref: 010D2DFC
                                                                                                    • GetUserDefaultLangID.KERNEL32 ref: 010D2E09
                                                                                                    • LoadLibraryW.KERNEL32(kernel32.dll), ref: 010D2E1B
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemDefaultUILanguage), ref: 010D2E2F
                                                                                                    • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 010D2E44
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressDefaultLangProc$LibraryLoadSystemUser
                                                                                                    • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll
                                                                                                    • API String ID: 667524283-3528650308
                                                                                                    • Opcode ID: 245dcdcab58e9ebdc1c9f7541b682958ed9ef4a5b589dfafe315f72efbc26cde
                                                                                                    • Instruction ID: 5bab1d30eb93c4d6b3dc94a9b97ed7275b18c1a4ddf7a21c0b2eadb4e6f4d1e0
                                                                                                    • Opcode Fuzzy Hash: 245dcdcab58e9ebdc1c9f7541b682958ed9ef4a5b589dfafe315f72efbc26cde
                                                                                                    • Instruction Fuzzy Hash: 1D419E306083419FCB98EF28D4547BAB7E1AF98315F91086EF8C9C7241EB31D985CB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01148400 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 01148437
                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 0114843F
                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 011484C8
                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 011484F3
                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 01148548
                                                                                                    • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 0114855E
                                                                                                    • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 01148573
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
                                                                                                    • String ID: csm
                                                                                                    • API String ID: 1385549066-1018135373
                                                                                                    • Opcode ID: f55f9171345388cb6dde1b72d9f33c060789d8ff0b9204ea5b5ddcea3ef026a6
                                                                                                    • Instruction ID: 207e5c40b30f7e0a1b44cbb5238832f36d7aad8c53d5cc97f088281bd2f75cef
                                                                                                    • Opcode Fuzzy Hash: f55f9171345388cb6dde1b72d9f33c060789d8ff0b9204ea5b5ddcea3ef026a6
                                                                                                    • Instruction Fuzzy Hash: 3E41E434A002499FCF18EFA8C880BAEBFB4AF45B2CF048059E9189B356D731D915CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01092AF0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 248fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000), ref: 01092BDF
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 01092C07
                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 01092C49
                                                                                                    • CloseHandle.KERNEL32(?), ref: 01092C9E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseFileHandle$CreateWrite
                                                                                                    • String ID: .bat$EXE$open
                                                                                                    • API String ID: 3602564925-2898749727
                                                                                                    • Opcode ID: 0bcdd15a8de4829a75faef883a23ab35a74cf3fea16ccba7891807fb0e735498
                                                                                                    • Instruction ID: 164bc7c05591c5c3a8b4ab64eb2c9f0aa05ad0c281d44ccbfa18fcb077aa31e3
                                                                                                    • Opcode Fuzzy Hash: 0bcdd15a8de4829a75faef883a23ab35a74cf3fea16ccba7891807fb0e735498
                                                                                                    • Instruction Fuzzy Hash: 19A1C970902648EFEB14DFA8CD48B9EBBF4FF45314F2482A9E455AB291DB749904CF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA8680 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 151threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SetLastError.KERNEL32(0000000E,8C278AEA,?,?,00000000,?), ref: 00FA86BE
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00FA86FF
                                                                                                    • EnterCriticalSection.KERNEL32(0125957C), ref: 00FA871F
                                                                                                    • LeaveCriticalSection.KERNEL32(0125957C), ref: 00FA8743
                                                                                                    • CreateWindowExW.USER32(00000000,00000000,00000000,0125957C,?,80000000,00000000,80000000,00000000,00000000,00000000), ref: 00FA879E
                                                                                                      • Part of subcall function 01144245: GetProcessHeap.KERNEL32(00000008,00000008,00000000,010D35FE,?,?,?,?,?,?), ref: 0114424A
                                                                                                      • Part of subcall function 01144245: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?), ref: 01144251
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalHeapSection$AllocCreateCurrentEnterErrorLastLeaveProcessThreadWindow
                                                                                                    • String ID: v$AXWIN UI Window
                                                                                                    • API String ID: 213679520-2690018532
                                                                                                    • Opcode ID: 60f603ebfc695ff23a2f53d2616c0a378bc59bc104fd8d5615c30c1c3b140d11
                                                                                                    • Instruction ID: 68747eca88f4f1e07a4d21664d7c3b1c7bd461b67dee828b60554d5f0f25723d
                                                                                                    • Opcode Fuzzy Hash: 60f603ebfc695ff23a2f53d2616c0a378bc59bc104fd8d5615c30c1c3b140d11
                                                                                                    • Instruction Fuzzy Hash: 8651B271A00305AFDB20CF55ED44B9ABBF8FB49B64F104129FD15A7380D7B1A811CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FAC6D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __Init_thread_footer.LIBCMT ref: 00FAC7BF
                                                                                                      • Part of subcall function 01144B58: EnterCriticalSection.KERNEL32(01257FD8,00000000,?,010B3CA1,01259C74), ref: 01144B62
                                                                                                      • Part of subcall function 01144B58: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3CA1,01259C74), ref: 01144B95
                                                                                                      • Part of subcall function 01144B58: RtlWakeAllConditionVariable.NTDLL ref: 01144C0C
                                                                                                    • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,?,8C278AEC), ref: 00FAC813
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00FAC870
                                                                                                      • Part of subcall function 01144BA2: EnterCriticalSection.KERNEL32(01257FD8,?,00000000,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BAD
                                                                                                      • Part of subcall function 01144BA2: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BEA
                                                                                                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,00000000,?), ref: 00FAC8D4
                                                                                                    • CloseHandle.KERNEL32(00000000,753CE610), ref: 00FAC8FA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$CloseEnterFileHandleLeave$ConditionCreateInit_thread_footerVariableWakeWrite
                                                                                                    • String ID: aix$html
                                                                                                    • API String ID: 2030708724-2369804267
                                                                                                    • Opcode ID: e4226c8501839aeee9cae3bf612dacaf8af82af9cd964c0770b6f831e0afdb79
                                                                                                    • Instruction ID: d95aa22bb058cb215821dee82760c723ceff70c3126bd5637a327f6f4349d95e
                                                                                                    • Opcode Fuzzy Hash: e4226c8501839aeee9cae3bf612dacaf8af82af9cd964c0770b6f831e0afdb79
                                                                                                    • Instruction Fuzzy Hash: 56617AB0900348DFEF28CFA4E998B9EBBB4BB1571CF10415DE401AB684D7B96948CF91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00F9D970 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 139COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: .dll$CoIncrementMTAUsage$DllGetActivationFactory$RoGetActivationFactory$Windows.Foundation.Uri$combase.dll
                                                                                                    • API String ID: 0-3956872289
                                                                                                    • Opcode ID: 32978f79d8c9a7d61508651175caa308f6551cb7899dca89627c93e6befbde3f
                                                                                                    • Instruction ID: 40317aeeef14aa18422bb662927651dffe566260597ad896d76c0833be6ef6ee
                                                                                                    • Opcode Fuzzy Hash: 32978f79d8c9a7d61508651175caa308f6551cb7899dca89627c93e6befbde3f
                                                                                                    • Instruction Fuzzy Hash: 19518D71D01219DFDF04DF95C945BAEBBB4FB05714F20452AE911A7380CBB96A04DBD1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00F92860 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 135COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(01259358,00000000,8C278AEA,00000000,011A84A3,000000FF,?,8C278AEA), ref: 00F929D3
                                                                                                    • GetLastError.KERNEL32(?,8C278AEA), ref: 00F929DD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CountCriticalErrorInitializeLastSectionSpin
                                                                                                    • String ID: VolumeCostAvailable$VolumeCostDifference$VolumeCostRequired$VolumeCostSize$VolumeCostVolume
                                                                                                    • API String ID: 439134102-34576578
                                                                                                    • Opcode ID: 6cedeb8f20b4ef4f14b92b1c8b52da72477a97b836c81a5e28c616dd405fef8b
                                                                                                    • Instruction ID: 7c9f26e4cecaf48df78891bbc4499231d1ca4f6cc48552ca9c780f266135713f
                                                                                                    • Opcode Fuzzy Hash: 6cedeb8f20b4ef4f14b92b1c8b52da72477a97b836c81a5e28c616dd405fef8b
                                                                                                    • Instruction Fuzzy Hash: CF51BFB1D00709EBDF28CFA5E94979EBBF4FB04728F104229D815A7280E7799A44DB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010F0940 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000023,?,?), ref: 010F0950
                                                                                                    • LoadLibraryW.KERNEL32(Shell32.dll), ref: 010F0963
                                                                                                    • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 010F0973
                                                                                                    • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 010F09FC
                                                                                                    • SHGetMalloc.SHELL32(?), ref: 010F0A3E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressFolderFromLibraryListLoadLocationMallocPathProcSpecial
                                                                                                    • String ID: SHGetSpecialFolderPathW$Shell32.dll
                                                                                                    • API String ID: 2352187698-2988203397
                                                                                                    • Opcode ID: bb5e877feefd4b13a56c0489b6a721ac8537e9ae892f4d2938c89dffa378803a
                                                                                                    • Instruction ID: 27de4b9916e8ee4f97de8affb220334789eac87524cc364a9e72ee4e59a6a7ef
                                                                                                    • Opcode Fuzzy Hash: bb5e877feefd4b13a56c0489b6a721ac8537e9ae892f4d2938c89dffa378803a
                                                                                                    • Instruction Fuzzy Hash: 7731F271A007029BFB259F18D84AB2B7BF6AF84710F44846CFAC587589FBB19485CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0108A4D0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderwindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __Init_thread_footer.LIBCMT ref: 0108A560
                                                                                                      • Part of subcall function 01144B58: EnterCriticalSection.KERNEL32(01257FD8,00000000,?,010B3CA1,01259C74), ref: 01144B62
                                                                                                      • Part of subcall function 01144B58: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3CA1,01259C74), ref: 01144B95
                                                                                                      • Part of subcall function 01144B58: RtlWakeAllConditionVariable.NTDLL ref: 01144C0C
                                                                                                    • GetProcAddress.KERNEL32(SetWindowTheme), ref: 0108A59D
                                                                                                    • __Init_thread_footer.LIBCMT ref: 0108A5B4
                                                                                                    • SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 0108A5DF
                                                                                                      • Part of subcall function 01144BA2: EnterCriticalSection.KERNEL32(01257FD8,?,00000000,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BAD
                                                                                                      • Part of subcall function 01144BA2: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BEA
                                                                                                      • Part of subcall function 01067A10: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 01067A51
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterInit_thread_footerLeave$AddressConditionDirectoryMessageProcSendSystemVariableWake
                                                                                                    • String ID: SetWindowTheme$UxTheme.dll$explorer
                                                                                                    • API String ID: 3410024541-3123591815
                                                                                                    • Opcode ID: 1e396aae0e9b8c684a0972f81706b1e86171232229a1fae06fc752b6bdfa2bd5
                                                                                                    • Instruction ID: 8cafc524777b3eeeb6442f506a3d4ce74e44185650cb1fa787467f4962e34056
                                                                                                    • Opcode Fuzzy Hash: 1e396aae0e9b8c684a0972f81706b1e86171232229a1fae06fc752b6bdfa2bd5
                                                                                                    • Instruction Fuzzy Hash: 8021F670B44701EFDB24EF59E88DB9977E4E710B28F100619E960A3B84D774A980CB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B6800 Relevance: 12.2, APIs: 8, Instructions: 155COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowLongW.USER32(?,000000EB), ref: 010B6811
                                                                                                    • EndDialog.USER32(?,00000000), ref: 010B68E9
                                                                                                      • Part of subcall function 010B6210: SendMessageW.USER32(?,0000000B,00000000,00000000), ref: 010B6242
                                                                                                      • Part of subcall function 010B6210: GetWindowLongW.USER32(?,000000F0), ref: 010B6248
                                                                                                      • Part of subcall function 010B6210: GetDlgItem.USER32(?,?), ref: 010B62BA
                                                                                                      • Part of subcall function 010B6210: GetWindowRect.USER32(00000000,?), ref: 010B62D2
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Long$DialogItemMessageRectSend
                                                                                                    • String ID:
                                                                                                    • API String ID: 188208873-0
                                                                                                    • Opcode ID: da70eb1639392fb55a130b4ae27c095339ab30e6d3a53c05c09c8998d2d7ae23
                                                                                                    • Instruction ID: a0d6d8e4769475113bb5ca06024b11ae8953c23358084d6d2325f1bdbc258832
                                                                                                    • Opcode Fuzzy Hash: da70eb1639392fb55a130b4ae27c095339ab30e6d3a53c05c09c8998d2d7ae23
                                                                                                    • Instruction Fuzzy Hash: 8A4103323402145BDB349E6CAC88BFB3BDCDB85331F00076AFEA2C76D0C663981196A1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FAF720 Relevance: 12.1, APIs: 8, Instructions: 138COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowRect.USER32(?,?), ref: 00FAF74A
                                                                                                    • GetWindow.USER32(?,00000005), ref: 00FAF757
                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 00FAF892
                                                                                                      • Part of subcall function 00FAF5A0: GetWindowRect.USER32(?,?), ref: 00FAF5CC
                                                                                                      • Part of subcall function 00FAF5A0: GetWindowRect.USER32(?,?), ref: 00FAF5DC
                                                                                                    • GetWindowRect.USER32(?,?), ref: 00FAF7EB
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00FAF7FB
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00FAF815
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Rect
                                                                                                    • String ID:
                                                                                                    • API String ID: 3200805268-0
                                                                                                    • Opcode ID: 898322a9217ea142705acab94d68d3b9173b6298c456f4df672f53cdbd2bbeee
                                                                                                    • Instruction ID: 60ead627702c114ff21a2cdc36a0d9afcbb43d0510f204bf13f39fa2a3267b10
                                                                                                    • Opcode Fuzzy Hash: 898322a9217ea142705acab94d68d3b9173b6298c456f4df672f53cdbd2bbeee
                                                                                                    • Instruction Fuzzy Hash: BD41AC719047009FC321DF68C980A6BF7E9BF9A744F504A2DF4869B521EB34F988CB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 011440E3 Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,0114428D,?,?,?,?,?,?,?), ref: 01144107
                                                                                                    • HeapAlloc.KERNEL32(00000000,?,0114428D,?,?,?,?,?,?,?), ref: 0114410E
                                                                                                      • Part of subcall function 011441D9: IsProcessorFeaturePresent.KERNEL32(0000000C,011440F5,00000000,?,0114428D,?,?,?,?,?,?,?), ref: 011441DB
                                                                                                    • InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,0114428D,?,?,?,?,?,?,?), ref: 0114411E
                                                                                                    • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,0114428D,?,?,?,?,?,?,?), ref: 01144145
                                                                                                    • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,0114428D,?,?,?,?,?,?,?), ref: 01144159
                                                                                                    • InterlockedPopEntrySList.KERNEL32(00000000,?,0114428D,?,?,?,?,?,?,?), ref: 0114416C
                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,0114428D,?,?,?,?,?,?,?), ref: 0114417F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
                                                                                                    • String ID:
                                                                                                    • API String ID: 2460949444-0
                                                                                                    • Opcode ID: 731211d00b8c6ca742a6e258937fc2ce49fda00125b69c530fdb8f6cc070f0cd
                                                                                                    • Instruction ID: 67be2c43d8e205b8b54fb320f1f8891681fa58ccd7d95de7a8617da22d5b29f5
                                                                                                    • Opcode Fuzzy Hash: 731211d00b8c6ca742a6e258937fc2ce49fda00125b69c530fdb8f6cc070f0cd
                                                                                                    • Instruction Fuzzy Hash: 3011E771B41615BFF3395B68AC48F6A3AADFB54F99F150030FA51E6648DB20EC4087A0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FD5820 Relevance: 10.9, APIs: 7, Instructions: 431memorysynchronizationthreadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00FD5970,011D8DD8,00000000,?), ref: 00FD58EA
                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00FD5903
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00FD5919
                                                                                                    • GetProcessHeap.KERNEL32(?,00000000), ref: 00FD5ACB
                                                                                                    • HeapFree.KERNEL32(00000000,?,00000000), ref: 00FD5AD1
                                                                                                    • GetProcessHeap.KERNEL32(?,00000000), ref: 00FD5B4A
                                                                                                    • HeapFree.KERNEL32(00000000,?,00000000), ref: 00FD5B50
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$Process$FreeInit_thread_footer$CloseCreateHandleObjectSingleThreadWait
                                                                                                    • String ID:
                                                                                                    • API String ID: 351222376-0
                                                                                                    • Opcode ID: 24c3d86281177d8052369426ff2da7818b7619a598e0bf051085fc92c8c79311
                                                                                                    • Instruction ID: 7d164d02bd2023baf7b5ea3bdbc22068dbe44ef311bcac468cf14c8e8bdb89c9
                                                                                                    • Opcode Fuzzy Hash: 24c3d86281177d8052369426ff2da7818b7619a598e0bf051085fc92c8c79311
                                                                                                    • Instruction Fuzzy Hash: B7028DB0D00249DFDB14DFA8C944BEEBBB9FF44714F24815AE415AB381DB74AA44DBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AEA80 Relevance: 10.9, APIs: 7, Instructions: 413fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,8C278AEA), ref: 010AEBC9
                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00001000,?,00000000,00001000), ref: 010AEC3B
                                                                                                    • ReadFile.KERNEL32(?,00000000,00001000,00000000,00000000,?,00000000,00000000), ref: 010AEEDC
                                                                                                    • CloseHandle.KERNEL32(?), ref: 010AEF3A
                                                                                                      • Part of subcall function 010AEA80: LoadStringW.USER32(000000A1,?,00000514,8C278AEA), ref: 010AE9E6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$Init_thread_footerRead$CloseCreateHandleHeapLoadProcessString
                                                                                                    • String ID:
                                                                                                    • API String ID: 1714711150-0
                                                                                                    • Opcode ID: 04f3a30419d9fdecdae7ac8efc493eea6dbf99491d8410f007b3a652377bd4e0
