Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setup_CodecInstaller_full.exe

Overview

General Information

Sample name:setup_CodecInstaller_full.exe
Analysis ID:1447786
MD5:171b409b3248772cc366d31a44aed9f6
SHA1:7f9d938717e1056c59a9e9afa958253fc95b4a27
SHA256:6ae9662200adb0543d626774c9461e51ee484005251fc34f132ae7ae58b132c7
Infos:

Detection

EICAR
Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected EICAR
Creates an undocumented autostart registry key
Disables DEP (Data Execution Prevention) for certain images
Machine Learning detection for dropped file
Tries to delay execution (extensive OutputDebugStringW loop)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Whitelists domains for ActiveX usage
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Changes the start page of internet explorer
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
May infect USB drives
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Common Autorun Keys Modification
Sigma detected: Internet Explorer Autorun Keys Modification
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • setup_CodecInstaller_full.exe (PID: 6700 cmdline: "C:\Users\user\Desktop\setup_CodecInstaller_full.exe" MD5: 171B409B3248772CC366D31A44AED9F6)
    • CrawlerSetup12.exe (PID: 7428 cmdline: "C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe" /NORESTART /verysilent MD5: 3AFF13BDB88B4D57D41DC605A18738C9)
      • CrawlerSetup12.tmp (PID: 7492 cmdline: "C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp" /SL5="$304AA,2431449,71680,C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe" /NORESTART /verysilent MD5: DFB7304D96F8F1C29FDA2748779663D7)
        • CToolbar.exe (PID: 7764 cmdline: "C:\Program Files (x86)\Crawler\CToolbar.exe" /REGSVR MD5: EC506EE0F7F493C09DEFC911CAEDFD08)
    • CodecInstaller.exe (PID: 7556 cmdline: "C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe" MD5: 0A7C0374DA795E987E1F490B495B82F5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Crawler\is-AVISQ.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\Program Files (x86)\Crawler\is-4A847.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Program Files (x86)\Crawler\is-ADSTV.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Program Files (x86)\JockerSoft\CodecInstaller\TrIDDefs.TRDJoeSecurity_EICARYara detected EICARJoe Security
            Click to see the 1 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                5.0.CodecInstaller.exe.f0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                  7.0.CToolbar.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Common Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split), wagga (name): Data: Details: tbr, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Crawler\CToolbar.exe, ProcessId: 7764, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr\(Default)
                    Sigma detected: Internet Explorer Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Crawler\CToolbar.exe, ProcessId: 7764, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
                    Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: none, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Crawler\CToolbar.exe, ProcessId: 7764, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\(Default)

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for dropped file
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeAvira: detection malicious, Label: PUA/Crawler.Gen
                    Multi AV Scanner detection for dropped file
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exe (copy)ReversingLabs: Detection: 21%
                    Source: C:\Program Files (x86)\Crawler\ctbr.dll (copy)ReversingLabs: Detection: 25%
                    Source: C:\Program Files (x86)\Crawler\is-4A847.tmpReversingLabs: Detection: 25%
                    Source: C:\Program Files (x86)\Crawler\is-ADSTV.tmpReversingLabs: Detection: 21%
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeReversingLabs: Detection: 29%
                    Multi AV Scanner detection for submitted file
                    Source: setup_CodecInstaller_full.exeVirustotal: Detection: 31%Perma Link
                    Source: setup_CodecInstaller_full.exeReversingLabs: Detection: 37%
                    Machine Learning detection for dropped file
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeJoe Sandbox ML: detected
                    Source: setup_CodecInstaller_full.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeWindow detected: < &Back&Next >Cancel License AgreementPlease review the license terms before installing CodecInstaller 2.10.4.Press Page Down to see the rest of the agreement.COPYRIGHT NOTICEPermission is granted free of charge to any person (the "User") obtaining a copy of this software and associated documentation files (the "Software") to deal in the Software with the rights to use copy publish distribute and to permit persons to whom the Software is furnished to do so provided that:1) the above copyright notice(s) and this permission notice appear in all copies of the Software and that both the above copyright notice(s)2) this permission notice appear in supporting documentation3) the Software is not used for commercial purposes or commercial environments4) no money is asked to redistribute the softwareThe only exception to the 4th rule is that the Software can be freely included in cover CD/DVD distributed with PC magazinesAll other rights including decompilation modification and merging of the Software are reserved.For other uses not covered by this license or for commercial licensing please contact the author.THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.PRIVACY POLICYThe full text of the privacy policy is available athttp://www.jockersoft.com/privacy.htmlIn short:This software may incorporate a module that will send error reports to jockersoft.com website to let us fix the errors and provide better programs to our users. The user can avoid sending the error report by unchecking the "Send error report" field. The error report contains the error message and the program name. It may also contain an installation ID that will let us distinguish multiple error submissions from the same application. This installation ID is a randomly generated number and is not correlated with information about individual users.No other data is collected.TERMS OF USE of jockersoft.com websiteThe full text of the Terms of Use of jockersoft.com website is available athttp://www.jockersoft.com/ToU.htmlIf you accept the terms of the agreement click the check box below. You must accept the agreement to install CodecInstaller 2.10.4. Click Next to continue.I &accept the terms in the License Agreement
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\license.txtJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\README.txtJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dllJump to behavior
                    Source: Binary string: v:\tb5\ctipsdef\Release\ctipsdef.pdb source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr
                    Source: Binary string: Extract: CodecInstaller.pdb source: setup_CodecInstaller_full.exe, 00000000.00000002.1867010508.000000000063D000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: CodecInstaller.pdb source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, setup_CodecInstaller_full.exe, 00000000.00000003.1865720129.0000000000664000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: Marco PontelloREM 7Symbol Table / Debug info used by Microsoft's compilersRURLNhttp://msdn.microsoft.com/library/en-us/vsdebug/html/_core_The_..PDB_Files.aspFNUM source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: v:\tb5\ctipsdef\Release\ctipsdef.pdb@ source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr
                    Source: Binary string: \enApp.icoaudiohex.txtAUTORUN.INFcodecDatabaseCodecInstaller.pdbfilterdatalib.dll source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, setup_CodecInstaller_full.exe, 00000000.00000003.1865720129.0000000000664000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: http://msdn.microsoft.com/library/en-us/vsdebug/html/_core_The_..PDB_Files.aspFNUM source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmp
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AUTORUN.INF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \enApp.icoaudiohex.txtAUTORUN.INFcodecDatabaseCodecInstaller.pdbfilterdatalib.dll
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0x0000~unknown~unknown~unknown0[autorun]
                    Source: setup_CodecInstaller_full.exe, 00000000.00000003.1865435771.0000000000683000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Extract: AUTORUN.INF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000003.1865720129.0000000000664000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AUTORUN.INF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000003.1865720129.0000000000664000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \enApp.icoaudiohex.txtAUTORUN.INFcodecDatabaseCodecInstaller.pdbfilterdatalib.dll
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Autorun.inf fileEXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867121919.0000000000683000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Extract: AUTORUN.INF
                    Source: AUTORUN.INF.0.drBinary or memory string: [autorun]
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_00405D7C FindFirstFileA,FindClose,0_2_00405D7C
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_004053AA CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004053AA
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_00402630 FindFirstFileA,0_2_00402630
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\Jump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\crawler.iniJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\Jump to behavior

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 5.0.CodecInstaller.exe.f0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe, type: DROPPED
                    Source: global trafficHTTP traffic detected: GET /versionchecker/checker2.php?app=codecinstaller&version=2.10.4.0 HTTP/1.1Host: www.jockersoft.comConnection: Keep-Alive
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /versionchecker/checker2.php?app=codecinstaller&version=2.10.4.0 HTTP/1.1Host: www.jockersoft.comConnection: Keep-Alive
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: holger_burghardt (AT) yahoo.comHOME&http://www.geocities/holger_burghardt/DEF equals www.yahoo.com (Yahoo)
                    Source: global trafficDNS traffic detected: DNS query: www.jockersoft.com
                    Source: is-ADSTV.tmp.4.dr, language.ini.7.drString found in binary or memory: ftp://www.domain.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://216.218.220.254/eng/utilities.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acritum.com/peFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://addonstudio.codeplex.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://adplug.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://advsys.net/ken/utils.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://alexandru.mosoi.googlepages.com/chileFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aluigi.org/papers.htm#quickbmsFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amber.rc.arizona.edu/lw/normalmaps.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aminet.net/package/dev/misc/IFF-RGFXFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://andercheran.aiind.upv.es/~amstrad/docs/cprdef.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://andercheran.aiind.upv.es/~amstrad/docs/dsk.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://andercheran.aiind.upv.es/~amstrad/docs/extdsk.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apple2.org.za/gswv/a2zine/Docs/DiskImage_2MG_Info.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apple2.tffenterprises.com/apple2/binscii.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002950000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://apptransteam.extra.hu
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://archive.digidesign.com/support/tips/xnames.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://artisticsoftware.com/artborders.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://atmp.sourceforge.net/library/rtm.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://audacity.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://audacity.sourceforge.net/nyquist.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://audacity.sourceforge.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://audition.playpark.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auk2000.co.uk/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auk2000.co.uk/upgrade/support_mac.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://autopano.kolor.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://axcrypt.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bayden.com/slickrun/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bcrunch.online.fr/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bellard.org/tcc/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://betov.free.fr/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://biew.sourceforge.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blogs.msdn.com/jmstall/archive/2006/11/07/binary-diff.aspxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blogs.technet.com/netmon/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bmf.wz.czFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://brainled.iamyourhost.com/download_alfawave.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bricksviewer.sourceforge.net/lxf.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bridgecontest.usma.eduFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://bt747.wiki.sourceforge.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://byob.berkeley.edu/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ccc-cymru.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ccc-cymru.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ccc-cymru.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ccc-cymru.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cellphones.about.com/od/cellularfaqs/f/rf_imelody.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cellscience.bio-rad.com/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/GetXML?CU=%cfg_cu%
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/GetXML?CU=%cfg_cu%:0d=
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023AC000.00000004.00001000.00020000.00000000.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/SetCursorDwnlLog?CursorID=%currentcursor%&TbId=%tb_id%&TUID=%t
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023AC000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/SetCursorDwnlLog?CursorID=%currentcursor&TbId=%tb_id%&TUID=%tu
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023A5000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/SetSkinDwnlLog?SkinID=%currentskin%&TbId=%tb_id%&TUID=%tuid%
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023A5000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/SetSkinDwnlLog?SkinID=%currentskin%&TbId=%tb_id%&TUID=%tuid%Q