                                                                                                    • Instruction ID: 4d314c6d7ca7738084e6cd47b86bda627c245f460cb0ee1c783e91ef661a7d67
                                                                                                    • Opcode Fuzzy Hash: 04f3a30419d9fdecdae7ac8efc493eea6dbf99491d8410f007b3a652377bd4e0
                                                                                                    • Instruction Fuzzy Hash: 54F1BD71E00318DBEB24CFA8C848BAEBBF5FF45314F64825DE555AB281D774AA44CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DEAB0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 319synchronizationfileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,00000000,?,?,?,?), ref: 010DEDBA
                                                                                                      • Part of subcall function 00F992A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00FB1134,00000000,?,00000010,?,*.*,?,80070057), ref: 00F992C3
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                    • ResetEvent.KERNEL32(00000000,8C278AEA,?,?,00000000,011B614D,000000FF,?,80004005), ref: 010DEE4F
                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,00000000,011B614D,000000FF,?,80004005), ref: 010DEE6F
                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000,011B614D,000000FF,?,80004005), ref: 010DEE7A
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HeapInit_thread_footerObjectSingleWait$AllocateDeleteEventFileFindProcessResetResource
                                                                                                    • String ID: TEST$tin9999.tmp
                                                                                                    • API String ID: 3248508590-3424081289
                                                                                                    • Opcode ID: b8d3ca3f649bd296f9a6b9c59b920c28072f51f6b4e5765fa0297a3f9bd19c03
                                                                                                    • Instruction ID: deaefc222f35409197fc870d4681571e39c88b853178789fe358df8975fa1303
                                                                                                    • Opcode Fuzzy Hash: b8d3ca3f649bd296f9a6b9c59b920c28072f51f6b4e5765fa0297a3f9bd19c03
                                                                                                    • Instruction Fuzzy Hash: 03C1C271905649DFDB14DF68CD48BAEBBF4EF04320F1486ADE856AB280DB74AA04CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FAC940 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 284registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,Caphyon.AI.ExtUI.IEClickSoundRemover,8C278AEA), ref: 00FAC9CE
                                                                                                    • GetLastError.KERNEL32 ref: 00FAC9ED
                                                                                                    • RegCloseKey.ADVAPI32(?,011D446C,00000000,011D446C,00000000,00000000,80000001,00000001,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033), ref: 00FACC7D
                                                                                                    • CloseHandle.KERNEL32(00000005,8C278AEA,?,?,00000000,01170F5D,000000FF,?,011D446C,00000000,011D446C,00000000,00000000,80000001,00000001,00000000), ref: 00FACD0E
                                                                                                    Strings
                                                                                                    • AppEvents\Schemes\Apps\Explorer\Navigating\.Current, xrefs: 00FACA35
                                                                                                    • Caphyon.AI.ExtUI.IEClickSoundRemover, xrefs: 00FAC9C3
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Close$CreateErrorEventHandleLast
                                                                                                    • String ID: AppEvents\Schemes\Apps\Explorer\Navigating\.Current$Caphyon.AI.ExtUI.IEClickSoundRemover
                                                                                                    • API String ID: 1253123496-2079760225
                                                                                                    • Opcode ID: 3583b31ded7a7edf5c460dac6f5be72b3622751a60309450bd3040de8567441c
                                                                                                    • Instruction ID: ddb7a8bd45da5cfd7e8baaa62fa1c9a80ab9fc99950e9636a496219f6313f034
                                                                                                    • Opcode Fuzzy Hash: 3583b31ded7a7edf5c460dac6f5be72b3622751a60309450bd3040de8567441c
                                                                                                    • Instruction Fuzzy Hash: 46C1ADB0E10348DFDB14CFA8C988BAEBBB4FF45714F24425DE459A7680D7786A44CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FAAAC0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 269COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(01259338,8C278AEA,?,?,?,?,?,?,?,?,?,?,?,?,00000000,01170855), ref: 00FAAB2A
                                                                                                    • GetModuleFileNameW.KERNEL32(0000FFFF,00000104,?,?,?,?,?,?,?,?,?,?,?,?,00000000,01170855), ref: 00FAABAA
                                                                                                    • EnterCriticalSection.KERNEL32(01259354,?,?,?,?,?,?,?,?,?,?,?,00000000,01170855,000000FF), ref: 00FAAD63
                                                                                                    • LeaveCriticalSection.KERNEL32(01259354,?,?,?,?,?,?,?,?,?,?,00000000,01170855,000000FF), ref: 00FAAD84
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$Enter$FileLeaveModuleName
                                                                                                    • String ID: v
                                                                                                    • API String ID: 1807155316-3261393531
                                                                                                    • Opcode ID: 28130a8ad9c0a8bd06de08363464216845e5f9d184fdd7637333d697c4a39a80
                                                                                                    • Instruction ID: 274d1950f8ada05026f87e0309919bd3327d1ecae413621c66238e62e13f7e42
                                                                                                    • Opcode Fuzzy Hash: 28130a8ad9c0a8bd06de08363464216845e5f9d184fdd7637333d697c4a39a80
                                                                                                    • Instruction Fuzzy Hash: 95B181B0E00349DFDB21CFA4D888BAEBBB4BF49314F144199E845AB281D775AD48DB61
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00F9F710 Relevance: 10.7, APIs: 7, Instructions: 204memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00F9F804
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00F9F879
                                                                                                    • GetProcessHeap.KERNEL32(?,?), ref: 00F9F8E9
                                                                                                    • HeapFree.KERNEL32(00000000,?,?), ref: 00F9F8EF
                                                                                                    • GetProcessHeap.KERNEL32(?,00000000,?,00000000,00000000,00000000,8C278AEA,011EB768,00000000), ref: 00F9F91C
                                                                                                    • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,8C278AEA,011EB768,00000000), ref: 00F9F922
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00F9F93A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Free$Heap$String$Process
                                                                                                    • String ID:
                                                                                                    • API String ID: 2680101141-0
                                                                                                    • Opcode ID: a2669711a94edc704d3c338c6df4123becbe0bccc25d77f746114dc5d7285442
                                                                                                    • Instruction ID: d67851ffa5343602b46c4f21d66c2f6df9f691f9d1c7eaa72abea45276b9caec
                                                                                                    • Opcode Fuzzy Hash: a2669711a94edc704d3c338c6df4123becbe0bccc25d77f746114dc5d7285442
                                                                                                    • Instruction Fuzzy Hash: E0814F70D0025ADFEF14DFA8C844BEEBBB4BF15724F244569E414E7281D778AA08DBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AADE0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RemoveDirectoryW.KERNEL32(?,00000000,?,\\?\,00000004,?,?,?,011A8D5D,000000FF,?,010AB0F6,?), ref: 010AAE83
                                                                                                      • Part of subcall function 00F992A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00FB1134,00000000,?,00000010,?,*.*,?,80070057), ref: 00F992C3
                                                                                                    • RemoveDirectoryW.KERNEL32(?,8C278AEA,?,?,?,?,011A8D5D,000000FF,?,010AB0F6,?,00000000), ref: 010AAEB2
                                                                                                    • GetLastError.KERNEL32(?,8C278AEA,?,?,?,?,011A8D5D,000000FF,?,010AB0F6,?,00000000), ref: 010AAEC2
                                                                                                    • DeleteFileW.KERNEL32(?,00000000,?,\\?\,00000004,?,?,?,00000000,011A8D5D,000000FF,?,80004005,8C278AEA,?), ref: 010AAF93
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,011A8D5D,000000FF,?,80004005,8C278AEA,?,?,?,?,011A8D5D,000000FF), ref: 010AAFD2
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DirectoryErrorInit_thread_footerLastRemove$DeleteFileFindHeapProcessResource
                                                                                                    • String ID: \\?\
                                                                                                    • API String ID: 34920479-4282027825
                                                                                                    • Opcode ID: e95715159e7cb0d2b290d80edaf3410c25be06112829ff919c055e65884ece2e
                                                                                                    • Instruction ID: 1846469b1713e6a461853e0f593a5a107ab0cba2d26dbd905efc6c41f18b9914
                                                                                                    • Opcode Fuzzy Hash: e95715159e7cb0d2b290d80edaf3410c25be06112829ff919c055e65884ece2e
                                                                                                    • Instruction Fuzzy Hash: A451AF71A01615DFDB18DFA8C848BAEB7E8EF05321F504A9AE9A1D72D0DB759900CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA8120 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 157COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(0125957C,8C278AEA,00000000,01259598), ref: 00FA8193
                                                                                                    • LeaveCriticalSection.KERNEL32(0125957C), ref: 00FA81F8
                                                                                                    • LoadCursorW.USER32(00F90000,?), ref: 00FA8254
                                                                                                    • LeaveCriticalSection.KERNEL32(0125957C), ref: 00FA82EB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$Leave$CursorEnterLoad
                                                                                                    • String ID: v$ATL:%p
                                                                                                    • API String ID: 2080323225-109518622
                                                                                                    • Opcode ID: 6158ca28a0c4abdc259bcf0f3d52a17ed7e5e508da57b8b4ea9c811d17500dc8
                                                                                                    • Instruction ID: ca0c69402b013941f7e00cf5c9b9b120b93a64b2da196c166b2a0c75473e5ba1
                                                                                                    • Opcode Fuzzy Hash: 6158ca28a0c4abdc259bcf0f3d52a17ed7e5e508da57b8b4ea9c811d17500dc8
                                                                                                    • Instruction Fuzzy Hash: 53518CB1D04B449BDB21CF69D9457AABBF4FF19764F00461DE896A3640EB70A980CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FC3970 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 124windowstringCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendMessageW.USER32(?,0000043A,00000000,00000074), ref: 00FC39E5
                                                                                                    • lstrcpynW.KERNEL32(?,?,00000020), ref: 00FC3A5B
                                                                                                    • MulDiv.KERNEL32(?,00000048,00000000), ref: 00FC3A98
                                                                                                    • SendMessageW.USER32(?,00000444,00000000,00000074), ref: 00FC3ACA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$lstrcpyn
                                                                                                    • String ID: ?$t
                                                                                                    • API String ID: 3928028829-1995845436
                                                                                                    • Opcode ID: 8dd43aedadde88d179f0823a72e852279aba598b55eea5940aedd55b1b503101
                                                                                                    • Instruction ID: 39fb58a89e743a5289522afbfcfc4ed351bb5a551f756e4787460b825f148692
                                                                                                    • Opcode Fuzzy Hash: 8dd43aedadde88d179f0823a72e852279aba598b55eea5940aedd55b1b503101
                                                                                                    • Instruction Fuzzy Hash: 23515F71A04341AFE730DF64D94AF9BBBE8EB88705F00491DF699D6181D774E508CB52
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AC720 Relevance: 10.6, APIs: 7, Instructions: 108processsynchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • Wow64DisableWow64FsRedirection.KERNEL32(00000000,8C278AEA,00000010), ref: 010AC767
                                                                                                    • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,8C278AEA,011AC52D), ref: 010AC7DF
                                                                                                    • GetLastError.KERNEL32 ref: 010AC7F0
                                                                                                    • WaitForSingleObject.KERNEL32(011AC52D,000000FF), ref: 010AC80C
                                                                                                    • GetExitCodeProcess.KERNEL32(011AC52D,00000000), ref: 010AC81D
                                                                                                    • CloseHandle.KERNEL32(011AC52D), ref: 010AC827
                                                                                                    • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 010AC842
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Wow64$ProcessRedirection$CloseCodeCreateDisableErrorExitHandleLastObjectRevertSingleWait
                                                                                                    • String ID:
                                                                                                    • API String ID: 1153077990-0
                                                                                                    • Opcode ID: 1b3321cc9191e2c6a171aca9f10c45b11bd3d74cb4549a69a444da41d45dfb79
                                                                                                    • Instruction ID: 09e44c3c1e7b720d9f35aa550571e02da20539e01cf1b1e4280f3c32808f03f7
                                                                                                    • Opcode Fuzzy Hash: 1b3321cc9191e2c6a171aca9f10c45b11bd3d74cb4549a69a444da41d45dfb79
                                                                                                    • Instruction Fuzzy Hash: 04416F71E04389AFEB14CFA9C9087EEBBF8BF49314F144269E865A7184D7749940CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B5290 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryW.KERNEL32(Shlwapi.dll,?,?,?,?,010C0731,?,8C278AEA,?,?), ref: 010B52AB
                                                                                                    • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 010B52C1
                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 010B52FA
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,?,010C0731,?,8C278AEA,?,?), ref: 010B5316
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Library$Free$AddressLoadProc
                                                                                                    • String ID: DllGetVersion$Shlwapi.dll
                                                                                                    • API String ID: 1386263645-2240825258
                                                                                                    • Opcode ID: 065bb92d5ba056543fcd7173f517cb25edb44065b83e01662b272dbd9ff196b2
                                                                                                    • Instruction ID: 1a6344a7b85358db96dc81116ec8aff4f167834351663fe6febaf64d7bd2cc32
                                                                                                    • Opcode Fuzzy Hash: 065bb92d5ba056543fcd7173f517cb25edb44065b83e01662b272dbd9ff196b2
                                                                                                    • Instruction Fuzzy Hash: 3321D4766003058BD314AF29E8846AFB7E4BFEDA04F8009ADF585C3300FB71D84487A2
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115E202 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,0115E30F,?,?,?,00000000,00000000,?,0115E579,00000021,FlsSetValue,011CE06C,011CE074,?), ref: 0115E2C3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FreeLibrary
                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                    • API String ID: 3664257935-537541572
                                                                                                    • Opcode ID: 2991ef1415898f2a092113abb37764776f0408d5101e3a12228d12125ff387eb
                                                                                                    • Instruction ID: cee6f5be863a0c91cde6a36f03624b401016fe0e47bb885158226b0e3cdc4438
                                                                                                    • Opcode Fuzzy Hash: 2991ef1415898f2a092113abb37764776f0408d5101e3a12228d12125ff387eb
                                                                                                    • Instruction Fuzzy Hash: 22213D32E02215EFDB7E9B69EC45A5ABB699B417E4F110120ED35A7288D770EF00C7D1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0114191C Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,01141997,011418FA,01141B9B), ref: 01141933
                                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 01141949
                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 0114195E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                    • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                    • API String ID: 667068680-1718035505
                                                                                                    • Opcode ID: d15ee01ebe5ce263f57d3f0e6c4a8a491ea0cde439d2be5754b081abb78663cd
                                                                                                    • Instruction ID: eeb73e8e665fe4f2bfb18f8898d4cd893395df9ebb7917c5ffd9eeef9d17d106
                                                                                                    • Opcode Fuzzy Hash: d15ee01ebe5ce263f57d3f0e6c4a8a491ea0cde439d2be5754b081abb78663cd
                                                                                                    • Instruction Fuzzy Hash: 8FF0AF296A1226FB5F3D5DA8D8C567ABADE5B05E58309003EDD42D3504F720A5C1CBD1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FC64D0 Relevance: 9.2, APIs: 6, Instructions: 178windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendMessageW.USER32(?,00000318,00000000,00000004), ref: 00FC6537
                                                                                                    • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 00FC655F
                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00FC6577
                                                                                                    • SendMessageW.USER32(?,0000130A,00000000,?), ref: 00FC65A8
                                                                                                    • GetParent.USER32(?), ref: 00FC6684
                                                                                                    • SendMessageW.USER32(00000000,00000136,?,?), ref: 00FC6695
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$Parent
                                                                                                    • String ID:
                                                                                                    • API String ID: 1020955656-0
                                                                                                    • Opcode ID: 3af9d01e9cb2433b09c3e50d24fe3fb5343be71e6040b81f5657750672ac2c7a
                                                                                                    • Instruction ID: 1b70593ee8b6e6f1a452791b59ace358bf6391edaffa9eda66fabe9b58c76f5d
                                                                                                    • Opcode Fuzzy Hash: 3af9d01e9cb2433b09c3e50d24fe3fb5343be71e6040b81f5657750672ac2c7a
                                                                                                    • Instruction Fuzzy Hash: 81610772940318AFDB229FE4DD49FAEBBB9FF08710F540119FA19AB294D7706911CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B6210 Relevance: 9.2, APIs: 6, Instructions: 155windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendMessageW.USER32(?,0000000B,00000000,00000000), ref: 010B6242
                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 010B6248
                                                                                                    • GetDlgItem.USER32(?,?), ref: 010B62BA
                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 010B62D2
                                                                                                    • SetWindowPos.USER32(00000014,00000000,?,00000002,00000002,?,00000014,?,00000002,00000002,?,?,?,000000F0,?,00000000), ref: 010B635F
                                                                                                    • SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 010B6393
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$MessageSend$ItemLongRect
                                                                                                    • String ID:
                                                                                                    • API String ID: 3432912040-0
                                                                                                    • Opcode ID: 16d4fcddda63fc44bf9cab0a73e36277b6a9d43b1ba7e67a081a8d04abe5e500
                                                                                                    • Instruction ID: c65dc831b95903e788510a4676229ea96e160639ff4bdf000810688b69c2c6b1
                                                                                                    • Opcode Fuzzy Hash: 16d4fcddda63fc44bf9cab0a73e36277b6a9d43b1ba7e67a081a8d04abe5e500
                                                                                                    • Instruction Fuzzy Hash: 8F514A302043019FE724CF28D9C9B6ABBE1FF84B04F548A5DFA859B295DB72E844CB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0108A2A0 Relevance: 9.2, APIs: 6, Instructions: 155windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendMessageW.USER32(?,00001036,00010000,00000000), ref: 0108A30B
                                                                                                    • GetParent.USER32(00000000), ref: 0108A35E
                                                                                                    • GetWindowRect.USER32(00000000), ref: 0108A361
                                                                                                    • GetParent.USER32(00000000), ref: 0108A370
                                                                                                      • Part of subcall function 010439A0: GetWindowRect.USER32(?,?), ref: 01043A32
                                                                                                      • Part of subcall function 010439A0: GetWindowRect.USER32(?,?), ref: 01043A4A
                                                                                                    • SendMessageW.USER32(?,00001026,00000000,000000FF), ref: 0108A460
                                                                                                    • SendMessageW.USER32(?,0000108A,00000000,00000011), ref: 0108A473
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageRectSendWindow$Parent
                                                                                                    • String ID:
                                                                                                    • API String ID: 425339167-0
                                                                                                    • Opcode ID: 38fc9fcaab09d84db1757be95403981ffae818eb13ea3679a4630549bc76377b
                                                                                                    • Instruction ID: 1377a32ad84d20187d877585fdb1a5c17525ca42e2638556b418c597a1826f2a
                                                                                                    • Opcode Fuzzy Hash: 38fc9fcaab09d84db1757be95403981ffae818eb13ea3679a4630549bc76377b
                                                                                                    • Instruction Fuzzy Hash: A8514C71D00748AFDB21DFA8D949BDEBBF8EF59710F14435AE805A7291E7706980CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FCDCC0 Relevance: 9.2, APIs: 6, Instructions: 153COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00FCDD0A
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00FCDD2C
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCDD54
                                                                                                    • __Getctype.LIBCPMT ref: 00FCDE35
                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00FCDE97
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCDEC1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                    • String ID:
                                                                                                    • API String ID: 1102183713-0
                                                                                                    • Opcode ID: dba289a5073400cbf0ed8bd33f188c1add5fa9eb2fbe3104e92fe487e70f8025
                                                                                                    • Instruction ID: c21e0b2ddeeec5c62e5d1bf71b3c505f9ac494c23ec7b7168df38d0925df7493
                                                                                                    • Opcode Fuzzy Hash: dba289a5073400cbf0ed8bd33f188c1add5fa9eb2fbe3104e92fe487e70f8025
                                                                                                    • Instruction Fuzzy Hash: 6761BFB1D0074ACFDB14CF58D945B9EBBF0AF24714F14829DD845AB341E734AA84CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FCDAC0 Relevance: 9.1, APIs: 6, Instructions: 140COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00FCDAFD
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00FCDB1F
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCDB47
                                                                                                    • __Getcoll.LIBCPMT ref: 00FCDC11
                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00FCDC56
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00FCDC8E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                                                                                    • String ID:
                                                                                                    • API String ID: 1184649410-0
                                                                                                    • Opcode ID: 19199762a7db182dc780336827a55bdfc1888874f958e990f88950927a8ae5e1
                                                                                                    • Instruction ID: 5050d4f0bd80e198ca381b17e3f16f483c7d145dcfaac37b17b4ef7de775b986
                                                                                                    • Opcode Fuzzy Hash: 19199762a7db182dc780336827a55bdfc1888874f958e990f88950927a8ae5e1
                                                                                                    • Instruction Fuzzy Hash: B651A8B0C01209DFDB15CF98EA81B9DBBB0FF54328F24416EE815AB280D774AA45DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B63D0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 327COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000080,00000001,Close,50000001,?,00000128,?,00000032,0000000E,00000082,000001F5,?,50000000,?,00000026), ref: 010B66BB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HandleModule
                                                                                                    • String ID: Close$Copy$Details >>$Send Error Report
                                                                                                    • API String ID: 4139908857-113472931
                                                                                                    • Opcode ID: 10a5698262d2f726fc774537045e62761d84aa4592aacb4e98190d97397ad4e3
                                                                                                    • Instruction ID: 2a7aabf1d365863f882765171e487b518ecb9271620cf9a216fccd09a48b7e41
                                                                                                    • Opcode Fuzzy Hash: 10a5698262d2f726fc774537045e62761d84aa4592aacb4e98190d97397ad4e3
                                                                                                    • Instruction Fuzzy Hash: 86C19E70A41605EBEB14CF68CC95BEEB7B5BF54710F104269F551BB2C0EBB1A901CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01146303 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,?,011462FA,011462C6,?,?,00FCAEBD,010A9A40,?,00000008), ref: 01146311
                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0114631F
                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 01146338
                                                                                                    • SetLastError.KERNEL32(00000000,011462FA,011462C6,?,?,00FCAEBD,010A9A40,?,00000008), ref: 0114638A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                    • String ID:
                                                                                                    • API String ID: 3852720340-0
                                                                                                    • Opcode ID: 13d7b039324152123ccf017c65d10008df1c29bdef37b30f314ea48cd11dd47d
                                                                                                    • Instruction ID: 2bfb5bc3088661e53ef159b96567317f2f9532b5ab61ff5af4a1eef4a5025c09
                                                                                                    • Opcode Fuzzy Hash: 13d7b039324152123ccf017c65d10008df1c29bdef37b30f314ea48cd11dd47d
                                                                                                    • Instruction Fuzzy Hash: B701FC3220D7565FA73D16B8BCC96972B98EB06EBC720033EF924550D8EF654C10D690
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00F987E0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 238COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __Init_thread_footer.LIBCMT ref: 00F988C5
                                                                                                    • __Init_thread_footer.LIBCMT ref: 00F9893F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer
                                                                                                    • String ID: </a>$<a href="$<a>
                                                                                                    • API String ID: 1385522511-4210067781
                                                                                                    • Opcode ID: 7da1aec38fe1c9fb3a724c2d6b7f75d516fa98a4f89d19d6d97663bdf78e084c
                                                                                                    • Instruction ID: 975ac1d3291c1262911265d6d6ad919726b876b4ec809fbc46b85108a0464fe0
                                                                                                    • Opcode Fuzzy Hash: 7da1aec38fe1c9fb3a724c2d6b7f75d516fa98a4f89d19d6d97663bdf78e084c
                                                                                                    • Instruction Fuzzy Hash: FCA1D370A10305DFDF18DF64E898BADB7B1FF45328F104219E425AB390EB74A985DBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FC62C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 182windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateWindowExW.USER32(?,SysTabControl32,?,46010000,?,?,?,?,00000000,00000309,00000000), ref: 00FC63BD
                                                                                                    • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00FC63D2
                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00FC63DA
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                      • Part of subcall function 00FC8190: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00FC81D8
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$AllocateCreateHeapWindow
                                                                                                    • String ID: SysTabControl32$TabHost
                                                                                                    • API String ID: 2359350451-2872506973
                                                                                                    • Opcode ID: 637360fc3a3b23fa5d9029a206d67a2074a7c28324057fdf9bd47e83d1f60b49
                                                                                                    • Instruction ID: a49108e37d9f1a42a53b20f481a8e9a386c9c39da98e7c16947befb795d119cb
                                                                                                    • Opcode Fuzzy Hash: 637360fc3a3b23fa5d9029a206d67a2074a7c28324057fdf9bd47e83d1f60b49
                                                                                                    • Instruction Fuzzy Hash: C3519B35A00206AFDB14DF68C884BAEBBF8FF49310F10425DE915AB390DB75AC00CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AC870 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32 ref: 010AC9F7
                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 010ACA13
                                                                                                    • GetExitCodeProcess.KERNEL32(00000000,011AC5B7), ref: 010ACA24
                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 010ACA32
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
                                                                                                    • String ID: open
                                                                                                    • API String ID: 2321548817-2758837156
                                                                                                    • Opcode ID: 1f31b77f181cde4671b65330ce5c532705d78b2918b65fe9e80255381e4148c0
                                                                                                    • Instruction ID: 4cbb8d10e9b3308552754b1b4006e2d75e3eb082a34f764e43532504f1acda8f
                                                                                                    • Opcode Fuzzy Hash: 1f31b77f181cde4671b65330ce5c532705d78b2918b65fe9e80255381e4148c0
                                                                                                    • Instruction Fuzzy Hash: 67618A71E00249CFEB10CFA9C9487AEBBF4FF59328F158259E865AB390D7749901CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0114FE19 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,8C278AEA,?,?,00000000,011C72FA,000000FF,?,0114FDA9,?,?,0114FD7D,?), ref: 0114FE4E
                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0114FE60
                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000,011C72FA,000000FF,?,0114FDA9,?,?,0114FD7D,?), ref: 0114FE82
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                    • Opcode ID: 54cf1707be8e198c2ed18c5c55a9ba3622c58a964f34e7f6445102b329562180
                                                                                                    • Instruction ID: 095d09588d14a9ba7aaff8ff3274250576f8567713105e6fc8051145875eafa1
                                                                                                    • Opcode Fuzzy Hash: 54cf1707be8e198c2ed18c5c55a9ba3622c58a964f34e7f6445102b329562180
                                                                                                    • Instruction Fuzzy Hash: A501A732944669AFDB298F58DC05BAE7FBDFB04F15F000529F921E2280D7749900CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B3C20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 01144BA2: EnterCriticalSection.KERNEL32(01257FD8,?,00000000,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BAD
                                                                                                      • Part of subcall function 01144BA2: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144BEA
                                                                                                    • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr), ref: 010B3C7E
                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 010B3C85
                                                                                                    • __Init_thread_footer.LIBCMT ref: 010B3C9C
                                                                                                      • Part of subcall function 01144B58: EnterCriticalSection.KERNEL32(01257FD8,00000000,?,010B3CA1,01259C74), ref: 01144B62
                                                                                                      • Part of subcall function 01144B58: LeaveCriticalSection.KERNEL32(01257FD8,?,010B3CA1,01259C74), ref: 01144B95
                                                                                                      • Part of subcall function 01144B58: RtlWakeAllConditionVariable.NTDLL ref: 01144C0C
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterLeave$AddressConditionInit_thread_footerLibraryLoadProcVariableWake
                                                                                                    • String ID: Dbghelp.dll$SymFromAddr
                                                                                                    • API String ID: 3268644551-642441706
                                                                                                    • Opcode ID: cc0e0e84da5c3bae65fbab70a3ea7413a7a8e83dd58779efc04baf9c37f4f0d5
                                                                                                    • Instruction ID: 15e2fb02f2268dd248737ff2560b8b0d6b14d6b1faa8db2ee8f4d8e9272162df
                                                                                                    • Opcode Fuzzy Hash: cc0e0e84da5c3bae65fbab70a3ea7413a7a8e83dd58779efc04baf9c37f4f0d5
                                                                                                    • Instruction Fuzzy Hash: 9401B171A44748DFCF24CFA9E989B44B7E4E708B29F1003ADE92693784CB3564408B01
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01144C2A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SleepConditionVariableCS.KERNELBASE(?,01144BC7,00000064), ref: 01144C4D
                                                                                                    • LeaveCriticalSection.KERNEL32(01257FD8,?,?,01144BC7,00000064,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?), ref: 01144C57
                                                                                                    • WaitForSingleObjectEx.KERNEL32(?,00000000,?,01144BC7,00000064,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?), ref: 01144C68
                                                                                                    • EnterCriticalSection.KERNEL32(01257FD8,?,01144BC7,00000064,?,010B3C61,01259C74,8C278AEA,?,011AD6C1,000000FF,?,010B3F54,8C278AEA,?,00000000), ref: 01144C6F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                    • String ID: v
                                                                                                    • API String ID: 3269011525-3261393531
                                                                                                    • Opcode ID: d61a3234cc6886fbfb6ced76d549c26cf1026ba3167248279e21f67735105f52
                                                                                                    • Instruction ID: 99b709210b4be7debf62da33aae6dd3057cd62890edd510787ce93ef2e828f0d
                                                                                                    • Opcode Fuzzy Hash: d61a3234cc6886fbfb6ced76d549c26cf1026ba3167248279e21f67735105f52
                                                                                                    • Instruction Fuzzy Hash: 08E09A325C1228BBCF299B81FC4CA8D3F2DAB08B56B440020FE1566518CB7048508BD8
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010E1FC0 Relevance: 7.7, APIs: 5, Instructions: 201COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$HeapProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 275895251-0
                                                                                                    • Opcode ID: 693a9f4fd98a9d8507f61345b49b9959ac293a518d03c92a75f10c3a476e2d54
                                                                                                    • Instruction ID: 541826d3e3a6d1a262c72c003ea95503e8a74d94c8d3c9fade6fb994d53f8918
                                                                                                    • Opcode Fuzzy Hash: 693a9f4fd98a9d8507f61345b49b9959ac293a518d03c92a75f10c3a476e2d54
                                                                                                    • Instruction Fuzzy Hash: 0C818A71900249DFDB15CFA9C98879DBFF8FF49324F1482A8E914AB395D7749940CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AABE0 Relevance: 7.7, APIs: 5, Instructions: 161fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetFileAttributesW.KERNEL32(?,?), ref: 010AAD04
                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 010AAD11
                                                                                                    • GetFileAttributesW.KERNEL32(?,?,?,011E9138,00000001,8C278AEA,?,?,00000000,00000000,011AC175,000000FF), ref: 010AAD20
                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 010AAD2D
                                                                                                    • FindNextFileW.KERNEL32(?,?), ref: 010AAD6B
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: File$Attributes$FindNext
                                                                                                    • String ID:
                                                                                                    • API String ID: 3019667586-0
                                                                                                    • Opcode ID: 38c8ab2546f5757462ed8bff445c81305d0d2f50185a41def230f15dec94bb9c
                                                                                                    • Instruction ID: 4d456042bdb08b2b9a566610d0a96a048b36a67435143e5d1542b3e3e0df5efc
                                                                                                    • Opcode Fuzzy Hash: 38c8ab2546f5757462ed8bff445c81305d0d2f50185a41def230f15dec94bb9c
                                                                                                    • Instruction Fuzzy Hash: 1751A13060064ADFEB68EFA8CC54BED7BA4FF50311F504669E9A6971E0EB349A04CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010E1670 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 136COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLast
                                                                                                    • String ID: FTP Server$GET$HTTP/1.0$Local Network Server
                                                                                                    • API String ID: 1452528299-797884378
                                                                                                    • Opcode ID: 0331c4f4c7584a428b597d2e5fa0930ed5981f843f0479d29c43de79deda8c1d
                                                                                                    • Instruction ID: 8825a3fbe5e1b06271e1681847f47b631ea79845877883851de84be019ad564b
                                                                                                    • Opcode Fuzzy Hash: 0331c4f4c7584a428b597d2e5fa0930ed5981f843f0479d29c43de79deda8c1d
                                                                                                    • Instruction Fuzzy Hash: 2C41E371A0020A9FEB14DFA9DC49BAEBBF8FF45714F10456DE950AB280DB749901CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA5780 Relevance: 7.6, APIs: 5, Instructions: 125windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ItemMessageSendWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 799199299-0
                                                                                                    • Opcode ID: 4e6e6621afe0321c6bb5851a5fc71062a498e8d2211c76c0ac317677f61f5686
                                                                                                    • Instruction ID: 249c4791d025fc3e71b68943f5e9b29ebe997ac2dde660cd2d2d3be1cadeff35
                                                                                                    • Opcode Fuzzy Hash: 4e6e6621afe0321c6bb5851a5fc71062a498e8d2211c76c0ac317677f61f5686
                                                                                                    • Instruction Fuzzy Hash: A54113B2740A05DFC7148F18D898B66B7F9FB46B21F14852AE446CA561C735E814FB60
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010A5610 Relevance: 7.6, APIs: 5, Instructions: 122COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 010A5644
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 010A5666
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 010A568E
                                                                                                    • std::_Facet_Register.LIBCPMT ref: 010A5777
                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 010A57A1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                    • String ID:
                                                                                                    • API String ID: 459529453-0
                                                                                                    • Opcode ID: 3852393a8f0c059c0bb7563827b84df8120632f2ac864f0ac57bedbbca3ef7b1
                                                                                                    • Instruction ID: 4db2a3977eb81a4c322614bd78224176ca5a2fcca46a38b581af491d83167e3c
                                                                                                    • Opcode Fuzzy Hash: 3852393a8f0c059c0bb7563827b84df8120632f2ac864f0ac57bedbbca3ef7b1
                                                                                                    • Instruction Fuzzy Hash: 2B517DB0900649DFDB15CF98E884BAEBBF0FF04718F648199E845AB381D775AA45CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00F9F230 Relevance: 7.6, APIs: 5, Instructions: 60memorywindowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00F9F27A
                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00F9F280
                                                                                                    • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,00000000,00000000,00000000), ref: 00F9F2A3
                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,0116E1F6,000000FF), ref: 00F9F2CB
                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,0116E1F6,000000FF), ref: 00F9F2D1
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$FreeProcess$FormatMessage
                                                                                                    • String ID:
                                                                                                    • API String ID: 1606019998-0
                                                                                                    • Opcode ID: dc65f5989d24b2b6a35b2c5cab75e71913a3471ea8ac9dbf7ed89f50914e8a6e
                                                                                                    • Instruction ID: 6dfefa0b9dc07befda523d6ac100db20d50a58886db4f7759cfe3328b1360ae1
                                                                                                    • Opcode Fuzzy Hash: dc65f5989d24b2b6a35b2c5cab75e71913a3471ea8ac9dbf7ed89f50914e8a6e
                                                                                                    • Instruction Fuzzy Hash: F7113DB1E44259ABEB14DFA4CC45BAFBBBCEB04B14F100519F914EB2C0D7B6A90487E1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB71B0 Relevance: 7.6, APIs: 5, Instructions: 58windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00FB71BB
                                                                                                    • SendMessageW.USER32(?,?,?,0000102B), ref: 00FB7218
                                                                                                    • SendMessageW.USER32(?,?,?,0000102B), ref: 00FB7267
                                                                                                    • SendMessageW.USER32(?,00001043,00000000,00000000), ref: 00FB7278
                                                                                                    • SendMessageW.USER32(?,00001013,00000000,00000000), ref: 00FB7285
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$LongWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 312131281-0
                                                                                                    • Opcode ID: a7420a9da6611d000365ff427e814d4ad720ca69bc268c80f60e937bc583ae85
                                                                                                    • Instruction ID: 12c915f60e41b9d6a383b5186e99c7d13a6bc9afde8247336dbff41e135db345
                                                                                                    • Opcode Fuzzy Hash: a7420a9da6611d000365ff427e814d4ad720ca69bc268c80f60e937bc583ae85
                                                                                                    • Instruction Fuzzy Hash: 80213E31958386AAE220DF11CD44B5ABBF5BFED758F206B0EF1D0211A4E7F195848E86
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FC3570 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 319windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateWindowExW.USER32(?,RichEdit20W,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00FC371C
                                                                                                    • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00FC3731
                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00FC3739
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$AllocateCreateHeapWindow
                                                                                                    • String ID: RichEdit20W
                                                                                                    • API String ID: 2359350451-4173859555
                                                                                                    • Opcode ID: 0348e75d2fd178675d4130c7fc8b9a872202eabc3336617ca6e23861b7696037
                                                                                                    • Instruction ID: 419471aec1aaae842a0e9178b7f8436b83f5e4199d3a9ae8e8cdfc3f54901fcb
                                                                                                    • Opcode Fuzzy Hash: 0348e75d2fd178675d4130c7fc8b9a872202eabc3336617ca6e23861b7696037
                                                                                                    • Instruction Fuzzy Hash: 81B18971E002099FDB19CFA8C995FAEBBB4EF48750F14416DE905AB390DB71AD00CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FBD870 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 226windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                      • Part of subcall function 0108A0B0: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00FB66F8,00000000,80004005), ref: 0108A118
                                                                                                      • Part of subcall function 0108A0B0: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 0108A148
                                                                                                    • SendMessageW.USER32(?,00001036,00000004,00000004), ref: 00FBDA2D
                                                                                                    • SendMessageW.USER32(?,00001036,00000400,00000400), ref: 00FBDA44
                                                                                                    • SendMessageW.USER32(?,00001061,00000000,?), ref: 00FBDAA0
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$AllocateHeapWindow
                                                                                                    • String ID: QuickSelectionList
                                                                                                    • API String ID: 3168177373-3633591268
                                                                                                    • Opcode ID: 6e5a943c98beadf4e0de39f288f76a6d4b3eb585920bca95654b7e29f4ad232d