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/UID2Info?UID=%key%
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031DD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/UID2Info?UID=%key%8
                    Source: CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/UID2Info?UID=%key%H
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/UID2Info?UID=%key%U
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023BA000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/getCursor?CursorID=%currentcursor%
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023BA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/getCursor?CursorID=%currentcursor%.u
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023E4000.00000004.00001000.00020000.00000000.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_config.asmx/getSkin?SkinID=%currentskin%
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023BA000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002408000.00000004.00001000.00020000.00000000.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_confirm.asmx/GetXML?TbId=%tb_id%&TUID=%ihash%&Action_Type=INCRWTP&Result_C
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002408000.00000004.00001000.00020000.00000000.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_confirm.asmx/GetXML?TbId=%tb_id%&TUID=%ihash%&Action_Type=UNCRWTP&Result_C
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002376000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_confirm.asmx/GetXMLInst?TbId=%tb_id%&TUID=%ihash%&Action_Type=INCRWTP&Resu
                    Source: CToolbar.exe, 00000007.00000003.1920075576.000000000238F000.00000004.00001000.00020000.00000000.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://cfg.crawler.com/cr_confirm.asmx/GetXMLInst?TbId=%tb_id%&TUID=%ihash%&Action_Type=SRCH&Result_
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ch2r.com/wiki/.xzpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://chamsys.co.uk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://chdk.wikia.com/wiki/CHDKFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://china.eastview.com/kns50/single_index.aspxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://city.reallusion.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://classic.winamp.com/pluginsFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://classic.winamp.com/skinsFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=100143.10000001&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=113245.10000150&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=113676.10000008&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=115126.10000006&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=20738.10000001&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=47092.10000003&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=53196.10000011&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=57189.10000005&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=57302.10000004&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=61066.10000150&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=63155.10000003&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=6449.10000018&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=66478.10000039&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=78154.10000007&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=85078.10000288&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=85515.10000013&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=86036.10000044&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=90206.10000001&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=96200.10000001&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=96368.10000003&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=97632.10000027&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=97888.5&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=99238.10000005&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=99970.10000012&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=hAOCrHgMamc&offerid=176538.10000004&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=hAOCrHgMamc&offerid=181836.10000005&type=3&subid=0&u1=C
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/click?id=hAOCrHgMamc&offerid=199428.10000005&type=3&subid=0&u1=C
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/stat?id=OEteVqYv4Mw&offerid=4201&type=3&subid=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://click.linksynergy.com/fs-bin/stat?id=OEteVqYv4Mw&offerid=7097.10000025&type=3&subid=0
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cml.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/androidFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/apis/publicdata/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/grafx2/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/ndephp/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/pyscripter/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/showmiiwads/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/tinke/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/speed/webp/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://collada.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cosmigo.com/promotion/index.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cs.fit.edu/~mmahoney/compression/#lpaqFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cs.fit.edu/~mmahoney/compression/#sr2FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cs.fit.edu/~mmahoney/compression/#zpaqFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csdsoft.com/josescied.htmFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://cursors.funutilities.com/?&scat=01
                    Source: is-AVISQ.tmp.4.drString found in binary or memory: http://cursors.funutilities.com/?&scat=01&TbId=%tb_id%
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023DD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cursors.funutilities.com/?&scat=01&TbId=%tb_id%b_id%
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://cursors.funutilities.com/cursors/01/Cursors.html
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023E4000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://cursors.funutilities.com/cursors/local.aspx?TbId=%tb_id%
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cvs.sourceforge.net/viewcvs.py/sox/sox/wve.c?rev=1.23FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://darchiver.narod.ru/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://darksoftware.narod.ru/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://darksoftware.narod.ru/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://darksoftware.narod.ru/tcpluginsen.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://darkstar.tabu.uni-bonn.de/~neo/tfmx/tfmx-format.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://datalinkwristapps.free.fr/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dcmo6.free.fr/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://debin.org/zzip/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://delphi.pjh2.de/articles/graphic/sff_format.phpFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031A6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031F3000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://demo.crawler.com/presentation.aspx
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031F3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://demo.crawler.com/presentation.aspxI5
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://demo.crawler.com/presentation.aspxU
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://desktop.google.com/plugins/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://desktop.google.com/plugins/sidebar/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://desmume.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dev.aol.com/article/2007/winamp_skinsFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.apple.com/applescript/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.apple.com/audio/coreaudio.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.apple.com/documentation/AppleScript/Conceptual/StudioBuildingApps/chapter12/chapter
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.apple.com/documentation/GraphicsImaging/Conceptual/QuartzComposer/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.apple.com/documentation/QuickTime/INMAC/SOUND/imsoundmgr.30.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.apple.com/technotes/tn/tn1142.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.apple.com/tools/interfacebuilder/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.download.nvidia.com/tools/NVSGFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.garmin.com/schemas/tcx/v2/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.valvesoftware.com/wiki/StudiomdlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.valvesoftware.com/wiki/Valve_Texture_FormatFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://directshownet.sourceforge.net/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://distractionware.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dldi.drunkencoders.com/index.php?title=Main_PageFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dmoz.org/Computers/Systems/Handhelds/Sharp/Wizard/FNUM
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.coQ
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://dnl.crawler.com/Dnl/config/299/CrawlerSmileys.exe
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031CF000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/Help/
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/Help/1
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://dnl.crawler.com/Support/cr_uninstall.aspx
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/Support/cr_uninstall.aspx0d=
                    Source: CToolbar.exe, 00000007.00000003.1918911472.000000000316C000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031B4000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.000000000315D000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/cr_confirm.asmx/GetXMLInst?TbId=%tb_id&TUID=%tuid_hash&Action_type=%action&Re
                    Source: CrawlerSetup12.exe, 00000002.00000003.1834806594.0000000002350000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000003.1891634793.000000000227C000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000003.1883871236.000000000220C000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000002.1928040294.000000000223F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/dnl/
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.000000000223F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/dnl/Config/77
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/1/CMail.cab
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/dnl/config/1/CMail.cabb_id%
                    Source: is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/250/CMail.cab
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/250/CrawlerNotes_Setup.exe
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/250/CrawlerRadio_Setup.exe
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/250/CrawlerScreenSaver.exe
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/250/CrawlerScreensaver.exe
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/250/CrawlerSmileys.exe
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/250/CrawlerWeather_Setup.exe
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/250/Funball_Setup.exe
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/250/OVsetup.exe
                    Source: is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/250/WebSecurityGuard.cab
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/250/crssread.cab
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://dnl.crawler.com/dnl/config/77/ctupd.cab
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/dnl/config/77/ctupd.cab0d=
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023DD000.00000004.00001000.00020000.00000000.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://dnl.crawler.com/support/bubble.aspx?t=TABS
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031DD000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/support/bubble2.aspx?t=F3&%language
                    Source: CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/support/bubble2.aspx?t=F3&%languagecom
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023BA000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002408000.00000004.00001000.00020000.00000000.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://dnl.crawler.com/support/cr5_dnl_all.aspx?down_first=%DOWN_FIRST%&down_next=%DOWN_NEXT%&down_a
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023BA000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002408000.00000004.00001000.00020000.00000000.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://dnl.crawler.com/support/cr5_dnl_basic.aspx?down_first=%DOWN_FIRST%&down_next=%DOWN_NEXT%&down
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023B3000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://dnl.crawler.com/support/cr_dnl_all.aspx?down_first=%DOWN_FIRST%&down_next=%DOWN_NEXT%&down_al
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023BA000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002408000.00000004.00001000.00020000.00000000.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://dnl.crawler.com/support/cr_dnl_basic.aspx?down_first=%DOWN_FIRST%&down_next=%DOWN_NEXT%&down_
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000239E000.00000004.00001000.00020000.00000000.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://dnl.crawler.com/support/cr_uninstall_reboot.aspx?tbid=%tb_id%&TUID=%ihash%
                    Source: CToolbar.exe, 00000007.00000003.1920075576.000000000239E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/support/cr_uninstall_reboot.aspx?tbid=%tb_id%&TUID=%ihash%Q
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://dnl.crawler.com/support/options.aspx?tbid=%tb_id%
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://dnl.crawler.com/support/promote.aspx?t=SM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://dnl.crawler.com/support/promote.aspx?t=SM&lng=%lng
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031A6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://dnl.crawler.com/support/sa_customize.aspx?TbId=%tb_id
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/support/sa_customize.aspx?TbId=%tb_id//www.
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/support/sa_customize.aspx?TbId=%tb_id08=1
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/support/sa_customize.aspx?TbId=%tb_id08leQ
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031DD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/support/sa_customize.aspx?TbId=66008
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://dnl.crawler.com/tbr_confirm2.aspx?tbid=%tb_id&lng=%lng%enable_search%enable_hp
                    Source: is-ADSTV.tmp.4.drString found in binary or memory: http://dnl.crawler.com/tbr_upd_confirm.aspx?tbid=%tb_id%
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/tbr_upd_confirm.aspx?tbid=%tb_id%%