                                                                                                    • Instruction ID: fe0a5f6c81dbc15d9d0f83456f5b1bdd3ecbd116239b8fa078d43e6dccb6c82e
                                                                                                    • Opcode Fuzzy Hash: 6e5a943c98beadf4e0de39f288f76a6d4b3eb585920bca95654b7e29f4ad232d
                                                                                                    • Instruction Fuzzy Hash: 8F819971A04205AFDB18DF69C884BEAF7F4FF88324F148259E565A7290DB74AD04CFA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DE3A0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,8C278AEA,74DEF530,00000000), ref: 010DE3F2
                                                                                                    • CloseHandle.KERNEL32(?,8C278AEA,00000000,?,00000000,011B5F93,000000FF,?), ref: 010DE570
                                                                                                    • CloseHandle.KERNEL32(?,8C278AEA,00000000,?,00000000,011B5F93,000000FF,?), ref: 010DE59F
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CloseHandle$FileModuleName
                                                                                                    • String ID: LOG
                                                                                                    • API String ID: 3884789274-429402703
                                                                                                    • Opcode ID: c70076712e6c2e87b04dfe97880382037e9cd9669c58265dcbe531f446bcb7ea
                                                                                                    • Instruction ID: 9cd777f8a626a4b3b3e6f23e7372f8c2b811539ac2cf8b817bf3d37910b559d3
                                                                                                    • Opcode Fuzzy Hash: c70076712e6c2e87b04dfe97880382037e9cd9669c58265dcbe531f446bcb7ea
                                                                                                    • Instruction Fuzzy Hash: CA51C171A003449FDB29DF28C9047AABBF5EF44710F14466DE956DB680EBB49A04CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010AAEF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • DeleteFileW.KERNEL32(?,00000000,?,\\?\,00000004,?,?,?,00000000,011A8D5D,000000FF,?,80004005,8C278AEA,?), ref: 010AAF93
                                                                                                      • Part of subcall function 00F992A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00FB1134,00000000,?,00000010,?,*.*,?,80070057), ref: 00F992C3
                                                                                                    • DeleteFileW.KERNEL32(?,8C278AEA,?,74DF3340,?,00000000,011A8D5D,000000FF,?,010AAD37), ref: 010AAFC2
                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,011A8D5D,000000FF,?,80004005,8C278AEA,?,?,?,?,011A8D5D,000000FF), ref: 010AAFD2
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DeleteFileInit_thread_footer$ErrorFindHeapLastProcessResource
                                                                                                    • String ID: \\?\
                                                                                                    • API String ID: 1908169709-4282027825
                                                                                                    • Opcode ID: 90f047298ef46110e72204faf34a969ee3c3f2c344c515b70fc050874b54d420
                                                                                                    • Instruction ID: 3b1922604e1ad1e8ec6d6cb34e14b2f0aca2396e3c7aed5f801256f47452ca40
                                                                                                    • Opcode Fuzzy Hash: 90f047298ef46110e72204faf34a969ee3c3f2c344c515b70fc050874b54d420
                                                                                                    • Instruction Fuzzy Hash: 5B219FB1A01619DFDB18DFA9C848BADBBE8EF04321F50465AF8A1D72D0DB359900CB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00F9F600 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryW.KERNEL32(combase.dll,RoOriginateLanguageException), ref: 00F9F642
                                                                                                    • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00F9F648
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                    • String ID: RoOriginateLanguageException$combase.dll
                                                                                                    • API String ID: 2574300362-3996158991
                                                                                                    • Opcode ID: b84ece3a89f0013095a9edd86d41d119d447e71344b750134476066bcb487e76
                                                                                                    • Instruction ID: abb24845914f2af8df6921c66778e6a8d27e20aa1df305be269e8c831a5b0c6b
                                                                                                    • Opcode Fuzzy Hash: b84ece3a89f0013095a9edd86d41d119d447e71344b750134476066bcb487e76
                                                                                                    • Instruction Fuzzy Hash: 24315071904209EFEF24DF69C845BEEB7B4EB04324F10863AE825E72D0DB795A44DB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010E14E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,010DF23A,?,8C278AEA,?,?,?,?,011B62A5,000000FF), ref: 010E14ED
                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,010DF23A,?,8C278AEA,?,?,?,?,011B62A5,000000FF,?), ref: 010E150E
                                                                                                    • GetLastError.KERNEL32(?,8C278AEA,?,?,?,?,011B62A5,000000FF,?,010DEB6D,?,?,00000000,?,?), ref: 010E156E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateEvent$ErrorLast
                                                                                                    • String ID: AdvancedInstaller
                                                                                                    • API String ID: 1131763895-1372594473
                                                                                                    • Opcode ID: c09f421d653cdd284e58f487d506ca4d94635a7a084ac4785b3e0d4cab30b71c
                                                                                                    • Instruction ID: af3b55aa2387803687a0af92ba6c5af73b680073df0e5f633b74cf0ce8d1692e
                                                                                                    • Opcode Fuzzy Hash: c09f421d653cdd284e58f487d506ca4d94635a7a084ac4785b3e0d4cab30b71c
                                                                                                    • Instruction Fuzzy Hash: 60114C72340602EFE724CB36DD8DF1ABBE8FB88705F244529E6169B280D771E851CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01089FC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 0108A4D0: __Init_thread_footer.LIBCMT ref: 0108A560
                                                                                                      • Part of subcall function 0108A4D0: GetProcAddress.KERNEL32(SetWindowTheme), ref: 0108A59D
                                                                                                      • Part of subcall function 0108A4D0: __Init_thread_footer.LIBCMT ref: 0108A5B4
                                                                                                      • Part of subcall function 0108A4D0: SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 0108A5DF
                                                                                                    • CreateWindowExW.USER32(80000000,SysListView32,?,00000000,00000000,80000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0108A012
                                                                                                    • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 0108A030
                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 0108A038
                                                                                                      • Part of subcall function 00FA68F0: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00FA6926
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$Init_thread_footerWindow$AddressCreateLongProc
                                                                                                    • String ID: SysListView32
                                                                                                    • API String ID: 605634508-78025650
                                                                                                    • Opcode ID: cbb9fd6e880b895dcf039f468f1e19bdb4cbf25582ef43e71e9ad295a090fab3
                                                                                                    • Instruction ID: f5ac323aed5cdb58fc3b77ddd33138b143f50b5fc084536592b813b45d1784e6
                                                                                                    • Opcode Fuzzy Hash: cbb9fd6e880b895dcf039f468f1e19bdb4cbf25582ef43e71e9ad295a090fab3
                                                                                                    • Instruction Fuzzy Hash: D7118B31340310BFD624AA19CC09F6BFBA9FFC9750F054659FA45AB290C7B1AC00CBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA8320 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55threadCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • EnterCriticalSection.KERNEL32(0125957C), ref: 00FA835C
                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00FA8370
                                                                                                    • LeaveCriticalSection.KERNEL32(0125957C), ref: 00FA83AF
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                    • String ID: v
                                                                                                    • API String ID: 2351996187-3261393531
                                                                                                    • Opcode ID: 917f4681525eb512417152d3b3ed7599b4d1eb757ed5cb42794d1aeab7a1fc9b
                                                                                                    • Instruction ID: ec65ffd704130ff376acfaf50190eed343327720e1ff1cc3a6e4e8fd49f5c0bd
                                                                                                    • Opcode Fuzzy Hash: 917f4681525eb512417152d3b3ed7599b4d1eb757ed5cb42794d1aeab7a1fc9b
                                                                                                    • Instruction Fuzzy Hash: 7311D071E04354CFCF24CF59E80475ABBF8EB49B68F14466ED86693340CBB25900CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0114942C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,011493DD,?,?,00000000,?,?,?,01149507,00000002,FlsGetValue,011CB154,011CB15C), ref: 01149439
                                                                                                    • GetLastError.KERNEL32(?,011493DD,?,?,00000000,?,?,?,01149507,00000002,FlsGetValue,011CB154,011CB15C,?,?,01146324), ref: 01149443
                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 0114946B
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                    • String ID: api-ms-
                                                                                                    • API String ID: 3177248105-2084034818
                                                                                                    • Opcode ID: 22584e72f60a8d70dc41f3c1b256ee33e6aaffcf8789e3fe89a686c9c9d0f03d
                                                                                                    • Instruction ID: 71c6cc2ed7aeffddd5e71f1d218372d35b81d2692a35405c3c9cee33430a239c
                                                                                                    • Opcode Fuzzy Hash: 22584e72f60a8d70dc41f3c1b256ee33e6aaffcf8789e3fe89a686c9c9d0f03d
                                                                                                    • Instruction Fuzzy Hash: FBE04F3028020DBBEF291F65FD06B5D3F5D9B00F4CF148071FA4DE8495E761E6608649
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB6560 Relevance: 6.3, APIs: 4, Instructions: 320windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 00FB66A8
                                                                                                    • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 00FB66BD
                                                                                                      • Part of subcall function 00F99980: RtlAllocateHeap.NTDLL(?,00000000,00000000,8C278AEA,00000000,0116C6B0,000000FF,?,?,0124C42C,00000000,00FB095C,80070057,?,00000000), ref: 00F999CA
                                                                                                      • Part of subcall function 0108A0B0: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00FB66F8,00000000,80004005), ref: 0108A118
                                                                                                      • Part of subcall function 0108A0B0: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 0108A148
                                                                                                    • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 00FB67F3
                                                                                                    • SendMessageW.USER32(?,00001061,00000000,00000005), ref: 00FB68EF
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend$AllocateHeapWindow
                                                                                                    • String ID:
                                                                                                    • API String ID: 3168177373-0
                                                                                                    • Opcode ID: 0e0ff753002ad306693298032882515670fb099643801c3aa09a2b313fa496e0
                                                                                                    • Instruction ID: 6c9dfc1ca87c3d248af8c91f8072b2420cc790d14699d9072dbdd778a8f75942
                                                                                                    • Opcode Fuzzy Hash: 0e0ff753002ad306693298032882515670fb099643801c3aa09a2b313fa496e0
                                                                                                    • Instruction Fuzzy Hash: A8C16D71A00209DFDB18DFA9C898BEEFBB5FF48314F144219E515AB290DB75A944CFA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA49D0 Relevance: 6.3, APIs: 4, Instructions: 269memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00FA4A9A
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00FA4AE6
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00FA4B08
                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 00FA4C63
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$Free$Alloc
                                                                                                    • String ID:
                                                                                                    • API String ID: 986138563-0
                                                                                                    • Opcode ID: 6493c9b69fe51c6c67e8c65447a2e2bec3c2ddc07e4782e95ec17f3b557640c4
                                                                                                    • Instruction ID: 54b680a2f9eba93ef9a45212047e33c01adad77b6faa4c298afe205195a7b7b7
                                                                                                    • Opcode Fuzzy Hash: 6493c9b69fe51c6c67e8c65447a2e2bec3c2ddc07e4782e95ec17f3b557640c4
                                                                                                    • Instruction Fuzzy Hash: 44A172B1A00259DFDB14DFA8C844FAEBBB8EF85724F10411DE515E7280E7B4AA05DBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FC0050 Relevance: 6.2, APIs: 4, Instructions: 246windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • SendMessageW.USER32(00000001,0000110A,00000004,?), ref: 00FC0125
                                                                                                    • SendMessageW.USER32(00000001,0000110A,00000001,00000000), ref: 00FC0157
                                                                                                    • SendMessageW.USER32(?,0000110A,00000004,?), ref: 00FC02CE
                                                                                                    • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00FC02F6
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: MessageSend
                                                                                                    • String ID:
                                                                                                    • API String ID: 3850602802-0
                                                                                                    • Opcode ID: 13ead978dde12a9949c9a5b9a72d6f51cc6a15489125c586e57e824cff0e2d32
                                                                                                    • Instruction ID: ba2e17e40767a8de5e08d0807fcfae3ead295e4db6eb4f95a20283b41322d951
                                                                                                    • Opcode Fuzzy Hash: 13ead978dde12a9949c9a5b9a72d6f51cc6a15489125c586e57e824cff0e2d32
                                                                                                    • Instruction Fuzzy Hash: 7C915C71A00216DFCB25DFA8D986FEEB7F5BF49320F04456DE501AB291DB30A846DB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FAD470 Relevance: 6.2, APIs: 4, Instructions: 166memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FAD5A8
                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00FAD5BB
                                                                                                    • VariantClear.OLEAUT32(00000000), ref: 00FAD5DD
                                                                                                    • VariantClear.OLEAUT32(?), ref: 00FAD60E
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ClearVariant$AllocString
                                                                                                    • String ID:
                                                                                                    • API String ID: 2502263055-0
                                                                                                    • Opcode ID: d96f4d3858cfd62029d881a96823207c3c749d517d61ecb8959318dab6438c24
                                                                                                    • Instruction ID: e5788b72ef8f162cc85e3b6b1306954441eeaebc8168a109141317b056deae85
                                                                                                    • Opcode Fuzzy Hash: d96f4d3858cfd62029d881a96823207c3c749d517d61ecb8959318dab6438c24
                                                                                                    • Instruction Fuzzy Hash: 8F5191B5E002199BDB20CF64CC40B99B7B8EF49714F1085ADEA19EB640E735E984CF94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010C2010 Relevance: 6.2, APIs: 4, Instructions: 164COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetShortPathNameW.KERNEL32(8C278AEA,00000000,00000000), ref: 010C2070
                                                                                                    • GetShortPathNameW.KERNEL32(?,80004005,?), ref: 010C20DE
                                                                                                    • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?), ref: 010C212E
                                                                                                    • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,-00000001,00000000,00000000), ref: 010C2164
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiNamePathShortWide
                                                                                                    • String ID:
                                                                                                    • API String ID: 3379522384-0
                                                                                                    • Opcode ID: ed1259535af63c473183a2b4448a755b2694d1512d3c2a0e92ab7b5950ff8277
                                                                                                    • Instruction ID: 7ac1ee6f07583836d0d441e3f0801580ceefa83889835ee5aa31e27697654b6b
                                                                                                    • Opcode Fuzzy Hash: ed1259535af63c473183a2b4448a755b2694d1512d3c2a0e92ab7b5950ff8277
                                                                                                    • Instruction Fuzzy Hash: 8D51BE75600206AFDB14CF58CC89B6EFBB5EF94720F11866DEA619B690DB75A800CF50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DACF0 Relevance: 6.2, APIs: 4, Instructions: 157registryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RegCloseKey.ADVAPI32(00000000,8C278AEA), ref: 010DAD66
                                                                                                    • _wcsrchr.LIBVCRUNTIME ref: 010DAD90
                                                                                                    • RegQueryValueExW.ADVAPI32(00000000,8C278AEA,00000000,00000000,00000000,00000000,8C278AEA,00000001,?,00000000,00000000), ref: 010DAE13
                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 010DAE5F
                                                                                                      • Part of subcall function 010DAC10: RegOpenKeyExW.ADVAPI32(00000000,8C278AEA,00000000,00020019,00000002,8C278AEA,00000001,00000010,00000002,010D9F3C,8C278AEA,00000000,00000000), ref: 010DACAC
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Close$OpenQueryValue_wcsrchr
                                                                                                    • String ID:
                                                                                                    • API String ID: 213811329-0
                                                                                                    • Opcode ID: b788bf49a649fd71758d28439af0d9150c90706395eb3df627ac64bc450dfe23
                                                                                                    • Instruction ID: 2f989daddb891a7275450a3c904d48c7e582c33ceadfa357df28a15d6e365842
                                                                                                    • Opcode Fuzzy Hash: b788bf49a649fd71758d28439af0d9150c90706395eb3df627ac64bc450dfe23
                                                                                                    • Instruction Fuzzy Hash: 9E51CF71A05749DFEB10CF68C948B9EBBF8EB45720F14826AEC61A73D0D7759A04CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010439A0 Relevance: 6.1, APIs: 4, Instructions: 127COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetWindowRect.USER32(?,?), ref: 01043A32
                                                                                                    • GetWindowRect.USER32(?,?), ref: 01043A4A
                                                                                                    • GetWindowRect.USER32(?,?), ref: 01043AB6
                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 01043ADA
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Window$Rect$Long
                                                                                                    • String ID:
                                                                                                    • API String ID: 3486571012-0
                                                                                                    • Opcode ID: 25e53faf3476e6054a921234759e7623aac6286b8882aeb33221290f711f2d62
                                                                                                    • Instruction ID: d2b781b1d7b0d7d6dbb25fbe97442f0b05ecb8268915f3c77cfb7d527556b294
                                                                                                    • Opcode Fuzzy Hash: 25e53faf3476e6054a921234759e7623aac6286b8882aeb33221290f711f2d62
                                                                                                    • Instruction Fuzzy Hash: 2C41C072A483159FC710DF28E888A6BB7E8FF99704F04466DF989D7200E730E950CB62
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB2BA0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(8C278AEA,8C278AEA,?), ref: 00FB2BDF
                                                                                                    • EnterCriticalSection.KERNEL32(?,8C278AEA,?), ref: 00FB2BEC
                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,00000000,?), ref: 00FB2CC3
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterInitializeLeave
                                                                                                    • String ID: v
                                                                                                    • API String ID: 3991485460-3261393531
                                                                                                    • Opcode ID: 944006419d498ff14e1b21a58556039ad3f40ec22431a77e9861ca3740f474a7
                                                                                                    • Instruction ID: 16b5e59cc360605cdf7ef61a38780b052f0fc7763c95b59a1d3b37f22c47832a
                                                                                                    • Opcode Fuzzy Hash: 944006419d498ff14e1b21a58556039ad3f40ec22431a77e9861ca3740f474a7
                                                                                                    • Instruction Fuzzy Hash: E04112746007058FCB229F29C840BEABBB5FF45324F204829E8A6D7381CB31A815EF90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB29D0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(?,8C278AEA), ref: 00FB2A3A
                                                                                                    • EnterCriticalSection.KERNEL32(?,8C278AEA), ref: 00FB2A47
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00FB2A98
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterInitializeLeave
                                                                                                    • String ID: v
                                                                                                    • API String ID: 3991485460-3261393531
                                                                                                    • Opcode ID: b215606809631155a4507da4ed9d89f6beb18b509859b3572e3f2ce61d738be3
                                                                                                    • Instruction ID: 4aa11ad91b95a91b26aeb6675500f6cb4009c2ad420e6dd07937398786a37aa4
                                                                                                    • Opcode Fuzzy Hash: b215606809631155a4507da4ed9d89f6beb18b509859b3572e3f2ce61d738be3
                                                                                                    • Instruction Fuzzy Hash: 0021D176D002459FDF21CF64D840BE9BBB8FF16324F5005A9DC59AB386C732A906DBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB2AC0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(?,8C278AEA), ref: 00FB2B2A
                                                                                                    • EnterCriticalSection.KERNEL32(?,8C278AEA), ref: 00FB2B37
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00FB2B7E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterInitializeLeave
                                                                                                    • String ID: v
                                                                                                    • API String ID: 3991485460-3261393531
                                                                                                    • Opcode ID: 5a9b0712af0b184fcf001456edda789651caca69bb00d10a2e61fca92f69e31b
                                                                                                    • Instruction ID: 36112ca133058d66ce7d8eb1a8b5c25e62ecc3a3eb31306085f08758cd93d448
                                                                                                    • Opcode Fuzzy Hash: 5a9b0712af0b184fcf001456edda789651caca69bb00d10a2e61fca92f69e31b
                                                                                                    • Instruction Fuzzy Hash: EB21C1769003459FDF15CF24D884BE9BBB4FF55328F1005A9EC59AB386DB32A905CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010E2FF0 Relevance: 6.1, APIs: 4, Instructions: 62synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • ResetEvent.KERNEL32(?,?,?,010E2422,?,?,?,?,?,00000003,00000000,8C278AEA,00000000), ref: 010E3002
                                                                                                    • GetLastError.KERNEL32(?,?,?,010E2422,?,?,?,?,?,00000003,00000000,8C278AEA,00000000), ref: 010E302F
                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A,?,?,?,010E2422,?,?,?,?,?,00000003,00000000,8C278AEA,00000000), ref: 010E3065
                                                                                                    • SetEvent.KERNEL32(?,?,?,?,010E2422,?,?,?,?,?,00000003,00000000,8C278AEA,00000000), ref: 010E3088
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Event$ErrorLastObjectResetSingleWait
                                                                                                    • String ID:
                                                                                                    • API String ID: 708712559-0
                                                                                                    • Opcode ID: 1944912e800086fd260d6968376aa629eecfe1613b5e8e7d7bb84e5ca3b1de4f
                                                                                                    • Instruction ID: 5337a2b1effd78069fc15fd913913293347cdf7bd197961d318a8cffa48db0fa
                                                                                                    • Opcode Fuzzy Hash: 1944912e800086fd260d6968376aa629eecfe1613b5e8e7d7bb84e5ca3b1de4f
                                                                                                    • Instruction Fuzzy Hash: B61191312047448EEBB59A2AE55CB577FE5BF90324F0048AEF0C28B966C360E4D1C750
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB2910 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • InitializeCriticalSection.KERNEL32(?,8C278AEA,?), ref: 00FB296D
                                                                                                    • EnterCriticalSection.KERNEL32(?,8C278AEA,?), ref: 00FB297A
                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00FB29A2
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CriticalSection$EnterInitializeLeave
                                                                                                    • String ID: v
                                                                                                    • API String ID: 3991485460-3261393531
                                                                                                    • Opcode ID: e79ad17637ab4257d1fa71dcfd761bf47ade11f5e059743fc493e160e2cf776e
                                                                                                    • Instruction ID: e3b2578ca1e2475f7c5e2343c324a3c4042ec2725eee47a06abb3d39c7f67a0e
                                                                                                    • Opcode Fuzzy Hash: e79ad17637ab4257d1fa71dcfd761bf47ade11f5e059743fc493e160e2cf776e
                                                                                                    • Instruction Fuzzy Hash: 8A21E1369043489FCF15CF24C840BEABF78EB16324F2002A9D869A7346C7329A05DBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010EEDB0 Relevance: 6.0, APIs: 4, Instructions: 44threadsynchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • WaitForSingleObject.KERNEL32(00000000,?,8C278AEA,?,?,00000000,0116C4E0,000000FF,00000000,010EED98,00000000,C000008C,00000001,00000000,?), ref: 010EEDE7
                                                                                                    • GetExitCodeThread.KERNEL32(00000000,8C278AEA,?,?,00000000,0116C4E0,000000FF,00000000,010EED98,00000000,C000008C,00000001,00000000,?,?,?), ref: 010EEE01
                                                                                                    • TerminateThread.KERNEL32(00000000,00000000,?,?,00000000,0116C4E0,000000FF,00000000,010EED98,00000000,C000008C,00000001,00000000,?,?,?), ref: 010EEE19
                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,0116C4E0,000000FF,00000000,010EED98,00000000,C000008C,00000001,00000000,?,?,?,80004005), ref: 010EEE22
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Thread$CloseCodeExitHandleObjectSingleTerminateWait
                                                                                                    • String ID:
                                                                                                    • API String ID: 3774109050-0
                                                                                                    • Opcode ID: a41e7a12be6a6761f82a1e42fe02c6bed22c7838808cf90b72c7a20e152bf3f0
                                                                                                    • Instruction ID: 8112c748dc202b01ece2e8e883055ba5eaa0b17e7d7942363268242277455551
                                                                                                    • Opcode Fuzzy Hash: a41e7a12be6a6761f82a1e42fe02c6bed22c7838808cf90b72c7a20e152bf3f0
                                                                                                    • Instruction Fuzzy Hash: 9B018C31504609EFDB388F59DD09B66BBFCFB08714F004A2DE9B692690D775A860CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA3060 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 231windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • CreateWindowExW.USER32(00000000,AtlAxWin140,?,?,?,80000000,00000000,00000000,?,00000000,00000000), ref: 00FA30D6
                                                                                                    • SendMessageW.USER32(?,00000000,00000000), ref: 00FA31D2
                                                                                                      • Part of subcall function 00FA4BC0: SysFreeString.OLEAUT32(00000000), ref: 00FA4C63
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateFreeMessageSendStringWindow
                                                                                                    • String ID: AtlAxWin140
                                                                                                    • API String ID: 4045344427-3842940177
                                                                                                    • Opcode ID: 1c6d065658adc0afb551c4bf09922cd92cc9bdcf166c505e7e67cf3f7ad10614
                                                                                                    • Instruction ID: 75ccd1309ca6171659dfdb21a406d9c756d41048e65b0b53af5df6ff85c16827
                                                                                                    • Opcode Fuzzy Hash: 1c6d065658adc0afb551c4bf09922cd92cc9bdcf166c505e7e67cf3f7ad10614
                                                                                                    • Instruction Fuzzy Hash: 7D9125B4600205EFDB14CF68C888F5ABBB9FF49724F108599F9199B391CB71EA01DB50
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0115871D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 011587AD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorHandling__start
                                                                                                    • String ID: pow
                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                    • Opcode ID: 1669b2d4075313019ffbd1506943dc26b7981179713c07bec7fde70a67930672
                                                                                                    • Instruction ID: c339afce0e40305e6f9c5245a257034f3543d38ca64805440eb45ac2d7b489da
                                                                                                    • Opcode Fuzzy Hash: 1669b2d4075313019ffbd1506943dc26b7981179713c07bec7fde70a67930672
                                                                                                    • Instruction Fuzzy Hash: 72519D61A05502CADB6E761DD90176A7F98DB50701F204D78EDB1822D9EF3688F18B47
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 0109D5D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • PathIsUNCW.SHLWAPI(?,8C278AEA), ref: 0109D671
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Path
                                                                                                    • String ID: \\?\$\\?\UNC\
                                                                                                    • API String ID: 2875597873-3019864461
                                                                                                    • Opcode ID: eb6138f087dcbfb487c74f2337207ebee14628c0cedbe431677ff81e44cd20d8
                                                                                                    • Instruction ID: a049cfd64445d66f2648186ac931d4294ac17a44b9760a8f60051fb8586547c6
                                                                                                    • Opcode Fuzzy Hash: eb6138f087dcbfb487c74f2337207ebee14628c0cedbe431677ff81e44cd20d8
                                                                                                    • Instruction Fuzzy Hash: EA61D270A002049BDF18DFA8D895BAEFBF5FF88314F10851CD955A7281EB75A944DBE0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DCB90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • CloseHandle.KERNEL32(?,8C278AEA,000000C9,00000000), ref: 010DCD13
                                                                                                    • DeleteCriticalSection.KERNEL32(?,8C278AEA,000000C9,00000000), ref: 010DCDA1
                                                                                                    Strings
                                                                                                    • << Advanced Installer (x86) Log >>, xrefs: 010DCC7F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$CloseCriticalDeleteHandleHeapProcessSection
                                                                                                    • String ID: << Advanced Installer (x86) Log >>
                                                                                                    • API String ID: 3699736680-396061572
                                                                                                    • Opcode ID: bb857fc25c6dc79f50e3e8e24fd39c667c6dad353e37ac890c143176456af51e
                                                                                                    • Instruction ID: 117a11b963a3faa3beded0a13f49e4f3cdbf19ee38bdaaa409decbec9835c96f
                                                                                                    • Opcode Fuzzy Hash: bb857fc25c6dc79f50e3e8e24fd39c667c6dad353e37ac890c143176456af51e
                                                                                                    • Instruction Fuzzy Hash: 6D61D030905745EFEB04DF6CDA8879ABBF4EF45318F14829DE8009B782DB759944CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010E3110 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 147synchronizationCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00F99CC0: GetProcessHeap.KERNEL32 ref: 00F99D15
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99D47
                                                                                                      • Part of subcall function 00F99CC0: __Init_thread_footer.LIBCMT ref: 00F99DD2
                                                                                                    • GetLastError.KERNEL32(?,00000000,FTP Server,0000000A), ref: 010E3194
                                                                                                    • WaitForSingleObject.KERNEL32(?,0000000A,?,00000000,FTP Server,0000000A), ref: 010E31CD
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Init_thread_footer$ErrorHeapLastObjectProcessSingleWait
                                                                                                    • String ID: REST %u
                                                                                                    • API String ID: 1670056567-3183379045
                                                                                                    • Opcode ID: 3f5cccbaa4b0ca856c772d2d14f8fb1e15ba15c0d948840ebef8d0ffcf4ef8ca
                                                                                                    • Instruction ID: 0e993dd72d638ed5f5a02c15e4501bb830ea7e0bf24a550adf17ec093784d5b2
                                                                                                    • Opcode Fuzzy Hash: 3f5cccbaa4b0ca856c772d2d14f8fb1e15ba15c0d948840ebef8d0ffcf4ef8ca
                                                                                                    • Instruction Fuzzy Hash: 8851F3316006049FEB65CB6ECC88B6ABBF4FF41324F1486ADE5A68F691D775E900CB40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010FF900 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 147COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • OpenEventW.KERNEL32(00000000,00000000,00000000,_pbl_evt,00000008,?,?,011EBE58,00000001,8C278AEA,00000000), ref: 010FF9AE
                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 010FF9CB
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Event$CreateOpen
                                                                                                    • String ID: _pbl_evt
                                                                                                    • API String ID: 2335040897-4023232351
                                                                                                    • Opcode ID: 2156783f277c3300c3e8e5f89984fc9928b572a9581b452d47e07e128bf55f62
                                                                                                    • Instruction ID: 89b8ce27221886e5a59578e4306402601156f6f7e052f9b3689c267a4b983fe4
                                                                                                    • Opcode Fuzzy Hash: 2156783f277c3300c3e8e5f89984fc9928b572a9581b452d47e07e128bf55f62
                                                                                                    • Instruction Fuzzy Hash: DB518D71D14609EFDB14DFA8CC45BEEB7B4EF04714F108219E925B7680E7746A04CB94
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010DDEE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetTempPathW.KERNEL32(00000104,?,8C278AEA,?,?,01259384), ref: 010DDF1F
                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,01259384), ref: 010DDF80
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateDirectoryPathTemp
                                                                                                    • String ID: ADVINST_LOGS
                                                                                                    • API String ID: 2885754953-2492584244
                                                                                                    • Opcode ID: b15490538469c7266bfcd026dd5df26c0d480c02c700a9ef1e2e0080fb9952bf
                                                                                                    • Instruction ID: 8b250b0e8d72858ec70a70b675e7cb918b0ce0651af3122c6f7ed42ce900cca3
                                                                                                    • Opcode Fuzzy Hash: b15490538469c7266bfcd026dd5df26c0d480c02c700a9ef1e2e0080fb9952bf
                                                                                                    • Instruction Fuzzy Hash: FF51BD75900319CADB709F68C848BBAB7F4FF14714F1446EEE8999B291EB3499C1CB90
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 010B3620 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103windowCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,00000000,00000000,00000000,8C278AEA,011EB190), ref: 010B3678
                                                                                                    • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 010B3782
                                                                                                      • Part of subcall function 010A3110: std::locale::_Init.LIBCPMT ref: 010A31ED
                                                                                                      • Part of subcall function 010A0BA0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 010A0C75
                                                                                                    Strings
                                                                                                    • Failed to get Windows error message [win32 error 0x, xrefs: 010B3696
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FormatFreeInitIos_base_dtorLocalMessagestd::ios_base::_std::locale::_
                                                                                                    • String ID: Failed to get Windows error message [win32 error 0x
                                                                                                    • API String ID: 1983821583-3373098694
                                                                                                    • Opcode ID: 1cab4a8d3c4395303174e6b93fc82a809ed50772ed04e1845aa352f2669e3410
                                                                                                    • Instruction ID: cf57b921d918acb666185e7a836355049e27894e312570b2ad7416411de62c47
                                                                                                    • Opcode Fuzzy Hash: 1cab4a8d3c4395303174e6b93fc82a809ed50772ed04e1845aa352f2669e3410
                                                                                                    • Instruction Fuzzy Hash: BB417E70A003199BDB20DFA8C949BEFBBF8FF44704F104599E455EB290D7B4AA08CB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FD5300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00FD532B
                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00FD538E
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                    • String ID: bad locale name
                                                                                                    • API String ID: 3988782225-1405518554
                                                                                                    • Opcode ID: 23bbd4f5d328860fc7dfdc3d67594e6d58a9fbc3e4e448a6fe4bbf5f7f9c4bc3
                                                                                                    • Instruction ID: 8f8ddca018e9b910b3dd099df5572413a9a9ef509b834f0cccb52287ccea2f89
                                                                                                    • Opcode Fuzzy Hash: 23bbd4f5d328860fc7dfdc3d67594e6d58a9fbc3e4e448a6fe4bbf5f7f9c4bc3
                                                                                                    • Instruction Fuzzy Hash: 6721E070A05B84DFD720CF69C50475ABBF4AF15714F14869EE48587781D3B5EA04CBA1
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB7710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetParent.USER32(00000005), ref: 00FB7784
                                                                                                    Strings
                                                                                                    • d, xrefs: 00FB7750
                                                                                                    • C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 00FB7759
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Parent
                                                                                                    • String ID: C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h$d
                                                                                                    • API String ID: 975332729-572215800
                                                                                                    • Opcode ID: 1662f3844aaf86fef192194ed5a78130974f18bc538126d43bec1bd4630f4363
                                                                                                    • Instruction ID: e6f8f4bf64d86861780b16cc01285fba328b6e9d82fb02d32b3b5b17450c679c
                                                                                                    • Opcode Fuzzy Hash: 1662f3844aaf86fef192194ed5a78130974f18bc538126d43bec1bd4630f4363
                                                                                                    • Instruction Fuzzy Hash: 08213470D19398EEDB08DBE4D988BDDBBB1AF55308F608048D005AB294DBB95A08DB40
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA266B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • d, xrefs: 00FA26AB
                                                                                                    • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00FA26B4
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ActiveWindow
                                                                                                    • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                                                                                                    • API String ID: 2558294473-506145171
                                                                                                    • Opcode ID: b876e05b8fb5ee191eb6f0391a4cfe3d64858e661ef26b614b60ca4f57f0a5a7
                                                                                                    • Instruction ID: 63beb18c9bac3349baafe86316f16b7682103db9afc610fc12b94843231a9820
                                                                                                    • Opcode Fuzzy Hash: b876e05b8fb5ee191eb6f0391a4cfe3d64858e661ef26b614b60ca4f57f0a5a7
                                                                                                    • Instruction Fuzzy Hash: 34214770D15298DFDF08DBE4E99879DBBB1BF16308F608088D005BB295D7B95A08DB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA2A59 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00FA2AA5
                                                                                                    • d, xrefs: 00FA2A99
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ActiveWindow
                                                                                                    • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                                                                                                    • API String ID: 2558294473-506145171
                                                                                                    • Opcode ID: 03821b5d2122154ceb0e353a7d546af829e8bc36cef82a83fb0c761d783f5980
                                                                                                    • Instruction ID: 64f3f08e4aeb7b7c592b24c6adf92ee63b2c08691fe66b5fec0a88bba2e64a5c
                                                                                                    • Opcode Fuzzy Hash: 03821b5d2122154ceb0e353a7d546af829e8bc36cef82a83fb0c761d783f5980
                                                                                                    • Instruction Fuzzy Hash: 2B217770D15298DFCF08DFE4E98879DBBB1BF15308F608088D001BB294DBB95A08DB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB77EB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetParent.USER32(0000000D), ref: 00FB785C
                                                                                                    Strings
                                                                                                    • C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 00FB782F
                                                                                                    • d, xrefs: 00FB7826
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Parent
                                                                                                    • String ID: C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h$d
                                                                                                    • API String ID: 975332729-572215800
                                                                                                    • Opcode ID: dd726f9ba65522ac658a1903886d0ff96eefb49b07ff755357e6cf2b2a599e3f
                                                                                                    • Instruction ID: 744245e4c4a2b93d528d0895fa5e3667f8e39b6ae65d03046fc61828f26d7e41
                                                                                                    • Opcode Fuzzy Hash: dd726f9ba65522ac658a1903886d0ff96eefb49b07ff755357e6cf2b2a599e3f
                                                                                                    • Instruction Fuzzy Hash: EA215470D05288EFDF08DFE4D988BDCBBB0BF55308F608048E001AB295DBB99A08DB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA2740 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • d, xrefs: 00FA277B
                                                                                                    • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00FA2784
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ActiveWindow
                                                                                                    • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                                                                                                    • API String ID: 2558294473-506145171
                                                                                                    • Opcode ID: d5c625558ceb13b4c231971d01d44d27f0c9bf7075b54f84456b81d36d3aefa5
                                                                                                    • Instruction ID: c6eba525f7eec4af07f5c4c374e459fa4b48022c4e6b899949e791af20db9dff
                                                                                                    • Opcode Fuzzy Hash: d5c625558ceb13b4c231971d01d44d27f0c9bf7075b54f84456b81d36d3aefa5
                                                                                                    • Instruction Fuzzy Hash: 17216770D15288EEDF08DFE8E9987DDBBB1BF55308F608048E0057B295DBB94A08DB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA2B31 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • d, xrefs: 00FA2B6C
                                                                                                    • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00FA2B78
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ActiveWindow
                                                                                                    • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$d
                                                                                                    • API String ID: 2558294473-506145171