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dnl.crawler.com/tbr_upd_confirm.aspx?tbid=%tb_id%1O
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://dnl.imtoolpack.com/Dnl/config/250/IMToolPackSetup.exe
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://dnl.imtoolpack.com/dnl/config/250/IMToolPackSetup.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.hp.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.mandragor.org/files/Common_libs_documentation/allegro/packfile.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://donat.org/archos/wiki/doku.php?id=aos_file_formatFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://download.rebategiant.com/Dnl/config/250/RebateInformerSetup.exe
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://download.rebategiant.com/dnl/config/250/RebateInformerSetup.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download.videohelp.com/liquid217/dvdauthorgui.plFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dream.wincustomize.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://drodds.blogspot.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://drodds.blogspot.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://droid.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dropmind.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dslnuts.com/help.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dspace.dial.pipex.com/quite/eps1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://duke.usask.ca/~macphed/soft/fig/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dwi.ddruk.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://earth.google.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ebookmall.com/knowledge-collection/gemstar.htmFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000101/New-Year.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000102/Martin-Luther-King-Day.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000103/Chinese-New-Year.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000104/Lincolns-Birthday.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000105/Valentines-Day.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000106/Washingtons-Birthday.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000107/St.-Patricks-Day.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000108/Passover.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000109/Easter.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000110/Cinco-de-Mayo.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000111/Mothers-Day.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000112/Independence-Day.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000113/Patriot-Day.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000114/Halloween.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000115/Thanksgiving.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000116/Christmas.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000117/Hanukkah.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000201/Classic.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000202/Funny.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000203/Cute.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000204/Family.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000301/Anniversary.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000302/Baby.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000303/Engagement.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000304/Graduation.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000305/New-Home.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000306/Pregnancy.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000307/Wedding.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000401/Get-Well.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000402/Good-Luck.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000403/Sympathy.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000501/Love.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000502/Miss-You.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000503/Friendship.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000504/How-Are-You.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000505/Sorry.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000506/Thank-You.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000507/Thinking-of-You.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/000508/Keep-in-Touch.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/0101/Animals.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/0103/Arts.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/0106/Flowers.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/0110/Nature.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/0112/People.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/0114/Religion.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://ecards.funutilities.com/ecards/pickup.aspx?tbid=%tb_id
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://econweb.tamu.edu/gambit/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ecu-performance.com.pl/why-use-hondata/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edu.kde.org/kwordquiz/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eduardo38.netne.net/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eduardo38.netne.net/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://electrem.emuunlim.com/future/UEFSpecs.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.kingsoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.pro100.eu/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://encarta.msn.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eng.gva.co.kr/products/author.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://english.xpertdesign.de/info_bxp.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exchange.macromedia.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/pages-full/LME-LegglessMusicEditor.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/pages-full/PS-PaulShields.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/pages/FTM-FaceTheMusic.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/AC1D-DC1A_Packer.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/AMComposer_12.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/AMOS_Music_Bank.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Actionamics_Sound_Tool.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Benn_Daglish.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Cinemaware.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Darius_Zendeh.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/David_Hanney.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/FWMP.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Follin_Player_II.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Game_Music_Creator.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Hippel-COSO.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Jason_Brooke.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/MED.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/MMDC.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/MON_Old.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/MaxTrax.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Mike_Davies.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Mugician.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/NovoTrade_Packer.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Paul_Robotham.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Professional_Sound_Artists.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Prorunner_20.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Richard_Joseph.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Sean_Conran.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Sonix_Music_Driver.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/SoundMon_20.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Speedy_System.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Synth_Pack.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/The_Player_4x.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Trackerpacker_3.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://exotica.fix.no/tunes/unexotica/formats/Unique_Development.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://explore.live.com/windows-live-movie-makerFNUM
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://facebook.funutilities.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fallout.bethsoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://famitracker.shoodot.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://famtasia.at.infoseek.co.jp/term.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://farmanager.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fast.nist.gov/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fba.emuunlim.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fceultra.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fenixproductions.prv.pl/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fenixproductions.prv.pl/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fenixproductions.prv.plDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fenixproductions.qsh.eu
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fenixproductions.qsh.euDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://file-extension.net/info/amr-adaptive-multi-rate-encoded-audio-file.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://file-extension.net/info/daa-poweriso-direct-access-archive-image-file.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://file-extension.net/info/flv-flash-video-file.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://file-extension.net/info/pfc-aol-preferences-personal-filing-cabinet-file.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://filext.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://filext.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://filippomenolascina.tk/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://filippomenolascina.tk/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fineprint.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://flac.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://flarn2005.blogspot.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://flarn2005.blogspot.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://flasm.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fontforge.sourceforge.net/pcf-format.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://foobar2000.org/components.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://forrox.narod.ru/bma_en.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://forum.lonmark.org/products/guides.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freearc.org/research/SREP.aspxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freemind.sourceforge.net/wiki/index.php/Main_PageFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freespace.virgin.net/dave.risley/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freshmeat.net/projects/grzip/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freshmeat.net/projects/top2svg/RURL
                    Source: gpl.txt.0.drString found in binary or memory: http://fsf.org/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://futalgo.planetaclix.pt/mediazip/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://futalgo.planetaclix.pt/sfzip/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fxhome.com/visionlab/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://games.funutilities.com/
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://games.funutilities.com/?tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://games.funutilities.com/?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://games.funutilities.com/games/
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://games.funutilities.com/games/01/Actions--Adventure.html?tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://games.funutilities.com/games/01/Actions--Adventure.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://games.funutilities.com/games/02/Dancing--Shows.html?tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://games.funutilities.com/games/02/Dancing--Shows.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://games.funutilities.com/games/04/Puzzle.html?tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://games.funutilities.com/games/04/Puzzle.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://games.funutilities.com/games/05/Shootem-Up.html?tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://games.funutilities.com/games/05/Shootem-Up.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://games.funutilities.com/games/06/Sport.html?tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://games.funutilities.com/games/06/Sport.html?tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://gameyard.com/
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://gameyard.com/SVW
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gens.consolemul.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geocities.com/kirnbie/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geocities.com/kirnbie/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://get.games.yahoo.com/proddesc?gamekey=chuzzleFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://get.live.com/messenger/overviewFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://getic.njoydeco.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://getid3.sourceforge.net
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://getid3.sourceforge.netDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gexf.net/format/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ghido.shelter.ro/Archive/QLFC.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ghido.shelter.ro/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://glest.wikia.com/wiki/G3DFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gnese.free.fr/NDS/ComicBookDSFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://golly.sourceforge.net/Help/formats.html#mcFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gomentalpower.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gpwiki.org/index.php/SPRFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://greenfish.xtreemhost.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hasanates.awardspace.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hbasic.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hdf.ncsa.uiuc.edu/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hdf.ncsa.uiuc.edu/products/hdf5/whatishdf5.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://heightmap.org/index.php?m=2FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://helijah.free.fr/pages/download/download.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://henson.newmail.ru/j2me/jsr184.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hitmen.c02.at/files/yagcd/yagcd/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.att.net/~mkw/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.swipnet.se/polyene/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.swipnet.se/~w-50884/emulator/rage.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.t-online.de/home/Ollydbg/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home20.inet.tele.dk/hexmaster/bcs/benchmark.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home20.inet.tele.dk/hexmaster/bcs/tech_ref.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://homepage.powerup.com.au/~intertek/VZ200/vz.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hotlavasoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hysys.che.ufl.edu/getting_started.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icfu.totalcmd.net/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://icfu.totalcmd.net/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://idle.thomaslauer.com/FNUM