                                                                                                    • Opcode ID: 458d5aa40c97c111be89c278c697c0ad3995caaf895f33472aa3ba86ed61e394
                                                                                                    • Instruction ID: 3cf3b8513b7035b36c2b77fb4f642a3d2f26cb84057830dc86eac4bd274d1c0a
                                                                                                    • Opcode Fuzzy Hash: 458d5aa40c97c111be89c278c697c0ad3995caaf895f33472aa3ba86ed61e394
                                                                                                    • Instruction Fuzzy Hash: 80213670D15298EEDF08DFE4D9987DDBBB1BF55308F608088D0057B295DBB94A08DB51
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FB78C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetParent.USER32(00000013), ref: 00FB78F6
                                                                                                    Strings
                                                                                                    • Unknown exception, xrefs: 00FB78CB
                                                                                                    • C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 00FB78DB
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Parent
                                                                                                    • String ID: C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h$Unknown exception
                                                                                                    • API String ID: 975332729-9186675
                                                                                                    • Opcode ID: b3c9e344da412d5c9b4a587abbeb5f4e12aeb1187e937ea81d6b5e9686c19b6a
                                                                                                    • Instruction ID: 4534dbf3a7f607a8f2396e4103d545db3971e83b8f3eb3bfcd26f8b57aaf3337
                                                                                                    • Opcode Fuzzy Hash: b3c9e344da412d5c9b4a587abbeb5f4e12aeb1187e937ea81d6b5e9686c19b6a
                                                                                                    • Instruction Fuzzy Hash: FB018030D15388EFDF05EBE8C919ADDBFB0AF55304F948088D0016B296DBB55E08EB91
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA2C06 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • Unknown exception, xrefs: 00FA2C0E
                                                                                                    • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00FA2C21
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ActiveWindow
                                                                                                    • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                    • API String ID: 2558294473-2631306498
                                                                                                    • Opcode ID: fa67f7f2f1d32c5e0526e6326f47164ae25c3e8301fb458c5825c7e3c0d9c6a3
                                                                                                    • Instruction ID: 3f2481e868dc4ba357ac2bbc9fd5f8d427993c784fa161e108121efb22cebc8c
                                                                                                    • Opcode Fuzzy Hash: fa67f7f2f1d32c5e0526e6326f47164ae25c3e8301fb458c5825c7e3c0d9c6a3
                                                                                                    • Instruction Fuzzy Hash: 9D015230D15388DBDF05EBE8CD556DEBBB0AF56304F64819CD0016B296DB745B08E792
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FA2812 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    • Unknown exception, xrefs: 00FA281A
                                                                                                    • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00FA282A
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ActiveWindow
                                                                                                    • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                    • API String ID: 2558294473-2631306498
                                                                                                    • Opcode ID: 31ae2124adc1c023f2a84b0815f4a4d7326228ac63934812bf9c023a93d0abbe
                                                                                                    • Instruction ID: f5e94cc08603d16e241d54405cd582ccfc49b6a66df68684200db60353663f5f
                                                                                                    • Opcode Fuzzy Hash: 31ae2124adc1c023f2a84b0815f4a4d7326228ac63934812bf9c023a93d0abbe
                                                                                                    • Instruction Fuzzy Hash: AD015270D15388DBDF05EBE8D9586DDBFB0AF56304F54809CD0016B295D7B45A08D792
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 01143EC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                      • Part of subcall function 00FA9260: InitializeCriticalSectionAndSpinCount.KERNEL32(01257F5C,00000000,8C278AEA,00F90000,Function_001DC6B0,000000FF,?,01143EF0,?,?,?,00F96508), ref: 00FA9285
                                                                                                      • Part of subcall function 00FA9260: GetLastError.KERNEL32(?,01143EF0,?,?,?,00F96508), ref: 00FA928F
                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,00F96508), ref: 01143EF4
                                                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00F96508), ref: 01143F03
                                                                                                    Strings
                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 01143EFE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                    • API String ID: 450123788-631824599
                                                                                                    • Opcode ID: de4ae61e3abff0b3dd038804127f7ad0b32b364f002a7b14d8d869e171b78763
                                                                                                    • Instruction ID: 98eb5a4045f944330df5647754a670cc93770844f696d11e6434fb6340b1e994
                                                                                                    • Opcode Fuzzy Hash: de4ae61e3abff0b3dd038804127f7ad0b32b364f002a7b14d8d869e171b78763
                                                                                                    • Instruction Fuzzy Hash: 3EE030701007214FDB299F29E4083427AF4BF04B04B00896CE5A5C3645EBB4E444CB92
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00FD5970 Relevance: 5.3, APIs: 4, Instructions: 270memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetProcessHeap.KERNEL32(?,00000000), ref: 00FD5ACB
                                                                                                    • HeapFree.KERNEL32(00000000,?,00000000), ref: 00FD5AD1
                                                                                                    • GetProcessHeap.KERNEL32(?,00000000), ref: 00FD5B4A
                                                                                                    • HeapFree.KERNEL32(00000000,?,00000000), ref: 00FD5B50
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000000.00000002.1828568796.0000000000F91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                                                                                    • Associated: 00000000.00000002.1828550392.0000000000F90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828720398.00000000011C9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828778099.0000000001251000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828797097.0000000001256000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828813027.0000000001257000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                    • Associated: 00000000.00000002.1828828570.000000000125A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_0_2_f90000_fxsound_setup.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Heap$FreeProcess
                                                                                                    • String ID:
                                                                                                    • API String ID: 3859560861-0
                                                                                                    • Opcode ID: 61ef626c72895f2f2b86157d118c3701e4d97e1e923620e793d6b120be4bb763
                                                                                                    • Instruction ID: d9880026e09975035ea7d7cc85b16d1459b58c0a1c5f9696ea3f19552cc18a1c
                                                                                                    • Opcode Fuzzy Hash: 61ef626c72895f2f2b86157d118c3701e4d97e1e923620e793d6b120be4bb763
                                                                                                    • Instruction Fuzzy Hash: C4B1AFB0D00259DFDB14CFA4C844FEEBBB9BF44714F24825AE415AB281DB74AA05DBA0
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:1.5%
                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                    Signature Coverage:4.8%
                                                                                                    Total number of Nodes:651
                                                                                                    Total number of Limit Nodes:25
                                                                                                    execution_graph 15615 7ff7e06faf60 15616 7ff7e06faf99 15615->15616 15617 7ff7e06faf78 15615->15617 15617->15616 15619 7ff7e07037d0 15617->15619 15620 7ff7e07037e5 15619->15620 15621 7ff7e07037de 15619->15621 15623 7ff7e07037e3 15620->15623 15628 7ff7e07035c8 15620->15628 15625 7ff7e0703608 15621->15625 15623->15616 15635 7ff7e07034e8 15625->15635 15643 7ff7e070327c EnterCriticalSection 15628->15643 15642 7ff7e0704a34 EnterCriticalSection 15635->15642 17100 7ff7e0716ad0 17103 7ff7e071253c 17100->17103 17104 7ff7e0712549 17103->17104 17105 7ff7e071258e 17103->17105 17109 7ff7e070ba4c 17104->17109 17110 7ff7e070ba78 FlsSetValue 17109->17110 17111 7ff7e070ba5d FlsGetValue 17109->17111 17112 7ff7e070ba6a 17110->17112 17114 7ff7e070ba85 17110->17114 17111->17112 17113 7ff7e070ba72 17111->17113 17115 7ff7e070ba70 17112->17115 17116 7ff7e07056dc BuildCatchObjectHelperInternal 47 API calls 17112->17116 17113->17110 17117 7ff7e070bf44 _Getctype 11 API calls 17114->17117 17129 7ff7e0712214 17115->17129 17118 7ff7e070baed 17116->17118 17119 7ff7e070ba94 17117->17119 17120 7ff7e070bab2 FlsSetValue 17119->17120 17121 7ff7e070baa2 FlsSetValue 17119->17121 17123 7ff7e070babe FlsSetValue 17120->17123 17124 7ff7e070bad0 17120->17124 17122 7ff7e070baab 17121->17122 17125 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17122->17125 17123->17122 17126 7ff7e070b728 _Getctype 11 API calls 17124->17126 17125->17112 17127 7ff7e070bad8 17126->17127 17128 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17127->17128 17128->17115 17152 7ff7e0712484 17129->17152 17134 7ff7e0712266 17134->17105 17135 7ff7e070bee4 _fread_nolock 12 API calls 17136 7ff7e0712277 17135->17136 17137 7ff7e071227f 17136->17137 17139 7ff7e071228e 17136->17139 17138 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17137->17138 17138->17134 17139->17139 17170 7ff7e07125b8 17139->17170 17142 7ff7e071238a 17143 7ff7e0705808 _set_fmode 11 API calls 17142->17143 17144 7ff7e071238f 17143->17144 17146 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17144->17146 17145 7ff7e07123e5 17148 7ff7e071244c 17145->17148 17181 7ff7e0711d44 17145->17181 17146->17134 17147 7ff7e07123a4 17147->17145 17150 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17147->17150 17149 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17148->17149 17149->17134 17150->17145 17153 7ff7e07124a7 17152->17153 17154 7ff7e07124b1 17153->17154 17196 7ff7e0704a34 EnterCriticalSection 17153->17196 17157 7ff7e0712249 17154->17157 17159 7ff7e07056dc BuildCatchObjectHelperInternal 47 API calls 17154->17159 17163 7ff7e0711f14 17157->17163 17161 7ff7e071253b 17159->17161 17164 7ff7e0702e3c TranslateName 47 API calls 17163->17164 17165 7ff7e0711f28 17164->17165 17166 7ff7e0711f34 GetOEMCP 17165->17166 17167 7ff7e0711f46 17165->17167 17168 7ff7e0711f5b 17166->17168 17167->17168 17169 7ff7e0711f4b GetACP 17167->17169 17168->17134 17168->17135 17169->17168 17171 7ff7e0711f14 49 API calls 17170->17171 17172 7ff7e07125e5 17171->17172 17174 7ff7e0712622 IsValidCodePage 17172->17174 17179 7ff7e0712665 _fread_nolock 17172->17179 17173 7ff7e06fc4b0 _invalid_parameter_noinfo_noreturn 8 API calls 17176 7ff7e0712381 17173->17176 17175 7ff7e0712633 17174->17175 17174->17179 17177 7ff7e071266a GetCPInfo 17175->17177 17180 7ff7e071263c _fread_nolock 17175->17180 17176->17142 17176->17147 17177->17179 17177->17180 17179->17173 17197 7ff7e071202c 17180->17197 17208 7ff7e0704a34 EnterCriticalSection 17181->17208 17198 7ff7e0712069 GetCPInfo 17197->17198 17207 7ff7e071215f 17197->17207 17203 7ff7e071207c 17198->17203 17198->17207 17199 7ff7e06fc4b0 _invalid_parameter_noinfo_noreturn 8 API calls 17201 7ff7e07121fe 17199->17201 17200 7ff7e0710240 std::_Locinfo::_Locinfo_ctor 50 API calls 17202 7ff7e07120f3 17200->17202 17201->17179 17204 7ff7e07106fc 56 API calls 17202->17204 17203->17200 17205 7ff7e0712126 17204->17205 17206 7ff7e07106fc 56 API calls 17205->17206 17206->17207 17207->17199 15739 7ff7e06f114c 15740 7ff7e06fcc90 15739->15740 15743 7ff7e06fcc54 15740->15743 15742 7ff7e06fcc99 15744 7ff7e06fcc6e 15743->15744 15746 7ff7e06fcc67 shared_ptr 15743->15746 15747 7ff7e070aae0 15744->15747 15746->15742 15750 7ff7e070a71c 15747->15750 15757 7ff7e0704a34 EnterCriticalSection 15750->15757 15990 7ff7e070b7f8 15991 7ff7e070b812 15990->15991 15992 7ff7e070b7fd 15990->15992 15996 7ff7e070b818 15992->15996 15997 7ff7e070b85a 15996->15997 15998 7ff7e070b862 15996->15998 15999 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15997->15999 16000 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 15998->16000 15999->15998 16001 7ff7e070b86f 16000->16001 16002 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16001->16002 16003 7ff7e070b87c 16002->16003 16004 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16003->16004 16005 7ff7e070b889 16004->16005 16006 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16005->16006 16007 7ff7e070b896 16006->16007 16008 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16007->16008 16009 7ff7e070b8a3 16008->16009 16010 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16009->16010 16011 7ff7e070b8b0 16010->16011 16012 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16011->16012 16013 7ff7e070b8bd 16012->16013 16014 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16013->16014 16015 7ff7e070b8cd 16014->16015 16016 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16015->16016 16017 7ff7e070b8dd 16016->16017 16022 7ff7e070b6c8 16017->16022 16036 7ff7e0704a34 EnterCriticalSection 16022->16036 16347 7ff7e06f100c 16352 7ff7e06f9d00 16347->16352 16350 7ff7e06fcc54 shared_ptr 50 API calls 16351 7ff7e06fcc99 16350->16351 16353 7ff7e06f9d1b 16352->16353 16356 7ff7e06faa40 16353->16356 16355 7ff7e06f102c 16355->16350 16376 7ff7e06fa698 16356->16376 16361 7ff7e06faa8b 16362 7ff7e06faa98 16361->16362 16387 7ff7e06fbfc4 16361->16387 16362->16355 16364 7ff7e06faaa8 16365 7ff7e06f8b10 180 API calls 16364->16365 16366 7ff7e06faae8 16365->16366 16367 7ff7e06fe350 Concurrency::cancel_current_task 2 API calls 16366->16367 16368 7ff7e06faaf9 16367->16368 16369 7ff7e06fab30 16368->16369 16373 7ff7e06fac24 16368->16373 16374 7ff7e06fabb5 16368->16374 16370 7ff7e06fc4b0 _invalid_parameter_noinfo_noreturn 8 API calls 16369->16370 16371 7ff7e06fac6c 16370->16371 16371->16355 16373->16369 16375 7ff7e0704570 78 API calls 16373->16375 16374->16369 16392 7ff7e0703b34 16374->16392 16375->16369 16400 7ff7e06fa7e4 16376->16400 16379 7ff7e06fc774 std::_Facet_Register 49 API calls 16380 7ff7e06fa6e2 16379->16380 16381 7ff7e06fa6f1 16380->16381 16407 7ff7e06fb9bc 16380->16407 16383 7ff7e06fb2f8 16381->16383 16384 7ff7e06fb321 16383->16384 16428 7ff7e06f9be8 16384->16428 16388 7ff7e06fb774 std::_Lockit::_Lockit 6 API calls 16387->16388 16389 7ff7e06fbfdc 16388->16389 16390 7ff7e06fb7ec std::_Lockit::~_Lockit LeaveCriticalSection 16389->16390 16391 7ff7e06fc035 16390->16391 16391->16362 16393 7ff7e0703b64 16392->16393 16528 7ff7e07039d8 16393->16528 16396 7ff7e0703ba2 16398 7ff7e0703bb7 16396->16398 16399 7ff7e0702988 _invalid_parameter_noinfo 47 API calls 16396->16399 16397 7ff7e0702988 _invalid_parameter_noinfo 47 API calls 16397->16396 16398->16369 16399->16398 16401 7ff7e06fa6d8 16400->16401 16402 7ff7e06fa7fb 16400->16402 16401->16379 16403 7ff7e06f8b10 180 API calls 16402->16403 16404 7ff7e06fa83d 16403->16404 16405 7ff7e06fe350 Concurrency::cancel_current_task 2 API calls 16404->16405 16406 7ff7e06fa84e 16405->16406 16408 7ff7e06fb774 std::_Lockit::_Lockit 6 API calls 16407->16408 16409 7ff7e06fb9de 16408->16409 16415 7ff7e06fba01 ~_Yarn ctype 16409->16415 16416 7ff7e06fbbb8 16409->16416 16411 7ff7e06fb9f6 16419 7ff7e06fbbe8 16411->16419 16412 7ff7e06fb7ec std::_Lockit::~_Lockit LeaveCriticalSection 16414 7ff7e06fba9c 16412->16414 16414->16381 16415->16412 16417 7ff7e06fc774 std::_Facet_Register 49 API calls 16416->16417 16418 7ff7e06fbbca 16417->16418 16418->16411 16420 7ff7e06fbc0d 16419->16420 16421 7ff7e06fbbfa 16419->16421 16420->16415 16423 7ff7e06fc134 16421->16423 16424 7ff7e06fc142 EncodePointer 16423->16424 16425 7ff7e06fc169 16423->16425 16424->16420 16426 7ff7e07056dc BuildCatchObjectHelperInternal 47 API calls 16425->16426 16427 7ff7e06fc16e 16426->16427 16429 7ff7e06fb774 std::_Lockit::_Lockit 6 API calls 16428->16429 16430 7ff7e06f9c02 16429->16430 16431 7ff7e06fb774 std::_Lockit::_Lockit 6 API calls 16430->16431 16436 7ff7e06f9c51 16430->16436 16433 7ff7e06f9c27 16431->16433 16432 7ff7e06f9c9e 16434 7ff7e06fb7ec std::_Lockit::~_Lockit LeaveCriticalSection 16432->16434 16437 7ff7e06fb7ec std::_Lockit::~_Lockit LeaveCriticalSection 16433->16437 16435 7ff7e06f9ce9 16434->16435 16435->16361 16435->16364 16436->16432 16445 7ff7e06fa4dc 16436->16445 16437->16436 16440 7ff7e06f9cb6 16455 7ff7e06fb97c 16440->16455 16441 7ff7e06f9cf7 16458 7ff7e06fa7a8 16441->16458 16446 7ff7e06fa50b 16445->16446 16447 7ff7e06f9cb0 16445->16447 16446->16447 16448 7ff7e06fc774 std::_Facet_Register 49 API calls 16446->16448 16447->16440 16447->16441 16449 7ff7e06fa51c 16448->16449 16450 7ff7e06fa572 16449->16450 16464 7ff7e06f9e14 16449->16464 16450->16447 16487 7ff7e06f9ff8 16450->16487 16456 7ff7e06fc774 std::_Facet_Register 49 API calls 16455->16456 16457 7ff7e06fb98f 16456->16457 16457->16432 16459 7ff7e06fa7b6 std::bad_alloc::bad_alloc 16458->16459 16460 7ff7e06fe350 Concurrency::cancel_current_task 2 API calls 16459->16460 16461 7ff7e06fa7c7 16460->16461 16462 7ff7e06f9cfc 16461->16462 16527 7ff7e0703288 LeaveCriticalSection 16461->16527 16465 7ff7e06fb774 std::_Lockit::_Lockit 6 API calls 16464->16465 16466 7ff7e06f9e30 16465->16466 16467 7ff7e06f9e64 16466->16467 16468 7ff7e06f9e7e 16466->16468 16490 7ff7e06fbb30 16467->16490 16495 7ff7e06f996c 16468->16495 16523 7ff7e06fbb9c 16487->16523 16489 7ff7e06fa006 ~_Yarn 16500 7ff7e0704dac 16490->16500 16513 7ff7e06f98dc 16495->16513 16498 7ff7e06fe350 Concurrency::cancel_current_task 2 API calls 16499 7ff7e06f998e 16498->16499 16501 7ff7e070c800 std::_Lockit::_Lockit 5 API calls 16500->16501 16502 7ff7e0704dc2 16501->16502 16505 7ff7e0704ad0 16502->16505 16512 7ff7e0704a34 EnterCriticalSection 16505->16512 16514 7ff7e06fe0b8 __std_exception_copy 47 API calls 16513->16514 16515 7ff7e06f9910 16514->16515 16515->16498 16524 7ff7e06fbbb0 16523->16524 16525 7ff7e06fbba9 16523->16525 16524->16489 16526 7ff7e0704dac std::_Locinfo::_Locinfo_ctor 81 API calls 16525->16526 16526->16524 16529 7ff7e0703a33 16528->16529 16530 7ff7e07039fe 16528->16530 16546 7ff7e070327c EnterCriticalSection 16529->16546 16531 7ff7e0702ca8 _invalid_parameter_noinfo 47 API calls 16530->16531 16545 7ff7e0703a20 16531->16545 16545->16396 16545->16397 14073 7ff7e0708b49 14085 7ff7e070aca0 14073->14085 14075 7ff7e0708b4e 14076 7ff7e0708bbf 14075->14076 14077 7ff7e0708b75 GetModuleHandleW 14075->14077 14078 7ff7e0708a4c 11 API calls 14076->14078 14077->14076 14083 7ff7e0708b82 14077->14083 14079 7ff7e0708bfb 14078->14079 14080 7ff7e0708c02 14079->14080 14081 7ff7e0708c18 11 API calls 14079->14081 14082 7ff7e0708c14 14081->14082 14083->14076 14084 7ff7e0708c7c GetModuleHandleExW GetProcAddress FreeLibrary 14083->14084 14084->14076 14090 7ff7e070b978 GetLastError 14085->14090 14091 7ff7e070b9b9 FlsSetValue 14090->14091 14092 7ff7e070b99c FlsGetValue 14090->14092 14094 7ff7e070b9cb 14091->14094 14109 7ff7e070b9a9 SetLastError 14091->14109 14093 7ff7e070b9b3 14092->14093 14092->14109 14093->14091 14121 7ff7e070bf44 14094->14121 14098 7ff7e070aca9 14112 7ff7e07056dc 14098->14112 14099 7ff7e070ba45 14102 7ff7e07056dc BuildCatchObjectHelperInternal 40 API calls 14099->14102 14100 7ff7e070b9f8 FlsSetValue 14105 7ff7e070ba04 FlsSetValue 14100->14105 14106 7ff7e070ba16 14100->14106 14101 7ff7e070b9e8 FlsSetValue 14104 7ff7e070b9f1 14101->14104 14103 7ff7e070ba4a 14102->14103 14128 7ff7e070bea8 14104->14128 14105->14104 14134 7ff7e070b728 14106->14134 14109->14098 14109->14099 14182 7ff7e0710844 14112->14182 14122 7ff7e070bf55 _Getctype 14121->14122 14123 7ff7e070bfa6 14122->14123 14124 7ff7e070bf8a RtlAllocateHeap 14122->14124 14139 7ff7e0708010 14122->14139 14142 7ff7e0705808 14123->14142 14124->14122 14125 7ff7e070b9da 14124->14125 14125->14100 14125->14101 14129 7ff7e070bead HeapFree 14128->14129 14131 7ff7e070bedc 14128->14131 14130 7ff7e070bec8 GetLastError 14129->14130 14129->14131 14132 7ff7e070bed5 Concurrency::details::SchedulerProxy::DeleteThis 14130->14132 14131->14109 14133 7ff7e0705808 _set_fmode 9 API calls 14132->14133 14133->14131 14168 7ff7e070b600 14134->14168 14145 7ff7e070804c 14139->14145 14151 7ff7e070baf0 GetLastError 14142->14151 14144 7ff7e0705811 14144->14125 14150 7ff7e0704a34 EnterCriticalSection 14145->14150 14152 7ff7e070bb31 FlsSetValue 14151->14152 14155 7ff7e070bb14 14151->14155 14153 7ff7e070bb21 14152->14153 14154 7ff7e070bb43 14152->14154 14156 7ff7e070bb9d SetLastError 14153->14156 14157 7ff7e070bf44 _Getctype 5 API calls 14154->14157 14155->14152 14155->14153 14156->14144 14158 7ff7e070bb52 14157->14158 14159 7ff7e070bb70 FlsSetValue 14158->14159 14160 7ff7e070bb60 FlsSetValue 14158->14160 14161 7ff7e070bb7c FlsSetValue 14159->14161 14162 7ff7e070bb8e 14159->14162 14163 7ff7e070bb69 14160->14163 14161->14163 14165 7ff7e070b728 _Getctype 5 API calls 14162->14165 14164 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 14163->14164 14164->14153 14166 7ff7e070bb96 14165->14166 14167 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 14166->14167 14167->14156 14180 7ff7e0704a34 EnterCriticalSection 14168->14180 14216 7ff7e07107fc 14182->14216 14221 7ff7e0704a34 EnterCriticalSection 14216->14221 16817 7ff7e0709154 16820 7ff7e0708f20 16817->16820 16827 7ff7e0704a34 EnterCriticalSection 16820->16827 16828 7ff7e07031d8 16829 7ff7e07031e3 16828->16829 16837 7ff7e070c9c4 16829->16837 16850 7ff7e0704a34 EnterCriticalSection 16837->16850 17776 7ff7e071885f 17777 7ff7e071886e 17776->17777 17779 7ff7e0718878 17776->17779 17780 7ff7e0704a88 LeaveCriticalSection 17777->17780 14299 7ff7e06fc8c8 14320 7ff7e06fca94 14299->14320 14302 7ff7e06fca1f 14379 7ff7e06fcfc0 IsProcessorFeaturePresent 14302->14379 14303 7ff7e06fc8e9 __scrt_acquire_startup_lock 14305 7ff7e06fca29 14303->14305 14310 7ff7e06fc907 __scrt_release_startup_lock 14303->14310 14306 7ff7e06fcfc0 7 API calls 14305->14306 14308 7ff7e06fca34 BuildCatchObjectHelperInternal 14306->14308 14307 7ff7e06fc92c 14309 7ff7e06fc9b2 14328 7ff7e0708968 14309->14328 14310->14307 14310->14309 14368 7ff7e0708d20 14310->14368 14313 7ff7e06fc9b7 14334 7ff7e06f8c60 14313->14334 14317 7ff7e06fc9db 14317->14308 14375 7ff7e06fcc28 14317->14375 14386 7ff7e06fd250 14320->14386 14323 7ff7e06fcac3 14388 7ff7e070ac54 14323->14388 14324 7ff7e06fc8e1 14324->14302 14324->14303 14329 7ff7e070898d 14328->14329 14330 7ff7e0708978 14328->14330 14329->14313 14330->14329 14431 7ff7e0708624 14330->14431 14335 7ff7e06f8c9c 14334->14335 14336 7ff7e06f8c89 14334->14336 14500 7ff7e0702f18 14335->14500 14517 7ff7e06f8e70 14336->14517 14339 7ff7e06f8cac 14340 7ff7e06f8cb0 14339->14340 14341 7ff7e06f8cfe 14339->14341 14344 7ff7e06f8cb5 14340->14344 14345 7ff7e06f8cc8 14340->14345 14342 7ff7e0702f18 TranslateName 53 API calls 14341->14342 14347 7ff7e06f8d0e 14342->14347 14343 7ff7e06fc4b0 _invalid_parameter_noinfo_noreturn 8 API calls 14348 7ff7e06f8e28 14343->14348 14349 7ff7e06f8e70 180 API calls 14344->14349 14531 7ff7e06f6870 14345->14531 14355 7ff7e06f8d3d SetupDiGetClassDevsW 14347->14355 14356 7ff7e06f8df7 14347->14356 14361 7ff7e06f8c95 14347->14361 14373 7ff7e06fd114 GetModuleHandleW 14348->14373 14349->14361 14351 7ff7e06f8cd5 14353 7ff7e06f8e70 180 API calls 14351->14353 14352 7ff7e06f8ce8 14354 7ff7e06f8e70 180 API calls 14352->14354 14357 7ff7e06f8ce1 14353->14357 14354->14357 14355->14356 14359 7ff7e06f8d5d SetupDiEnumDeviceInfo 14355->14359 14358 7ff7e06f8e70 180 API calls 14356->14358 14357->14361 14358->14361 14360 7ff7e06f8dee SetupDiDestroyDeviceInfoList 14359->14360 14363 7ff7e06f8d7d 14359->14363 14360->14356 14361->14343 14362 7ff7e06f8d80 SetupDiGetDeviceRegistryPropertyW 14362->14363 14363->14362 14364 7ff7e06f8ddb SetupDiEnumDeviceInfo 14363->14364 14365 7ff7e06f8e39 SetupDiRemoveDevice 14363->14365 14364->14360 14364->14362 14365->14360 14366 7ff7e06f8e48 SetupDiDestroyDeviceInfoList 14365->14366 14367 7ff7e06f8e70 180 API calls 14366->14367 14367->14361 14369 7ff7e0708d37 14368->14369 14370 7ff7e0708d58 14368->14370 14369->14309 14371 7ff7e070aca0 __GSHandlerCheck_EH 47 API calls 14370->14371 14372 7ff7e0708d5d 14371->14372 14374 7ff7e06fd125 14373->14374 14374->14317 14377 7ff7e06fcc39 14375->14377 14376 7ff7e06fc9f2 14376->14307 14377->14376 14378 7ff7e06ff218 __scrt_initialize_crt 7 API calls 14377->14378 14378->14376 14380 7ff7e06fcfe6 _invalid_parameter_noinfo_noreturn _fread_nolock 14379->14380 14381 7ff7e06fd005 RtlCaptureContext RtlLookupFunctionEntry 14380->14381 14382 7ff7e06fd02e RtlVirtualUnwind 14381->14382 14383 7ff7e06fd06a _fread_nolock 14381->14383 14382->14383 14384 7ff7e06fd09c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14383->14384 14385 7ff7e06fd0ee _invalid_parameter_noinfo_noreturn 14384->14385 14385->14305 14387 7ff7e06fcab6 __scrt_dllmain_crt_thread_attach 14386->14387 14387->14323 14387->14324 14389 7ff7e0715a40 14388->14389 14390 7ff7e06fcac8 14389->14390 14398 7ff7e070ccb0 14389->14398 14390->14324 14392 7ff7e06ff218 14390->14392 14393 7ff7e06ff220 14392->14393 14394 7ff7e06ff22a 14392->14394 14410 7ff7e06ff3f0 14393->14410 14394->14324 14409 7ff7e0704a34 EnterCriticalSection 14398->14409 14400 7ff7e070ccc0 14401 7ff7e0712ea4 53 API calls 14400->14401 14402 7ff7e070ccc9 14401->14402 14403 7ff7e070ccd7 14402->14403 14404 7ff7e070cab8 55 API calls 14402->14404 14405 7ff7e0704a88 Concurrency::details::SchedulerProxy::DeleteThis LeaveCriticalSection 14403->14405 14406 7ff7e070ccd2 14404->14406 14407 7ff7e070cce3 14405->14407 14408 7ff7e070cba8 GetStdHandle GetFileType 14406->14408 14407->14389 14408->14403 14411 7ff7e06ff3ff 14410->14411 14412 7ff7e06ff225 14410->14412 14418 7ff7e0702734 14411->14418 14414 7ff7e0702564 14412->14414 14415 7ff7e070258f 14414->14415 14416 7ff7e0702593 14415->14416 14417 7ff7e0702572 DeleteCriticalSection 14415->14417 14416->14394 14417->14415 14422 7ff7e070259c 14418->14422 14423 7ff7e07026b6 TlsFree 14422->14423 14424 7ff7e07025e0 __vcrt_FlsAlloc 14422->14424 14424->14423 14425 7ff7e070260e LoadLibraryExW 14424->14425 14428 7ff7e07026a5 