                    Source: is-ADSTV.tmp.4.drString found in binary or memory: http://ie.search.msn.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/2da.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/acm.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/are_v9.1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/bam_v1.htm#bamcv1_HeaderFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/bam_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/bcs.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/bif_v1.htm#bif_v1FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/bif_v1.htm#bifc_v1.0FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/bif_v1.htm#bifc_v1FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/chr_v2.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/cre_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/dlg_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/eff_v2.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/gam_v1.1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/gam_v2.0.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/ini.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/itm_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/itm_v2.0.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/key_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/mos_v1.htm#mosc_v1_HeaderFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/mos_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/plt_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/pro_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/sav_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/spl_v2.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/sto_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/sto_v9.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/tlk_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/wavc_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/ie_formats/wfx_v1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://iesdp.gibberlings3.net/file_formats/misc_formats/d.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://imsidesign.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://infrarecorder.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://inventio.nl
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://inventio.nlDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://isis.astrogeology.usgs.gov/FNUM
                    Source: CrawlerSetup12.exe, 00000002.00000003.1939849898.0000000002143000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.exe, 00000002.00000003.1834806594.0000000002350000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.exe, 00000002.00000003.1940047530.0000000002146000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.exe, 00000002.00000003.1939967089.0000000002146000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000003.1883871236.000000000220C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/
                    Source: CrawlerSetup12.exe, 00000002.00000003.1939849898.0000000002143000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.exe, 00000002.00000003.1834806594.0000000002350000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000003.1883871236.000000000220C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ispp.sourceforge.net/About
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ist.uwaterloo.ca/~schepers/formats/CRT.TXTFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jajc.ksn.ru/index.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jalbum.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jalbum.net/softwareFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jasperforge.org/index.php?q=project/jasperreportsFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/j2se/1.4.2/docs/guide/plugin/developer_guide/control_panel.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com/products/javawebstart/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jcsmr.anu.edu.au/facslab/analysis.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jmge.net/java/csprings/doc/intro.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jonathanclark.com/ezip/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://joost.endoria.net/icontweaker/home/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jss.sourceforge.net/moddoc/psm-form.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kb.mozillazine.org/Blocklist.xmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://keepass.sourceforge.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://koala.ilog.fr/lehors/xpm.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kolibrios.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ksudoku.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kttech.com/SoundCompression/SoundCompression.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://labs.divx.com/connected/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://linksynergy.walmart.com/fs-bin/click?id=hAOCrHgMamc&offerid=183959.10005582&type=3&subid=0&u1
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://livedocs.macromedia.com/coldfusion/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://liveswifers.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://local.wasp.uwa.edu.au/~pbourke/dataformats/nff/nff2.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://logo7.software.informer.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lotus.com/products/product2.nsf/wdocs/wordproFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://m0n0.ch/wall/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://machf.tripod.com/Hunt/Carn/car.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://macromates.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maf.mozdev.org/maff-file-format.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://magicssoft.ru/?folder=projects&amp;page=GRZipIIFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mark0.net
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mark0.net/soft-trid-deflist.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://mark0.net/soft-trid-e.html
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mark0.net/soft-trid-e.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mark0.net/soft-tridnet-e.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mark0.net/soft-xrk.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mark0.netDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mark0.netDef
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://marreka.no-ip.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://marreka.no-ip.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mc.pp.se/psp/psf.xhtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mcf.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mdc.custhelp.com/app/answers/detail/a_id/18883/~/genepix%E2%AE-file-formatsFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://melodymachine.com/sfark.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://member.nifty.ne.jp/yamazaki/DeepFreezerEng/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://members.aol.com/autismuk/ace/faq.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://members.aol.com/khancock/pilot.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://members.aol.com/sydyn/sydyn/idfedit.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://members.cox.net/dos/compress.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://members.lycos.co.uk/musicf/columns_manual.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://members.shaw.ca/lampwords/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://members.xoom.virgilio.it/misartim/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://members.xoom.virgilio.it/misartim/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://membres.lycos.fr/asle/AMPD_src/FC-M_Packer.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://membres.lycos.fr/asle/AMPD_src/Hornet_Packer.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://membres.lycos.fr/asle/AMPD_src/Kefrens.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://membres.lycos.fr/asle/AMPD_src/Wanton_Packer.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://membres.lycos.fr/asle/ampd.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://membres.lycos.fr/treegenerator/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://membres.lycos.fr/vsk2/index.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mercury.ebi.ac.uk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://messenger.msn.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://messenger.yahoo.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://metachicken.org/chformat.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoftgadgets.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mikmod.raphnet.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mindstorms.lego.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://miranda-im.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://moddingcarnivores.tk/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://moddingcarnivores.tk/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://modmyi.com/wiki/index.php/Iphone_PNG_imagesFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://monarch.datawatch.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mozbackup.jasnapaka.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mpc.corecodec.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mpgravity.sf.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mrhx.ucoz.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mupen64.emulation64.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mwolson.org/static/doc/muse/Introduction.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mythtv.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://namida.com/kaminarimon/hes/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://neil.fraser.name/software/brainbox/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nekovm.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netghost.narod.ru/gff/graphics/summary/dpx.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netghost.narod.ru/gff/vendspec/dvmmovie/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netpage.dk
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netpage.dkDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://neuron2.net/dgmpgdec/DGIndexManual.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nifti.nimh.nih.gov/nifti-1/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nocash.emubase.de/gba.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://northfox.uw.huFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nostalgies.thomsonistes.org/transfert.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, uninst.exe.0.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
                    Source: setup_CodecInstaller_full.exe, uninst.exe.0.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nsis.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://odrl.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://odv.awi.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://openlp.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://openmrs.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://orca.st.usm.edu/~rbateman/kinemage/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oss.sgi.com/projects/inventor/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://otsdj.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://oxygenbasic.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pages.total.net/~hkonstas/palmdraft.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://palmbibleplus.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://panks.tripod.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://panks.tripod.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://panks.tripod.com/sbload.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://parchive.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://park18.wakwak.com/~pixia/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://passwordsafe.sourceforge.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://paulbourke.net/dataformats/cube/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://paulbourke.net/dataformats/field/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://paulbourke.net/dataformats/geo/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://paulbourke.net/dataformats/glf/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://paulbourke.net/dataformats/gocad/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://paulbourke.net/dataformats/ms3d/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://paulbourke.net/dataformats/phd/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://paulbourke.net/dataformats/surf/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://paulbourke.net/dataformats/tp/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://paulbourke.net/dataformats/vla/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://paulbourke.net/dataformats/vmd/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pbem.brainiac.com/cb_tutorial.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pcsx2.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://peak.telecommunity.com/DevCenter/PythonEggsFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://peazip.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pencil-animation.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://people.rerouted.org/jcchu
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://people.rerouted.org/jcchuDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://perso.club-internet.fr/lclevy/exotica/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pestpatrol.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pfaffsoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pgn.freeservers.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://photofiltre.free.frFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pilling.users.netlink.co.uk/ovationpro.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pilot-db.sourceforge.net/FNUM
                    Source: is-ADSTV.tmp.4.drString found in binary or memory: http://portal.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=%topic%
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pouet.net/prod.php?which=13618FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://preview.tinyurl.com/62a39wFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://primo.homeserver.huFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://product.corel.com/EN/WPO2002_Box/CorelTUTOR/CorelCentral/html_docs/cstart.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://products.sel.sony.com/SEL/service/conselec/softupdates/playplug12_instr.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://psch.thinbasic.com/thinedge.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://psoup.math.wisc.edu/mcell/ca_files_formats.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://psxemulator.gazaxian.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://psycle.pastnotecut.org/portal.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://publib.boulder.ibm.com/epubs/df/xks0100.dtd
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qmt.ath.cx/~nes/nintendulator/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://quartushelp.altera.com/9.1/mergedProjects/reference/glossary/def_qar.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qucs.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://quickbooks.intuit.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://radsite.lbl.gov/radiance/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ramal.free.fr/mr3pc.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://raven.jsums.edu/~visweb/library/SGI_bookshelves/SGI_EndUser/books/ShowcaseUG/sgi_html/index.h
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://relaxng.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reload.bbk.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reload.bbk.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rksoft.virtualave.net/rkau.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://robbi-985.homeip.net/hosted_programs/update/bmm/index.htmlFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://rs.crawler.com/sitereview.asmx/GetReview?URL=%url&SITE=%site&TUID=%tuid
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rzip.samba.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sac-ftp.externet.hu/pack12.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sc68.atari.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scifi.pages.at/yoda9k/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scottandmichelle.net/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scratch.mit.edu/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://screensavers.funutilities.com/
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://screensavers.funutilities.com/ssavers/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.cpan.org/src/LALA/Audio-SID-3.02/SID_file_format.txtFNUM
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://search.half.ebay.com/_W0QQ
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://selectservices.bentley.com/en-US/Support/Support
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://settlers2.merri.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shelx.uni-ac.gwdg.de/SHELX/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shipinbottle.chessalex.com/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://shop.ebay.com/?_nkw=%s&_sacat=See-All-Categories
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://shop.ebay.com/?_nkw=%s&_sacat=See-All-CategoriesP//1.0.0.18
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://short.stop.home.att.net/freesoft/dbase.htm#matrixFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://siag.nu/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://siag.nu/egon/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://siag.nu/siag/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://simcity.ea.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sisms.sourceforge.net/docs/SMISMOStruct.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sites.google.com/site/gfabasic322/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sketchup.google.com/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://skins.funutilities.com/
                    Source: is-AVISQ.tmp.4.drString found in binary or memory: http://skins.funutilities.com/?TbId=%tb_id%
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023DD000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://skins.funutilities.com/skins/local.aspx?TbId=%tb_id%
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023DD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://skins.funutilities.com/skins/local.aspx?TbId=%tb_id%i
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://smaf-yamaha.com/what/about.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sng.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sol.gfxile.net/code.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sonique.lycos.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sonotaco.com/soft/e_index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sorry.vse.cz/~roman/dimension/rdos/rdosplay/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sourceforge.net/apps/mediawiki/free-cad/index.php?title=Main_PageFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sourceforge.net/projects/cramfs/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sourceforge.net/projects/guliverkli/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sourceforge.net/projects/kexis/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sourceforge.net/projects/ktechlab/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sources.redhat.com/bzip2/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://space.tin.it/computer/stefanogaggioli
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://space.tin.it/computer/stefanogaggioliDEF
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000239E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://spell.crawler.com/ss.asmx/Spell_CheckText?sText=%text%&iCacheTimeoutSec=3600
                    Source: CToolbar.exe, 00000007.00000003.1920075576.000000000239E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://spell.crawler.com/ss.asmx/Spell_CheckText?sText=%text%&iCacheTimeoutSec=3600a
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://spell.crawler.com/ss.asmx/Spell_GetPosCorrs?sWord=%word%&iCacheTimeoutSec=3600
                    Source: is-AVISQ.tmp.4.drString found in binary or memory: http://spell.inbox.com/ss.asmx/Spell_CheckText?sText=%text%&iCacheTimeoutSec=3600
                    Source: is-AVISQ.tmp.4.drString found in binary or memory: http://spell.inbox.com/ss.asmx/Spell_GetPosCorrs?sWord=%word%&iCacheTimeoutSec=3600
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://spellforce.jowood.com/sf2/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sprintdeveloper.com/article16.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://squ1.org/wiki/WeatherToolFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://standards.freedesktop.org/desktop-entry-spec/latest/index.html#introductionFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stoyanoff.info/blog/code/styler/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sun.com/software/star/starofficeFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://support.sas.com/techsup/technote/ts140.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://support.webex.com/support/downloads.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://supportconnectw.ca.com/public/ca_common_docs/latest_cazipxp.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://surfer56.googlepages.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://surfer56.googlepages.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://swami.sourceforge.net/flacpak.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sweetheartgames.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tads.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://taverna.sf.net/2008/xml/t2flow
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tecfa.unige.ch/guides/vrml/vrml97/spec/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tersesystems.com/code/index?overview=vt14FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://thesims.ea.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://thor.info.uaic.ro/~busaco/teach/docs/component/9_jsbref.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://thorkildsen.no/faqsys/docs/cmf_form.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://thorkildsen.no/faqsys/docs/dmf-form.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://thorkildsen.no/faqsys/docs/emd_form.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://thorkildsen.no/faqsys/docs/gt2-form.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://thorkildsen.no/faqsys/docs/mtm-form.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://thorkildsen.no/faqsys/docs/p16-form.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://thorkildsen.no/faqsys/docs/ptmform.docFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/28vxlhFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/63d4uk2FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/6fw6gpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/7mjdh3bFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/cgng44FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/fd5txFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/kgvuuFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/p2brlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/yrtaypFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/yvjv8xFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/yxsy9pFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tinyurl.com/yyhrzxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tmwiki.inio.org/wiki?GBX_File_FormatFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tng3d.com/index.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://treegraph.bioinfweb.info/Development/XTGFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tta.iszf.irk.ru/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tukaani.org/xz/format.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://udn.epicgames.com/Two/KarmaAuthoringTool.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ultimatepaint.j-t-l.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://universesandbox.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://upx.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://usa.autodesk.com/autocad/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://users.pandora.be/desi-iii/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://users.senet.com.au/~mjbone/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utenti.lycos.it/jarrefan/index.php
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://utenti.lycos.it/jarrefan/index.phpDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vba.ngemu.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://viceteam.bei.t-online.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://video.google.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://video.google.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://virtuanes.s1.xrea.com:8080/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://visualvision.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://voodooattack.deviantart.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://voodooattack.deviantart.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vp.video.google.com/videodownload?version=0&secureurl=STRN
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://wallpapers.funutilities.com/
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://wallpapers.funutilities.com/PA
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://wallpapers.funutilities.com/PA//1.0.0.1
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://wallpapers.funutilities.com/wpapers/PAD//1.0.0.40
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://web.archive.org/web/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/web/19990220172029/www.gadgetlabs.com/wavezip_frame.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/web/19991004055217/ourworld.compuserve.com/homepages/microfox/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/web/20000108201641/compression.hypermart.net/ufa/777.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/web/20000302203034/www.abracadata.com/html/index99.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/web/20001218041900/www.spinnerbaker.com/sbx.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/web/20020702115405/http://thepipe.kiev.ua/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/web/20030202061208/www.gregorybraun.com/Crypto.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/web/20030204140941/http://www.desktopmusic.com/guitar/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/web/20031016095959/http://www.tasc.nl/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/web/20050218120457/http://www.helsinki.fi/~ssyreeni/dawnff/dawnffFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.archive.org/web/20070623104306/http://www.orbit.org/replace/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.bsn.ch/lasse/bfacs.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.inter.nl.net/hcc/A.Jaw.Venema/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.tiscali.it/AirexDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.tiscali.it/AirexFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://webmod.homelinux.org