GetProcAddress 14424->14428 14430 7ff7e0702651 LoadLibraryExW 14424->14430 14426 7ff7e0702685 14425->14426 14427 7ff7e070262f GetLastError 14425->14427 14426->14428 14429 7ff7e070269c FreeLibrary 14426->14429 14427->14424 14428->14423 14429->14428 14430->14424 14430->14426 14432 7ff7e070863d 14431->14432 14443 7ff7e0708639 14431->14443 14452 7ff7e0712878 GetEnvironmentStringsW 14432->14452 14435 7ff7e070864a 14437 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14435->14437 14436 7ff7e0708656 14459 7ff7e0708694 14436->14459 14437->14443 14440 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14441 7ff7e070867d 14440->14441 14442 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14441->14442 14442->14443 14443->14329 14444 7ff7e07087f4 14443->14444 14445 7ff7e0708817 14444->14445 14450 7ff7e070882e 14444->14450 14445->14329 14446 7ff7e07114d0 MultiByteToWideChar _fread_nolock 14446->14450 14447 7ff7e070bf44 _Getctype 11 API calls 14447->14450 14448 7ff7e07088a2 14449 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14448->14449 14449->14445 14450->14445 14450->14446 14450->14447 14450->14448 14451 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14450->14451 14451->14450 14453 7ff7e071289c 14452->14453 14454 7ff7e0708642 14452->14454 14478 7ff7e070bee4 14453->14478 14454->14435 14454->14436 14456 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14458 7ff7e07128f3 FreeEnvironmentStringsW 14456->14458 14457 7ff7e07128d3 ctype 14457->14456 14458->14454 14460 7ff7e07086bc 14459->14460 14461 7ff7e070bf44 _Getctype 11 API calls 14460->14461 14473 7ff7e07086f7 14461->14473 14462 7ff7e07086ff 14463 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14462->14463 14464 7ff7e070865e 14463->14464 14464->14440 14465 7ff7e0708779 14466 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14465->14466 14466->14464 14467 7ff7e070bf44 _Getctype 11 API calls 14467->14473 14468 7ff7e0708768 14494 7ff7e07087b0 14468->14494 14472 7ff7e070879c 14476 7ff7e0702dc8 _invalid_parameter_noinfo_noreturn 17 API calls 14472->14476 14473->14462 14473->14465 14473->14467 14473->14468 14473->14472 14475 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14473->14475 14485 7ff7e0710794 14473->14485 14474 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14474->14462 14475->14473 14477 7ff7e07087ae 14476->14477 14479 7ff7e070bf2f 14478->14479 14483 7ff7e070bef3 _Getctype 14478->14483 14480 7ff7e0705808 _set_fmode 11 API calls 14479->14480 14482 7ff7e070bf2d 14480->14482 14481 7ff7e070bf16 HeapAlloc 14481->14482 14481->14483 14482->14457 14483->14479 14483->14481 14484 7ff7e0708010 std::_Facet_Register 2 API calls 14483->14484 14484->14483 14486 7ff7e07107ab 14485->14486 14487 7ff7e07107a1 14485->14487 14488 7ff7e0705808 _set_fmode 11 API calls 14486->14488 14487->14486 14492 7ff7e07107c7 14487->14492 14489 7ff7e07107b3 14488->14489 14490 7ff7e0702d78 _invalid_parameter_noinfo 47 API calls 14489->14490 14491 7ff7e07107bf 14490->14491 14491->14473 14492->14491 14493 7ff7e0705808 _set_fmode 11 API calls 14492->14493 14493->14489 14495 7ff7e0708770 14494->14495 14496 7ff7e07087b5 14494->14496 14495->14474 14497 7ff7e07087de 14496->14497 14498 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14496->14498 14499 7ff7e070bea8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 14497->14499 14498->14496 14499->14495 14501 7ff7e0702f25 14500->14501 14502 7ff7e0702f49 14500->14502 14501->14502 14503 7ff7e0702f2a 14501->14503 14504 7ff7e0702f83 14502->14504 14507 7ff7e0702fa2 14502->14507 14505 7ff7e0705808 _set_fmode 11 API calls 14503->14505 14506 7ff7e0705808 _set_fmode 11 API calls 14504->14506 14508 7ff7e0702f2f 14505->14508 14509 7ff7e0702f88 14506->14509 14553 7ff7e0702e3c 14507->14553 14511 7ff7e0702d78 _invalid_parameter_noinfo 47 API calls 14508->14511 14512 7ff7e0702d78 _invalid_parameter_noinfo 47 API calls 14509->14512 14513 7ff7e0702f3a 14511->14513 14514 7ff7e0702f93 TranslateName 14512->14514 14513->14339 14514->14339 14515 7ff7e070bcd8 53 API calls TranslateName 14516 7ff7e0702faf 14515->14516 14516->14514 14516->14515 14518 7ff7e06f8eb0 14517->14518 14526 7ff7e06f8f08 14518->14526 14585 7ff7e06f9240 14518->14585 14520 7ff7e06f90f8 14606 7ff7e06f8b10 14520->14606 14521 7ff7e06f90ab 14522 7ff7e06f90bc 14521->14522 14599 7ff7e06f93a0 14521->14599 14522->14361 14525 7ff7e06f913a 14617 7ff7e06fe350 14525->14617 14526->14520 14526->14521 14528 7ff7e06f914b 14529 7ff7e06f916a 14528->14529 14530 7ff7e06f93a0 180 API calls 14528->14530 14529->14361 14530->14529 14532 7ff7e06f68a0 14531->14532 14533 7ff7e06f68cb 14531->14533 14532->14533 14534 7ff7e06f68ab GetFullPathNameW 14532->14534 14535 7ff7e06fc4b0 _invalid_parameter_noinfo_noreturn 8 API calls 14533->14535 14534->14533 14537 7ff7e06f68d2 _fread_nolock 14534->14537 14536 7ff7e06f6b22 14535->14536 14536->14351 14536->14352 14537->14533 14538 7ff7e06f694b SetupDiGetINFClassW 14537->14538 14538->14533 14539 7ff7e06f6977 SetupDiCreateDeviceInfoList 14538->14539 14539->14533 14540 7ff7e06f6999 SetupDiCreateDeviceInfoW 14539->14540 14541 7ff7e06f6af0 SetupDiDestroyDeviceInfoList 14540->14541 14542 7ff7e06f69d9 SetupDiSetDeviceRegistryPropertyW 14540->14542 14541->14533 14542->14541 14544 7ff7e06f6a2a SetupDiCallClassInstaller 14542->14544 14544->14541 14545 7ff7e06f6a45 14544->14545 14546 7ff7e06f6a4e 14545->14546 14547 7ff7e06f6a58 GetFullPathNameW 14545->14547 14546->14541 14547->14541 14548 7ff7e06f6a7a GetFileAttributesW 14547->14548 14548->14541 14549 7ff7e06f6a8d LoadLibraryW 14548->14549 14549->14541 14550 7ff7e06f6aa2 GetProcAddress 14549->14550 14551 7ff7e06f6ae7 FreeLibrary 14550->14551 14552 7ff7e06f6ab7 14550->14552 14551->14541 14552->14551 14554 7ff7e0702e60 14553->14554 14560 7ff7e0702e5b 14553->14560 14555 7ff7e070b978 _Getctype 47 API calls 14554->14555 14554->14560 14556 7ff7e0702e7b 14555->14556 14561 7ff7e070bdd0 14556->14561 14560->14516 14562 7ff7e0702e9e 14561->14562 14563 7ff7e070bde5 14561->14563 14565 7ff7e070be3c 14562->14565 14563->14562 14569 7ff7e0714440 14563->14569 14566 7ff7e070be51 14565->14566 14568 7ff7e070be64 14565->14568 14566->14568 14582 7ff7e071259c 14566->14582 14568->14560 14570 7ff7e070b978 _Getctype 47 API calls 14569->14570 14571 7ff7e071444f 14570->14571 14572 7ff7e071449a 14571->14572 14581 7ff7e0704a34 EnterCriticalSection 14571->14581 14572->14562 14583 7ff7e070b978 _Getctype 47 API calls 14582->14583 14584 7ff7e07125a5 14583->14584 14586 7ff7e06f927e 14585->14586 14593 7ff7e06f92fe 14585->14593 14622 7ff7e06f9190 14586->14622 14588 7ff7e06fc4b0 _invalid_parameter_noinfo_noreturn 8 API calls 14590 7ff7e06f932c 14588->14590 14590->14526 14591 7ff7e06f92eb 14592 7ff7e06f93a0 180 API calls 14591->14592 14591->14593 14592->14593 14593->14588 14594 7ff7e06f9341 14595 7ff7e06f8b10 180 API calls 14594->14595 14596 7ff7e06f9383 14595->14596 14597 7ff7e06fe350 Concurrency::cancel_current_task 2 API calls 14596->14597 14598 7ff7e06f9394 14597->14598 14600 7ff7e06f93e9 14599->14600 14601 7ff7e06f93b7 14599->14601 14600->14522 14601->14600 14602 7ff7e06f8b10 180 API calls 14601->14602 14603 7ff7e06f942f 14602->14603 14604 7ff7e06fe350 Concurrency::cancel_current_task 2 API calls 14603->14604 14605 7ff7e06f9440 14604->14605 14607 7ff7e06f8b50 14606->14607 14607->14607 14609 7ff7e06f8b63 ctype 14607->14609 14626 7ff7e06f7b00 14607->14626 14641 7ff7e06f8690 14609->14641 14611 7ff7e06f8b9b 14612 7ff7e06f8bd0 14611->14612 14660 7ff7e0702d98 14611->14660 14612->14525 14618 7ff7e06fe38c RtlPcToFileHeader 14617->14618 14619 7ff7e06fe36f 14617->14619 14620 7ff7e06fe3a4 14618->14620 14621 7ff7e06fe3b3 RaiseException 14618->14621 14619->14618 14620->14621 14621->14528 14624 7ff7e06f91b9 14622->14624 14623 7ff7e06f91ce 14623->14591 14623->14594 14624->14623 14625 7ff7e06f9240 180 API calls 14624->14625 14625->14623 14627 7ff7e06f7c1f 14626->14627 14628 7ff7e06f7b27 14626->14628 14671 7ff7e06f1370 14627->14671 14630 7ff7e06f7b76 14628->14630 14633 7ff7e06f7ba2 14628->14633 14634 7ff7e06f7b69 14628->14634 14665 7ff7e06fc774 14630->14665 14631 7ff7e06f7c24 14781 7ff7e06f12d0 14631->14781 14636 7ff7e06fc774 std::_Facet_Register 49 API calls 14633->14636 14640 7ff7e06f7b8b ctype 14633->14640 14634->14630 14634->14631 14636->14640 14637 7ff7e0702d98 _invalid_parameter_noinfo_noreturn 47 API calls 14638 7ff7e06f7c30 14637->14638 14639 7ff7e06f7bfc 14639->14609 14640->14637 14640->14639 14642 7ff7e06f86dc 14641->14642 14643 7ff7e06f8718 14642->14643 14644 7ff7e06f8747 14642->14644 14653 7ff7e06f86e5 ctype 14642->14653 14645 7ff7e06fc774 std::_Facet_Register 49 API calls 14643->14645 14652 7ff7e06f890b 14643->14652 14646 7ff7e06fc774 std::_Facet_Register 49 API calls 14644->14646 14644->14653 14645->14653 14646->14653 14647 7ff7e06f12d0 Concurrency::cancel_current_task 49 API calls 14648 7ff7e06f8911 14647->14648 14651 7ff7e0702d98 _invalid_parameter_noinfo_noreturn 47 API calls 14648->14651 14649 7ff7e06f8906 14650 7ff7e0702d98 _invalid_parameter_noinfo_noreturn 47 API calls 14649->14650 14650->14652 14657 7ff7e06f8917 __std_exception_destroy 14651->14657 14652->14647 14653->14648 14653->14649 14654 7ff7e06fe0b8 __std_exception_copy 47 API calls 14653->14654 14655 7ff7e06f8891 14654->14655 14655->14649 14656 7ff7e06f88cd 14655->14656 14658 7ff7e06fc4b0 _invalid_parameter_noinfo_noreturn 8 API calls 14656->14658 14657->14611 14659 7ff7e06f88f4 14658->14659 14659->14611 14661 7ff7e0702c0c _invalid_parameter_noinfo 47 API calls 14660->14661 14662 7ff7e0702db1 14661->14662 14663 7ff7e0702dc8 _invalid_parameter_noinfo_noreturn 17 API calls 14662->14663 14664 7ff7e0702dc6 14663->14664 14666 7ff7e06fc77f 14665->14666 14666->14665 14667 7ff7e06fc798 14666->14667 14668 7ff7e0708010 std::_Facet_Register 2 API calls 14666->14668 14670 7ff7e06f12d0 Concurrency::cancel_current_task 49 API calls 14666->14670 14787 7ff7e06fce94 14666->14787 14667->14640 14668->14666 14670->14666 14791 7ff7e06f9924 14671->14791 14782 7ff7e06f12de Concurrency::cancel_current_task 14781->14782 14783 7ff7e06fe350 Concurrency::cancel_current_task 2 API calls 14782->14783 14784 7ff7e06f12ef 14783->14784 14785 7ff7e06fe0b8 __std_exception_copy 47 API calls 14784->14785 14786 7ff7e06f1319 14785->14786 14786->14640 14788 7ff7e06fcea2 Concurrency::cancel_current_task 14787->14788 14789 7ff7e06fe350 Concurrency::cancel_current_task 2 API calls 14788->14789 14790 7ff7e06fceb3 14789->14790 14796 7ff7e06f97d4 14791->14796 14794 7ff7e06fe350 Concurrency::cancel_current_task 2 API calls 14795 7ff7e06f9946 14794->14795 14799 7ff7e06fe0b8 14796->14799 14798 7ff7e06f9808 14798->14794 14800 7ff7e06fe10e ~_Yarn 14799->14800 14801 7ff7e06fe0d9 14799->14801 14800->14798 14801->14800 14803 7ff7e070accc 14801->14803 14804 7ff7e070acd9 14803->14804 14805 7ff7e070ace3 14803->14805 14804->14805 14807 7ff7e070acfe 14804->14807 14806 7ff7e0705808 _set_fmode 11 API calls 14805->14806 14811 7ff7e070acea 14806->14811 14809 7ff7e070acf6 14807->14809 14810 7ff7e0705808 _set_fmode 11 API calls 14807->14810 14808 7ff7e0702d78 _invalid_parameter_noinfo 47 API calls 14808->14809 14809->14800 14810->14811 14811->14808

                                                                                                    Executed Functions

                                                                                                    Function 00007FF7E06F8C60 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 122COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DeviceSetup$DestroyInfoList$Remove
                                                                                                    • String ID: $Driver removal failed$FxSound driver installation failed$Please specify a paramter : install or remove$Root\FXVAD$Success$Syntax: fxdevcon install <inf path>$install$remove
                                                                                                    • API String ID: 1552884366-1548843805
                                                                                                    • Opcode ID: 5cacbce7fdb70afc9de623bb55feab5698695e2e0fb7f17144c4357e18d40dac
                                                                                                    • Instruction ID: 353ab2972bc858d792936bb65c7e47080b52215d65f297c4e9fdd1ae25a4457f
                                                                                                    • Opcode Fuzzy Hash: 5cacbce7fdb70afc9de623bb55feab5698695e2e0fb7f17144c4357e18d40dac
                                                                                                    • Instruction Fuzzy Hash: DA512361B0CA4389EE50BF25E8003B9E262EF89794FC44177D65D467E5DE3CF8268722
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E070C06C Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • FreeLibrary.KERNEL32(?,?,?,00007FF7E070C820,?,?,?,?,00007FF7E0704AAD,?,?,?,?,00007FF7E06FB788), ref: 00007FF7E070C1EB
                                                                                                    • GetProcAddress.KERNEL32(?,?,?,00007FF7E070C820,?,?,?,?,00007FF7E0704AAD,?,?,?,?,00007FF7E06FB788), ref: 00007FF7E070C1F7
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressFreeLibraryProc
                                                                                                    • String ID: api-ms-$ext-ms-$ios_base::failbit set
                                                                                                    • API String ID: 3013587201-4272397935
                                                                                                    • Opcode ID: 90ce76c3d5789e183d277d1c9b9ecc3a2879266a461235551c0db5cdac2e1d32
                                                                                                    • Instruction ID: 83f7e0137b362706a2e86cfd4aa1034ec326b16c92ea9a11ae4b8ad6083c6e43
                                                                                                    • Opcode Fuzzy Hash: 90ce76c3d5789e183d277d1c9b9ecc3a2879266a461235551c0db5cdac2e1d32
                                                                                                    • Instruction Fuzzy Hash: A2410171B1960291FE12AB169C043B5A396BF4CBE4F884637DD0D8B789DE3CF4618362
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06FC8C8 Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                    • String ID:
                                                                                                    • API String ID: 3058843127-0
                                                                                                    • Opcode ID: b9f438afba0401649940148789875f37fa25fc3ddfad57d9fea010e1fd8731c6
                                                                                                    • Instruction ID: 60b5c6151bdbd0666799e2d6259d9744e32f361b315f02145121099bc054fad6
                                                                                                    • Opcode Fuzzy Hash: b9f438afba0401649940148789875f37fa25fc3ddfad57d9fea010e1fd8731c6
                                                                                                    • Instruction Fuzzy Hash: F8315921A0854349FA40BF24D6123BAD292AF49798FC41137EA8D473D7CEBCB8258273
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E0708C18 Relevance: 4.5, APIs: 3, Instructions: 14COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                    • String ID:
                                                                                                    • API String ID: 1703294689-0
                                                                                                    • Opcode ID: 69820d1b6aa14f4cd529ff87106b00f14374be80dc92e6562831604f876a292e
                                                                                                    • Instruction ID: cea0e41e45048b557fa674b36671f03cfdcb092b0782ba6704a727d0447c3637
                                                                                                    • Opcode Fuzzy Hash: 69820d1b6aa14f4cd529ff87106b00f14374be80dc92e6562831604f876a292e
                                                                                                    • Instruction Fuzzy Hash: ADD09E20B1960652FE987B705C5537AA2217F4D745F84157AC89B063E3CDBDB86A8232
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E070CBA8 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: FileHandleType
                                                                                                    • String ID:
                                                                                                    • API String ID: 3000768030-0
                                                                                                    • Opcode ID: 4286f1c0d31b7823e1c077a77f67fe1494a7b09971722fc1b5ed72947fb83f15
                                                                                                    • Instruction ID: 847556ef3d83106b0b6d39ea38dd80f981fc07bfbef471287ee04023bf97e970
                                                                                                    • Opcode Fuzzy Hash: 4286f1c0d31b7823e1c077a77f67fe1494a7b09971722fc1b5ed72947fb83f15
                                                                                                    • Instruction Fuzzy Hash: B2316831A18B4551EF605B15D980279B650FB49BB4BA81336DB5E473E0CF38F4B1D362
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E0708B49 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                    • String ID:
                                                                                                    • API String ID: 3947729631-0
                                                                                                    • Opcode ID: 13d2b715926206afaca5db3d0266dd2789bd6b5ebdeaa94b62f7cffdfdefcb66
                                                                                                    • Instruction ID: 3a424183f776fe69f5ea894562fb40fb070ff4d4ff54a5b5dfd2f40f5e6a12cb
                                                                                                    • Opcode Fuzzy Hash: 13d2b715926206afaca5db3d0266dd2789bd6b5ebdeaa94b62f7cffdfdefcb66
                                                                                                    • Instruction Fuzzy Hash: 66218DB2A056018AEFA4AF64C8403BC73A0FB4831CF844636D69C06BC5DFB8E454CBA5
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E0712EA4 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                    • String ID:
                                                                                                    • API String ID: 3215553584-0
                                                                                                    • Opcode ID: 76c1d8289a632c5555ac3f4d244e84e2a89d35e61f60168d1cb1fbab7ef4d6a0
                                                                                                    • Instruction ID: 8fad739bd2b2e3bbc6de15e1e73d63bdd68fd46ea2bd53b17897acf26eec7a80
                                                                                                    • Opcode Fuzzy Hash: 76c1d8289a632c5555ac3f4d244e84e2a89d35e61f60168d1cb1fbab7ef4d6a0
                                                                                                    • Instruction Fuzzy Hash: A0116D72A2D64282EB10BF14A440669E3A4FF58780FC50536E68D577D6DF3CF8728B22
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E070BF44 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF7E070BB52,?,?,?,00007FF7E0705811,?,?,?,?,00007FF7E0710FAE,?,?,00000000), ref: 00007FF7E070BF99
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AllocateHeap
                                                                                                    • String ID:
                                                                                                    • API String ID: 1279760036-0
                                                                                                    • Opcode ID: 6379b2c65bd0b3b2ad55a001232f8e897d6bfc83adecff3030938788b245065b
                                                                                                    • Instruction ID: 0baf6bee6ee003431156461408ee901d692ce47dd26d0d2aa170941b4d957239
                                                                                                    • Opcode Fuzzy Hash: 6379b2c65bd0b3b2ad55a001232f8e897d6bfc83adecff3030938788b245065b
                                                                                                    • Instruction Fuzzy Hash: 7DF04954B1920352FE58B6619DA07B596906F9CB88FCC5632C90E873D1EE3CB6A04A32
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Non-executed Functions

                                                                                                    Function 00007FF7E06F5950 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 250commemoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: String$Free$Variant$AllocBlanketClearCreateInitInstanceProxy
                                                                                                    • String ID: 10.$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$Version$WQL
                                                                                                    • API String ID: 121300105-1391451428
                                                                                                    • Opcode ID: 4287cc933073fbf66d222fe55d1b0870b89548397402497fbe2d0d9785210a3a
                                                                                                    • Instruction ID: 8e9c205e3701b2e5fdd6e52ab1a3154fca9776fbcd1e1283c4bca5a8589feb33
                                                                                                    • Opcode Fuzzy Hash: 4287cc933073fbf66d222fe55d1b0870b89548397402497fbe2d0d9785210a3a
                                                                                                    • Instruction Fuzzy Hash: 86B16D32609B428AEB14EF30D490368B3A5FF48B48F444536DB4D57B94DF38E961D762
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E070EBEC Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                    • String ID:
                                                                                                    • API String ID: 3215553584-0
                                                                                                    • Opcode ID: e945abf026ddcfb20bf71390c4bc86717e187da024ff9f74110b7522c535ef87
                                                                                                    • Instruction ID: 3564ac059df8b12fa3b2b9abccef27c85e882f423e8a7f53067db4f6301db0be
                                                                                                    • Opcode Fuzzy Hash: e945abf026ddcfb20bf71390c4bc86717e187da024ff9f74110b7522c535ef87
                                                                                                    • Instruction Fuzzy Hash: 17C1A022A1868A55FF616B11D8443BEAB91FB897C8FC40232DA4D077D5CE7CF4748722
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E0714CCC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorLastNameTranslate$CodePageValidValue
                                                                                                    • String ID: utf8
                                                                                                    • API String ID: 1791977518-905460609
                                                                                                    • Opcode ID: 36a26457d1f9c02225d0b6437f8a570135b8742c890c7b7a0194f055b9aaf380
                                                                                                    • Instruction ID: 406773ad6fd34076f21b1fd19da50dc1912fd21382b97d62f5c0b9c777a4e46c
                                                                                                    • Opcode Fuzzy Hash: 36a26457d1f9c02225d0b6437f8a570135b8742c890c7b7a0194f055b9aaf380
                                                                                                    • Instruction Fuzzy Hash: 72915C72B0868285EF24AF21E4107B9A6A5FB48B84FC44132DA4C477C5DF3CF5A5C362
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E0702AA8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                    • String ID:
                                                                                                    • API String ID: 1239891234-0
                                                                                                    • Opcode ID: b1c8c8f8b375ac6f319b1b11e49860d25bec8279c134c21c3cb9df2fe06294b9
                                                                                                    • Instruction ID: 6de62301de22ac76e04ff4b5bb1c1b533b1a4917322c295ea26447eb64e282ba
                                                                                                    • Opcode Fuzzy Hash: b1c8c8f8b375ac6f319b1b11e49860d25bec8279c134c21c3cb9df2fe06294b9
                                                                                                    • Instruction Fuzzy Hash: D8316532618B8196DB60DF25E8443AEB3A5FB88758F900137EA8D43B94EF3CE556C711
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E07111E0 Relevance: .0, Instructions: 32COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 23ad451ad47c9280789075182ca75454652736b7409ccfcbfdc3738f6058a9d4
                                                                                                    • Instruction ID: c0889b9bc94e782fd88351865a5d2d51b8f2d5a290b89814d60ebd7f6c4fef7b
                                                                                                    • Opcode Fuzzy Hash: 23ad451ad47c9280789075182ca75454652736b7409ccfcbfdc3738f6058a9d4
                                                                                                    • Instruction Fuzzy Hash: 95F044F1B192558ADB949F38A4026297790F7483C0B90853AD5C983B08DA3CA4618F15
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06F5D20 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 293registrysleepCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$CloseConcurrency::cancel_current_taskCreateInstanceOpenSleepValue
                                                                                                    • String ID: DeviceState$FxSound Audio Enhancer$SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\
                                                                                                    • API String ID: 2776398970-4141637846
                                                                                                    • Opcode ID: 1ab0e312d252be52c08c94058e6ce984907a42243d809da510a881fa29a8dd14
                                                                                                    • Instruction ID: d712dd6e206a9ab5bdfe61f71cab833a9bf3b951eef93d853a249ddffa9ef8c7
                                                                                                    • Opcode Fuzzy Hash: 1ab0e312d252be52c08c94058e6ce984907a42243d809da510a881fa29a8dd14
                                                                                                    • Instruction Fuzzy Hash: 50C1A262F186428AEF10AF69D4053AC6362AB447A8F904333EE2D17BD9DE7CF551C351
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06F51F0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 275COMMON
                                                                                                    Download Yara Rule
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID: " /st 10:00 /f$Update scheduled!$schtasks /create /sc daily /tn "FxSound\Update" /tr "$updater.exe /silent
                                                                                                    • API String ID: 0-1398903112
                                                                                                    • Opcode ID: 6c1df07fcf038a025bb021b8500e1dc84086515086949eeea7b73094087dbed4
                                                                                                    • Instruction ID: a7fc8133bdb57eb7b1050fd4e32f72594e32aa7144c2bc88c06200ce48cc2055