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://webmod.homelinux.orgDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://west.thomson.com/products/services/manage-court-cases.aspxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://whatpulse.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://widgets.yahoo.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.alioth.net/index.php/OXPFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.eclipse.org/FAQ_What_is_an_Eclipse_product%3FFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.etree.org/index.php?page=FlacFingerprintFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.mikrotik.com/wiki/Main_PageFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.mikrotik.com/wiki/Upgrading_RouterOSFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.mobileread.com/wiki/AZW#TopazFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.mobileread.com/wiki/BBeBFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.mobileread.com/wiki/WOLFFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.mobileread.com/wiki/ZTXTFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.mozilla.org/Software_Update:MARFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.multimedia.cx/index.php?title=ARMovieFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.multimedia.cx/index.php?title=GXFFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.multimedia.cx/index.php?title=MJPFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.multimedia.cx/index.php?title=MTVFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.multimedia.cx/index.php?title=NXVFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.multimedia.cx/index.php?title=Star_3FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.openstreetmap.org/wiki/ProtocolBufBinary#File_formatFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.openwrt.org/OpenWrtDocs/Hardware/Thomson/speedtouchFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.panotools.org/Hugin_Main_windowFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.xentax.com/index.php/Descent_HOGFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.xentax.com/index.php/GRAF:3D_Ultra_Cool_TBVFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.xentax.com/index.php/H2O6FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.xentax.com/index.php/Madden_2004_DAT2FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.xentax.com/index.php?title=Guild_Wars_DATFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.xtronics.com/index.php/TinaFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wikinova.info/doku.php/en:np:base:menu:terrain_model:data_formats#sosi_files_.sosFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://world.casio.com/pv/support/en/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://worldoftanks.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wrath.t35.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wrath.t35.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www-03.ibm.com/systems/i/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www-306.ibm.com/software/info/workplace/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www-mipl.jpl.nasa.gov/external/vicar.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www-mmsp.ece.mcgill.ca/Documents/AudioFormats/SPPACK/SPPACK.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www-xdiv.lanl.gov/XCM/gmv/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.2brightsparks.com/onclick/eoc.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.360desktop.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.3dmark.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.3dmm.com/bboard/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.3ds.com/homeFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.3ds.com/products-solutions/3d-for-all/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.48katmos.freeuk.com/whatisan.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.4d.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.66.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.7-zip.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.7-zip.org/sdk.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.8bit-micro.com/download.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.SonyEricsson.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abacom-online.de/uk/html/splan.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abbyy.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abbyy.com/company/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ability.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abisource.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ableton.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ac3d.org/pages/resourcesFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acc.umu.se/~emilk/about.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acca.itFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accelrys.com/cerius2/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acdsee.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acecadsoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ache.nlDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aciweb.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acr.org/s_acr/index.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acronis.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.act.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.activevb.de/rubriken/apiviewer/index-apiviewereng.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acucorp.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.addictivesoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.advancedinstaller.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.advantagedatabase.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.adventuregamestudio.co.uk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aerofly.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.afflib.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.affymetrix.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.agentix.org/aginstaller.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aha-soft.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ahead.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aim.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aimutation.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.airwer.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ais.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ajiliti.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ajiliti.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aksharamala.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aladdinsys.com/StuffIt/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aladdinsys.com/StuffItSTRN
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alexkey.net
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alexkey.netDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.algonet.se/~dennisgr/pipeview.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alias.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alias.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alice.ea.com/main.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alicebot.org/aiml.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.all4mp3.com/Software1.aspxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.allencomm.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.altera.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.altium.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.altium.com/circuitmaker/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.altium.com/pcad/resources/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.altools.com/ALTools/ALZip/Egg-format.aspxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.altools.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.altova.com/products/umodel/uml_tool.htmlFNUM
                    Source: is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.amazon.com/exec/obidos/redirect?link_code=ur2&camp=1789&tag=inboxcom-20&creative=9325
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.amazon.com/exec/obidos/search-handle-url/?bq=1/103-4117491-7743052&field-keywords=%s
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.amazon.com/exec/obidos/search-handle-url/index=books&bq=1/103-4117491-7743052&field-keywo
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field-keywords=%s&x=0&y=0
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ambientdesign.com/artrage.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amiga-stuff.com/modpackers-download.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amigaforever.com/kb/5-114.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amion.com/ep/eplot.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ammosoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amsa.gov.au/Shipping_Safety/AUSREP/AUSREP_system/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amxmodx.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anfyteam.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anim8or.comFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.anrdoezrs.net/click-1714332-10372912
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.anrdoezrs.net/click-1714332-3996279
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ansys.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anti-virus.by/en/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.anyrail.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aol.com/FNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apadanasoftware.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aperio.com/bigtiffFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apperson.org/cadstd/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appface.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/downloads/macosx/imaging_3d/3dmfviewer.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/itunes/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/itunesFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/mpeg4/3gpp/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/quicktimeFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.applian.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.applix.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.applix.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.appspeed.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arcsoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arcsoft.com/en/products/multimediaemail/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arcsoft.com/en/products/photostudio/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arcsoft.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.area51-game.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arkangles.com/kchess/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.artmoney.ruFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arts-letters.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.artweaver.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arxfatalis-online.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ashampoo.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ashampoo.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ashlar.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.askoh.com/freecad/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.asksam.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.asp-shareware.org/padFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aspack.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.astonshell.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.astonshell.com/aston2/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.atariage.com/software_search.html?SystemID=7800FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.atariage.com/software_search.html?SystemID=LYNXFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.athenasoft.org/sub/software.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ati.com/developer/tools.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.audiocoding.com/wiki/index.php?page=MP4FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autodesk.com/3dsmaxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autodesk.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autodesk.com/siteselect.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autodesk.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.automation.siemens.com/logo/index_76.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/Pages/Defau
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avery.com/home.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avery.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avira.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avira.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.axialis.com/ssp/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.azzcardfile.bizFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.azzcardfile.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.b1.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.babylon.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.badongo.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bakedbean.co.nz/Electric_Pipes.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.banana.ch/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bars.lg.ua/slim/#introFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.basicx.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baxbex.com/cryptomite.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bd.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bebits.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.beegui.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.beiks.com/palmzonebg/Bdicty.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.belltechsystems.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.belltechsystems.com/business-publisher/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bentley.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.berkeleymadonna.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.beyondlogic.org/uClinux/bflt.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bga.org/~lessem/psyc5112/usail/man/solaris/snoop.1.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bgblitz.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bilsen.com/aic/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bimcore.emory.edu/Services/Lasergene/modules.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bio-rad.com/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000003.1883871236.000000000220C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.bis.doc.gov
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bitvise.com/tunnelierFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blackberry.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blackberrybrickbreaker.com/index.php/COD_FilesFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blackfiveservices.co.uk/awbmtools.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blazemp.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blender.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blender.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blitzbasic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blizzard.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blizzard.com/diablo2/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blizzard.com/us/starcraft/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.blizzard.com/war3/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bloodshed.net/dev/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bookcase.com/library/software/msdos.archive.compress.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.boost.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.borland.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.borland.com/delphi/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.borland.com/us/solutions/lifecycle_quality_management/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.borland.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bradfordsoftware.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.braeburn.co.ukFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bravaviewer.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.brixoft.com/default.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.broderbund.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bsplayer.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.buchanancomputing.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.burut.ruFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.businessobjects.com/products/reporting/crystalreports/default.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.businessobjects.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bvrp.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bwgen.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.c3d.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cabri.com/v2/pages/en/index.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cadent.co.il/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cadifra.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cadsoft.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cadsoft.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cadsplanner.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cadvance.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cadzone.com/Crash_Zone/Crash_Zone.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cadzone.com/pocketzone/Pocket_Zone.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cakewalk.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.calamus.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caligari.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cambridgesoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cambridgesoft.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.camsoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.canon.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.canucarve.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.capella.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.captiveworks.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cardwar.tk/FNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cartesianinc.com/Tech/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caseware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.casio.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caslsoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.castlighting.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.catia.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cauldron.sk/projects/chaser/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cavedog.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cavo.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.caxa.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cc.gatech.edu/projects/large_models/ply.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cdlabelpro.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cdmatech.com/solutions/products/purevoice.jspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.celedy.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cerience.com/products/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cgtech.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chartwellyorke.com/dfwind.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cheatengine.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chemwindow.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chessbase.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chessmaster.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chiark.greenend.org.uk/~jacobn/cpm/mdaspec.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.christianblackburn.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.christianblackburn.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cimatron.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cip4.org/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.circuit-diagram.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cisco.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cit.gu.edu.au/~davidt/cit3611/C_UNIX/japanese.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cjmweb.net/GUEmap/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cknow.com/ckinfo/c/CDF-ChannelDefinitionForm.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cknow.com/ckinfo/index.php?ToDo=view&amp;questId=205&amp;catId=6FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cknow.com/ckinfo/questions/547/PIF---Program-Information-FileFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.clamav.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.clavia.se/G2/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cleanersoft.com/hidefolder/free_hide_folder.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.clearjump.com/products/LiteWave.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.clickteam.com/English/index.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.clickteam.com/English/tgf.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.clickteam.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cloanto.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.clonk.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.clrpc.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cmgsccc.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cnki.net/cajview_page/cajviewer.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.code4ward.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.codingmonkeys.de/subethaedit/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.coffeecup.com/button-factory/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cognos.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.collada.org/2005/COLLADASchema
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.collakesoftware.com/pecompact.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.collectorz.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.collectorz.com/movieFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000293D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.resources.dll1.0.drString found in binary or memory: http://www.colok-traductions.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.colorschemer.com/studio_info.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.combit.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.commandandconquer.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.componentace.com/bde_replacement_database_delphi_absolute_database.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.compressconsult.com/szip/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.compression.ru/arctest/self/ped.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.conceptdraw.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cooledit.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.coolpage.com/cpg.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.corel.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.corel.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cosmicblobs.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cowonamerica.com/FNUM
                    Source: CrawlerSetup12.exe, 00000002.00000003.1939814014.0000000002120000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.c
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com
                    Source: CrawlerSetup12.tmp, 00000004.00000003.1883871236.000000000220C000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000002.1928040294.0000000002209000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com&
                    Source: is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/?TbId=%TbId
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/?tbid=#TbId#
                    Source: CrawlerSetup12.tmp, CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.com/Help/Help.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.com/Help/Help.aspxU
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/Toolbar/email.aspx?URL=%s&TbId=%tb_id%
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.com/faqs.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/faqs.aspx?choice=622
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/faqs.aspxpfB
                    Source: is-AVISQ.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help
                    Source: is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?TbId=%TbId&src=TbMenu
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.0000000002209000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.000000000223F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2176
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2177
                    Source: is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2178
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2180
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2181
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2182
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2183
                    Source: is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2184
                    Source: is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2185
                    Source: is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2186
                    Source: is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2187
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2188
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2189
                    Source: is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2190
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2191
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2192
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=2202
                    Source: is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?m=CR_Options_Help&i=%topic%
                    Source: is-ADSTV.tmp.4.dr, Toolbar Help.lnk.7.drString found in binary or memory: http://www.crawler.com/help/default.aspx?src=TbMenu
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?src=TbMenuU
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?src=TbMenuu%am=
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.0000000002209000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=0
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.000000000223F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=0&e=CR_EMAIL_HELP&i=1150#q_1150
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.000000000223F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=0&e=CR_RADIO_HELP&i=877#q_877
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.0000000002209000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=0&e=CR_RSS_HELP&i=440#q_440
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.0000000002209000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=0&e=CR_SCRS_HELP&i=873#q_873
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.0000000002209000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=0&e=CR_WSG_HELP&i=875#q_875
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.000000000223F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=0&e=CR_Weather_help&i=1051#q_1051
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=1&g=1&e=CR_NOTES_HELP
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.000000000319E000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031A6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=1&m=CR_DOWNLOADER_HELP
                    Source: CToolbar.exe, 00000007.00000003.1918911472.000000000319E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=1&m=CR_DOWNLOADER_HELPA
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023EB000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023BA000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=2&m=CR_Options_Help&i=
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023BA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&b=2&m=CR_Options_Help&i=an
                    Source: CToolbar.exe, 00000007.00000003.1918911472.000000000319E000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031A6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&m=CR_Options_Help&i=1367
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/help/default.aspx?src=tbmenu&m=CR_Options_Help&i=1468
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/helpm/
                    Source: CToolbar.exe, 00000007.00000003.1918911472.0000000003201000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/helpq
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/helpxQwB
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031DD000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/homepage.aspx?tbid=%tb_id
                    Source: CToolbar.exe, 00000007.00000003.1920075576.000000000242D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/homepage.aspx?tbid=%tb_id9
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.000000000223F000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000002.1926071796.00000000006C2000.00000004.00000020.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000002.1922609977.00000000008AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/homepage.aspx?tbid=66008
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/homepage.aspx?tbid=660088
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmp, setup_CodecInstaller_full.exe, 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmp, CrawlerSetup12.tmp, 00000004.00000003.1882293023.0000000005814000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000003.1882144572.0000000005EB4000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000003.1855761134.0000000005816000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005EC1000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000002.1925540868.000000000018E000.00000004.00000010.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000003.1855019739.0000000005816000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.exe.0.dr, is-ADSTV.tmp.4.dr, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/legal/Terms.aspx
                    Source: is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.com/legal/about.aspx
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/legal/privacy.aspx
                    Source: CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/legal/privacy.aspx(
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/legal/privacy.aspx?TbId=%TbId&src=TbMenu
                    Source: CToolbar.exe, 00000007.00000003.1920075576.000000000242D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/legal/privacy.aspxe.ini
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/legal/terms.aspx
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/legal/terms.aspx.aspx
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/legal/terms.aspx/
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/legal/terms.aspxQxB
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/legal/terms.aspxrpfB
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/login.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000003.1883871236.000000000220C000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000002.1928040294.0000000002209000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/privacy_policy.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, More Crawler Products.lnk.7.dr, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/products/
                    Source: is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/products/desktop-email-notifier.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/products/desktop-notes.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/products/desktop-weather.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/products/download-manager.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/products/funball.aspx
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/products/r.pfB
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/products/rss-reader.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.com/products/toolbar.aspx
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/products/toolbar.aspxs.0d=
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002451000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/s
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031CF000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/s.aspx?q=