                                                                                                    • Opcode Fuzzy Hash: 6c1df07fcf038a025bb021b8500e1dc84086515086949eeea7b73094087dbed4
                                                                                                    • Instruction Fuzzy Hash: 26C19062B1878189EB00EF64D4443ADA362FB457A8F904232EB6C07BE9DF7CE590C311
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E070AD2C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _invalid_parameter_noinfo
                                                                                                    • String ID: 0$f$p$p
                                                                                                    • API String ID: 3215553584-1202675169
                                                                                                    • Opcode ID: 7641c8648b7efcd30edb5bca624bfc67ce53e5304b06a8e13b3d4dd96697a68c
                                                                                                    • Instruction ID: e24577afbd1b5a9fd4ea4dcaadea9756afc4e687b5a50ba54a50e1750d3a3762
                                                                                                    • Opcode Fuzzy Hash: 7641c8648b7efcd30edb5bca624bfc67ce53e5304b06a8e13b3d4dd96697a68c
                                                                                                    • Instruction Fuzzy Hash: 6C129161E0814785FF247A14E86437AFA91FB58758FD44233E699467C4DF3CFAA08722
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06FFD48 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 318COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                    • String ID: csm$csm$csm
                                                                                                    • API String ID: 849930591-393685449
                                                                                                    • Opcode ID: ca4f61dff3b8fc280efab72020162da1ad8cbccf0416b3fc8cf581f48c58a58e
                                                                                                    • Instruction ID: a7783fd66b8ec113db1f035efe97f42f103b9ab71c9da06ab1eb2ca8292d4b0d
                                                                                                    • Opcode Fuzzy Hash: ca4f61dff3b8fc280efab72020162da1ad8cbccf0416b3fc8cf581f48c58a58e
                                                                                                    • Instruction Fuzzy Hash: 4CE1B772A087418AEB20AF65D8403ADB7A1FB49798F900236DE8D57755CF38F4A0C752
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06F61B0 Relevance: 12.4, APIs: 8, Instructions: 382comCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CreateInstance_invalid_parameter_noinfo_noreturn
                                                                                                    • String ID:
                                                                                                    • API String ID: 2179885484-0
                                                                                                    • Opcode ID: d93ed6c9676b63b4b319c6182a98a12869c31be6ea6884b18b9bca695c5a07ca
                                                                                                    • Instruction ID: 3c0ce73c565967cc5c50d8147f6c7b82c870f1d9bfb7f5335b65a3975dc3a9d0
                                                                                                    • Opcode Fuzzy Hash: d93ed6c9676b63b4b319c6182a98a12869c31be6ea6884b18b9bca695c5a07ca
                                                                                                    • Instruction Fuzzy Hash: E9F18462B04B8689EF10AF65D4443AD6362FB44BA8F904236EE6D177D9DF7CE4A0C311
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06F6270 Relevance: 10.9, APIs: 7, Instructions: 384comCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _invalid_parameter_noinfo_noreturn$ClearCreateInstancePropVariant
                                                                                                    • String ID:
                                                                                                    • API String ID: 1364504209-0
                                                                                                    • Opcode ID: 666a723333afe2dcd93cd6ebccdbaab6ad92268da4100d7eeb55d9a170064dad
                                                                                                    • Instruction ID: 1dcc6032f2e9f3e43b316d5bac8ce30608ce07e68cbdd8026d53fdb02155204f
                                                                                                    • Opcode Fuzzy Hash: 666a723333afe2dcd93cd6ebccdbaab6ad92268da4100d7eeb55d9a170064dad
                                                                                                    • Instruction Fuzzy Hash: 1F029062B04B4689EF00AF65D4443ADA372FB44BA8F904236EE6C57BD9DF78E094C311
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E070B978 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Value$ErrorLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 2506987500-0
                                                                                                    • Opcode ID: fb4e550bf99a22131a26c2a4006765fdec2468d1ba92cb98c5d9e0e2d07275e0
                                                                                                    • Instruction ID: b017e51f74e266bf58fcd697967e4d42bafab5ab4046d40d813c43d8d879dbb8
                                                                                                    • Opcode Fuzzy Hash: fb4e550bf99a22131a26c2a4006765fdec2468d1ba92cb98c5d9e0e2d07275e0
                                                                                                    • Instruction Fuzzy Hash: 0F216A20A1864282FE5877319A61339E981BF4C7A8FD44B36E92E467C6DE3CB5214232
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E071722C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                    • String ID: CONOUT$
                                                                                                    • API String ID: 3230265001-3130406586
                                                                                                    • Opcode ID: c056c7e5a93971e588737a7e7096c3cdc855db5ca779e6adab342eed491a0c4a
                                                                                                    • Instruction ID: d63dbe2e01c9c218c9f6f1827f0c0be37be6cb889d02762989cb9cc9daaebf1d
                                                                                                    • Opcode Fuzzy Hash: c056c7e5a93971e588737a7e7096c3cdc855db5ca779e6adab342eed491a0c4a
                                                                                                    • Instruction Fuzzy Hash: EF11B921B18B4286EB509B56E844325E2B0FB5CFE4F844236E91D877D4CF7CE865C751
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06FC1A0 Relevance: 9.2, APIs: 6, Instructions: 200COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiStringWide
                                                                                                    • String ID:
                                                                                                    • API String ID: 2829165498-0
                                                                                                    • Opcode ID: 38bd61bef191184f734a909da2f32b7306bcb79d2b8c5594b038505220876b37
                                                                                                    • Instruction ID: 71cd28613033614211c7263e7b8f8f1c19eee8699638a3fa20d0aaa2744d3f63
                                                                                                    • Opcode Fuzzy Hash: 38bd61bef191184f734a909da2f32b7306bcb79d2b8c5594b038505220876b37
                                                                                                    • Instruction Fuzzy Hash: 8D81AF32A087428AEB209F25A550379B2D2FF45BA8F844636EA5D17BC8DF3CE4158721
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06F9BE8 Relevance: 9.1, APIs: 6, Instructions: 81COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                    • String ID:
                                                                                                    • API String ID: 2081738530-0
                                                                                                    • Opcode ID: 25b88cca3772fad18d3be151d16eb436910067b57649ac8224c2d7cf50bf3e19
                                                                                                    • Instruction ID: 0ed5a33095aa1f4eb12a64fd8fc0277a529fab3549ae4e93f3598834a822c32f
                                                                                                    • Opcode Fuzzy Hash: 25b88cca3772fad18d3be151d16eb436910067b57649ac8224c2d7cf50bf3e19
                                                                                                    • Instruction Fuzzy Hash: 99318865A0864284EB15BF26E440379E3A3EB44794F980133DE5D477A5DE7CF862C332
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E0700220 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 317COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                    • String ID: csm$csm$csm
                                                                                                    • API String ID: 3523768491-393685449
                                                                                                    • Opcode ID: a241bea0d555bf563b67b28f604847d48eec0c189418ebd67fcfc27d62fe9f6a
                                                                                                    • Instruction ID: 0739be02892ead9874e8f19d4736c824c2b194326427a495c18cf701c58e5e87
                                                                                                    • Opcode Fuzzy Hash: a241bea0d555bf563b67b28f604847d48eec0c189418ebd67fcfc27d62fe9f6a
                                                                                                    • Instruction Fuzzy Hash: B0E1B3339087818AEB10AF78D8403ADB7A2FB49758F500236DA8D57795DF38F5A1C752
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E070BAF0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetLastError.KERNEL32(?,?,?,00007FF7E0705811,?,?,?,?,00007FF7E0710FAE,?,?,00000000,00007FF7E07159DF,?,?,?), ref: 00007FF7E070BAFF
                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7E0705811,?,?,?,?,00007FF7E0710FAE,?,?,00000000,00007FF7E07159DF,?,?,?), ref: 00007FF7E070BB35
                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7E0705811,?,?,?,?,00007FF7E0710FAE,?,?,00000000,00007FF7E07159DF,?,?,?), ref: 00007FF7E070BB62
                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7E0705811,?,?,?,?,00007FF7E0710FAE,?,?,00000000,00007FF7E07159DF,?,?,?), ref: 00007FF7E070BB73
                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7E0705811,?,?,?,?,00007FF7E0710FAE,?,?,00000000,00007FF7E07159DF,?,?,?), ref: 00007FF7E070BB84
                                                                                                    • SetLastError.KERNEL32(?,?,?,00007FF7E0705811,?,?,?,?,00007FF7E0710FAE,?,?,00000000,00007FF7E07159DF,?,?,?), ref: 00007FF7E070BB9F
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Value$ErrorLast
                                                                                                    • String ID:
                                                                                                    • API String ID: 2506987500-0
                                                                                                    • Opcode ID: 850620a25cc186c6d5aa04b06bd85e6e95a09bee33cab364583ca0caa063847f
                                                                                                    • Instruction ID: 694c9ce0ce07ff1aa0958b578ff9e3df88084ebd0059dac636bc8f0f24ef30e9
                                                                                                    • Opcode Fuzzy Hash: 850620a25cc186c6d5aa04b06bd85e6e95a09bee33cab364583ca0caa063847f
                                                                                                    • Instruction Fuzzy Hash: B8113B61A0864282FE5477319D66339EA81BF4C7A8FD40736E82E467DADE3CB5214232
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06F79A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 198COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
                                                                                                    • String ID: vector too long
                                                                                                    • API String ID: 73155330-2873823879
                                                                                                    • Opcode ID: 344f6a62dd7d7d4e5c57b7df5badfd375c5a814b808239213295afc975ef631f
                                                                                                    • Instruction ID: 038b316ee465ab1181f4c3cf7642f3af295ce266b6b4801b3b1d8cf36f3f7ec9
                                                                                                    • Opcode Fuzzy Hash: 344f6a62dd7d7d4e5c57b7df5badfd375c5a814b808239213295afc975ef631f
                                                                                                    • Instruction Fuzzy Hash: 9E61E12270968648EE14BF1695443BCA293AB04BE0F880B32DE6D0B7D5DE7CF5A18311
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E0708C7C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                    • Opcode ID: e2801b8962c173120b6250a09cd05782673051676052e0d3477918a418d61920
                                                                                                    • Instruction ID: 16dc946c1fb1b8bcdf241ad8c29ebe13d1aedea3e2ce86fea4a7918a28a2526a
                                                                                                    • Opcode Fuzzy Hash: e2801b8962c173120b6250a09cd05782673051676052e0d3477918a418d61920
                                                                                                    • Instruction Fuzzy Hash: D6F0AF21A0960681FE10AB20A84437AA370BF4C7A4F94033ACAAE053E4CF3CF5598332
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06F9460 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ByteCharMultiWide$AllocString
                                                                                                    • String ID:
                                                                                                    • API String ID: 262959230-0
                                                                                                    • Opcode ID: bf7c9dc0997b71d2ad92a24002422879e1bb65315cf06abf4bc1308abdba6b8b
                                                                                                    • Instruction ID: a74f3f529ae373ef8be39c41c78f6d2d02a3950047961076bf8ca7801730fb45
                                                                                                    • Opcode Fuzzy Hash: bf7c9dc0997b71d2ad92a24002422879e1bb65315cf06abf4bc1308abdba6b8b
                                                                                                    • Instruction Fuzzy Hash: 2141C421A0864689FB15AF7594003B9A393FF08BA8F944636EA6D477D5DE3CF4628331
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E0716374 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: _set_statfp
                                                                                                    • String ID:
                                                                                                    • API String ID: 1156100317-0
                                                                                                    • Opcode ID: 2ffb4cd4f7d9e36cf2b63db92282a9528ee9d22ad656a8471120c4c59ac44d49
                                                                                                    • Instruction ID: af175dd9493b944e23a6e4e749c118871cc01db178ae25ef0ed273576867131f
                                                                                                    • Opcode Fuzzy Hash: 2ffb4cd4f7d9e36cf2b63db92282a9528ee9d22ad656a8471120c4c59ac44d49
                                                                                                    • Instruction Fuzzy Hash: 8011E023E1CA1301FEA43568E44A3799040AF5C374FC80277EA7E463E78E7CB8624223
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E070BBB8 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • FlsGetValue.KERNEL32(?,?,?,00007FF7E0702A37,?,?,00000000,00007FF7E0702CD2,?,?,?,?,?,00007FF7E0702C5E), ref: 00007FF7E070BBD7
                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7E0702A37,?,?,00000000,00007FF7E0702CD2,?,?,?,?,?,00007FF7E0702C5E), ref: 00007FF7E070BBF6
                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7E0702A37,?,?,00000000,00007FF7E0702CD2,?,?,?,?,?,00007FF7E0702C5E), ref: 00007FF7E070BC1E
                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7E0702A37,?,?,00000000,00007FF7E0702CD2,?,?,?,?,?,00007FF7E0702C5E), ref: 00007FF7E070BC2F
                                                                                                    • FlsSetValue.KERNEL32(?,?,?,00007FF7E0702A37,?,?,00000000,00007FF7E0702CD2,?,?,?,?,?,00007FF7E0702C5E), ref: 00007FF7E070BC40
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Value
                                                                                                    • String ID:
                                                                                                    • API String ID: 3702945584-0
                                                                                                    • Opcode ID: 059dc9fd2d32d1d8938a86f0bb982eebb3fd52d546959566c0048c4ebc7d0a44
                                                                                                    • Instruction ID: 1bc8c9bf9da15e50966bb53fa7426b2fc36e5051615d3bc56eebdfea04bff43f
                                                                                                    • Opcode Fuzzy Hash: 059dc9fd2d32d1d8938a86f0bb982eebb3fd52d546959566c0048c4ebc7d0a44
                                                                                                    • Instruction Fuzzy Hash: 11115E50A0864241FE587335ADA137AA981BF4C7A8FC45736E82D467D5DE3CB5614232
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E070BA4C Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: Value
                                                                                                    • String ID:
                                                                                                    • API String ID: 3702945584-0
                                                                                                    • Opcode ID: 5a9e4bac08b1be5f503661beccdcab3b4cde65c0739c0026db715b3f24f3a7cd
                                                                                                    • Instruction ID: c9043498f48125857ad473f4947bad51f46c3af4753ef1a8ac5051977c56d0a3
                                                                                                    • Opcode Fuzzy Hash: 5a9e4bac08b1be5f503661beccdcab3b4cde65c0739c0026db715b3f24f3a7cd
                                                                                                    • Instruction Fuzzy Hash: 0811C590B0824741FD58B3719C6237A9981BF5D368ED85736E93E4A3C2DE3CBA614233
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E0700938 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: CallEncodePointerTranslator
                                                                                                    • String ID: MOC$RCC
                                                                                                    • API String ID: 3544855599-2084237596
                                                                                                    • Opcode ID: 45c4e34ea31391c9bb8b02ac6a98fa332e9bed55f89d90ca25ba3f251d741e92
                                                                                                    • Instruction ID: 4983962fec613832e67ddfbdbefc392ce6e0c18f618109c987c397849b913961
                                                                                                    • Opcode Fuzzy Hash: 45c4e34ea31391c9bb8b02ac6a98fa332e9bed55f89d90ca25ba3f251d741e92
                                                                                                    • Instruction Fuzzy Hash: 4291B073A087858AEB10DFA5D8403ADBBA1F70879CF50422AEE8D57754DF38E1A1C711
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06F9E14 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn__std_exception_copy
                                                                                                    • String ID: bad locale name
                                                                                                    • API String ID: 2575539487-1405518554
                                                                                                    • Opcode ID: 4abf526b639ac6ea22c817c47533857365642cc31ec0e510a186371400347c3d
                                                                                                    • Instruction ID: 82037afa0d03a223dff29da07d4cc0e19cc9417118cb4b8d751ba6b1651ae76e
                                                                                                    • Opcode Fuzzy Hash: 4abf526b639ac6ea22c817c47533857365642cc31ec0e510a186371400347c3d
                                                                                                    • Instruction Fuzzy Hash: A111E922605B81C9DB45EF75E44029873A6EB58B44B585136DB8C4735AEF38E5F4C312
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E070D9E0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E070D980), ref: 00007FF7E070DB03
                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7E070D980), ref: 00007FF7E070DB8D
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ConsoleErrorLastMode
                                                                                                    • String ID:
                                                                                                    • API String ID: 953036326-0
                                                                                                    • Opcode ID: 1e6cc54a878dc36fb54de9a964a7e3c3d195cfbd839d7535b114edb649fc7176
                                                                                                    • Instruction ID: fe4ebcbca391552967cd7db2bf3c924425ce90a9853646a09311dc5da3d3970b
                                                                                                    • Opcode Fuzzy Hash: 1e6cc54a878dc36fb54de9a964a7e3c3d195cfbd839d7535b114edb649fc7176
                                                                                                    • Instruction Fuzzy Hash: 3091B562A1875289FF50AB6598403BEB7A0FB0879CF844237DD4E53794DE78F861C322
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E07084A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7E07084D2
                                                                                                      • Part of subcall function 00007FF7E070BEA8: HeapFree.KERNEL32(?,?,0236E42583480000,00007FF7E0713A9A,?,?,?,00007FF7E0713E17,?,?,00000000,00007FF7E0714360,?,?,00007FF7E070AB22,00007FF7E0714293), ref: 00007FF7E070BEBE
                                                                                                      • Part of subcall function 00007FF7E070BEA8: GetLastError.KERNEL32(?,?,0236E42583480000,00007FF7E0713A9A,?,?,?,00007FF7E0713E17,?,?,00000000,00007FF7E0714360,?,?,00007FF7E070AB22,00007FF7E0714293), ref: 00007FF7E070BEC8
                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF7E06FC839), ref: 00007FF7E07084F0
                                                                                                    Strings
                                                                                                    • C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe, xrefs: 00007FF7E07084DE
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                    • String ID: C:\Program Files\FxSound LLC\FxSound\Drivers\win10\x64\fxdevcon64.exe
                                                                                                    • API String ID: 3580290477-3631637693
                                                                                                    • Opcode ID: 18a2ff2341f3d6128a1b7c13e65fc5da732e727ac7582aeb1bb9bcddbd8779e6
                                                                                                    • Instruction ID: 5ce0ca7caa72e0dc89f245c472212e6037a90ba0788d99182fcf73f3e3b64906
                                                                                                    • Opcode Fuzzy Hash: 18a2ff2341f3d6128a1b7c13e65fc5da732e727ac7582aeb1bb9bcddbd8779e6
                                                                                                    • Instruction Fuzzy Hash: 73416272A08B1286EF54EF219C502B9A794FB487C8B944137EE4D47785DF7CF4618721
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%

                                                                                                    Function 00007FF7E06FE350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                    Download Yara Rule
                                                                                                    APIs
                                                                                                    • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E06F9946), ref: 00007FF7E06FE394
                                                                                                    • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF7E06F9946), ref: 00007FF7E06FE3DA
                                                                                                    Strings
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000006.00000002.1727733509.00007FF7E06F1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF7E06F0000, based on PE: true
                                                                                                    • Associated: 00000006.00000002.1727719717.00007FF7E06F0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727759501.00007FF7E0719000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727781123.00007FF7E072C000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                    • Associated: 00000006.00000002.1727793912.00007FF7E072F000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_6_2_7ff7e06f0000_fxdevcon64.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: ExceptionFileHeaderRaise
                                                                                                    • String ID: csm
                                                                                                    • API String ID: 2573137834-1018135373
                                                                                                    • Opcode ID: fab7ff32eb11efe1b8ddc5ac539c5f4c1b687a5b802cc3f22dfa6d35eb09f5ad
                                                                                                    • Instruction ID: 2480ec6d110b6f4a5f70ca88414e6f5429fbef02f646a367c89660deea44cb58
                                                                                                    • Opcode Fuzzy Hash: fab7ff32eb11efe1b8ddc5ac539c5f4c1b687a5b802cc3f22dfa6d35eb09f5ad
                                                                                                    • Instruction Fuzzy Hash: 0D114F32A08B4182EB119F15F544369BBA5FB88B84F584232DE8D07B98DF3CE961CB01
                                                                                                    Uniqueness

                                                                                                    Uniqueness Score: -1.00%