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/search/dispatch1
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=askj&qkw=%s&tbid=%tb_id
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%search&tbid=%tb_id
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%search&tbid=%tb_id04=0
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023E4000.00000004.00001000.00020000.00000000.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=#TbId#&qkw=
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw=
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031A6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.00000000031C8000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw=%search&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=dic&qkw=#search#&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=dic&qkw=%s&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=dic&qkw=&tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=dic&tbid=%tb_id
                    Source: CToolbar.exe, 00000007.00000003.1918911472.0000000003191000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=dns&qkw=%search&tbid=%tb_id&Code=%code
                    Source: CToolbar.exe, 00000007.00000003.1918911472.0000000003197000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=dns&qkw=%search&tbid=%tb_id&Code=%codea
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=ggl&qkw=#search#&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=ggl&qkw=%s&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=gglg&qkw=#search#&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=gglg&qkw=%s&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=gglg&qkw=&tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=gglg&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=ggli&qkw=#search#&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=ggli&qkw=%s&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=ggli&qkw=&tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=ggli&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=ggln&qkw=#search#&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=ggln&qkw=%s&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=ggln&qkw=&tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=ggln&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=hp&tbid=%tb_id
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=maps
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=maps&qkw=%s&tbid=%tb_id
                    Source: is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=maps&tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=maps&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=mmd&qkw=#search#&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=mmd&qkw=%s&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=mmd&qkw=&tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=mmd&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=msn&qkw=#search#&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=msn&qkw=%s&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=sf&qkw=#search#&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=sf&qkw=%s&tbid=%tb_id&%language
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=sw&qkw=%s&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=thes&qkw=#search#&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=thes&qkw=%s&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=thes&qkw=%search%
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=thes&qkw=%search%&tbid=%tb_id%
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=thes&qkw=%search%U
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=thes&qkw=&tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=thes&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=wea
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=wea&qkw=#search#&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=wea&qkw=%s&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=wea&qkw=&tbid=#TbId#
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=wea&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=wea&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=wp
                    Source: is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=wp&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=wp&tbid=%tb_id
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=wp.cz1k=
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=yh&qkw=#search#&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=yh&qkw=%s&tbid=%tb_id
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=yp
                    Source: is-RD52J.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=yp&tbid=#TbId#
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=yp&tbid=%tb_id
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/search/dispatcher.aspx?tp=ypql=
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031CF000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.crawler.com/search/ie.aspx?tb_id=%tb_id
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031CF000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/search/ie.aspx?tb_id=%tb_idlp/
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031D6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.crawler.com/search/ie.aspx?tb_id=66008
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1928040294.000000000223F000.00000004.00001000.00020000.00000000.sdmp, crawler.ini.0.drString found in binary or memory: http://www.crawler.com/terms_of_use.aspx
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.crawler.com/toolbar/tb_uninstall.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawler.comU
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.crawlersmileys.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.crestron.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.crestron.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cricksoft.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cricksoft.com/schemas/file/crickinfo.xsd
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cricksoft.com/uk/products/clickerFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.crimsoneditor.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.crocodile-clips.com/Our_Products/Physics/Crocodile_Physics/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.croteam.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.crouzet.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.crystalmaker.co.uk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.crystaloffice.com/maple/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.biu.ac.il/~tsaban/Zagit/zagit.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.fit.edu/~mmahoney/compression/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.oswego.edu/~blue/xex/black/xex/xex.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.csbruce.com/~csbruce/cbm/ace/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.csiberkeley.com/products_ETABS.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.csounds.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.csse.monash.edu.au/~timf/videocodec/idroq.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cult3d.com/howto/publish_dwr.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cumulatelabs.com/cumulatedraw/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cuylaerts.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cybercom.net/~dcoffin/rca/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cyberlink.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cyberlink.com/products/powerproducerFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cygwin.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dabcc.com/nfuse/Docs/ica_file_explained.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.daemon-tools.ccFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.daisy.org/projects/braille/braille_workarea/pef.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dakx.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datacad.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datadoctor.inFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dataviz.com/products/smartlisttogo/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.davisnet.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.daz3d.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dct.de
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dct.deDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ddisoftware.com/qimage/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.debugmode.com/wink/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.declan-software.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.deepwave.net/ref/palm-wdc2/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.delftship.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.deliplayer.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.delorme.com/software.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.delphi-jedi.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.deltacad.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.deltatao.com/clanlord/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.demoforge.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dependencywalker.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.descent2.com/ddn/specs/bnk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.descent2.com/ddn/specs/pig/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.design-simulation.com/IPFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.design-simulation.com/WM2D/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.design-simulation.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.designcad.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.deskshare.com/vem.aspxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.desktopsidebar.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.devincook.com/goldparserFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.devlobby.com/forums/showthread.php?p=599FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diamond-pro.com/games/dc3.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diffraction.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digitalmzx.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digitalphono.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digitalstrategies.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digitalworkshop.co.ukFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digitrax.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.din.or.jp/~ch3/randd_e.html#CHP
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.din.or.jp/~ch3/randd_e.html#KIFFFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.discreet.com/combustionFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.divx.com/skinsFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diydatarecovery.nl/mbrtool.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.djvuzone.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dnaml.comFNUM
                    Source: is-ADSTV.tmp.4.dr, language.ini.7.drString found in binary or memory: http://www.domain.com/file.zip
                    Source: is-ADSTV.tmp.4.dr, language.ini.7.drString found in binary or memory: http://www.domain.com/path/file.exe
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.domain.com/path/file.exeQ
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.donationcoder.com/Software/Mouser/findrun/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.doom3.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.downloadfreetrial.com/utilities/util2090.htmlFNUM
                    Source: CToolbar.exe, 00000007.00000003.1920075576.00000000023D6000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.dpbolvw.net/click-1385729-10517611
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.dpbolvw.net/click-1714332-10289854
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.dpbolvw.net/click-1714332-10308398
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.dpbolvw.net/click-1714332-1200209
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.dpbolvw.net/click-3600511-10487376
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dreamcast.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.drh-consultancy.demon.co.uk/pvk.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.drivecam.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.drivesnapshot.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.drweb.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ds-xtra.com/MoonShell2FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ds4u.com/Imagine/isoe/index.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dsl.gr.jp/~sage/sagepage/prog/pshop/pms/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dswteam.com/cdac.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.duncanamps.com/psud2/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dundjinni.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dunfield.com/dave/dsktools.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dvddemystified.com/dvdfaq.html#4.10FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dvdfab.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dw.com/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dwightblackburn.com/aol.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dynacw.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-beam.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-onsoftware.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ea.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eagames.com/official/nfs/underground/en/home.jspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eagleglobesoftware.com/formatsrd/Garmin-PCX5.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.earlycase.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.earlycase.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.easternlogic.com.tw/EzDraw/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.easymarketplace.de/SAPCAR.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.easyworship.com/bibletext.phpFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.ebay.com
                    Source: is-4A847.tmp.4.drString found in binary or memory: http://www.ebay.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ebu.ch/departments/technical/pmc/pmc_bwf.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.echospeech.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eda-stds.org/sdf/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.edfplus.info/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eecs.wsu.edu/paint.net/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eere.energy.gov/buildings/energyplus/weatherdata_format_def.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.efax.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.egrid32.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.egrid32.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eitechnologygroup.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.elcomsoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.elderscrolls.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.elderscrolls.com/index.php?url=/games/games_overview.htm&amp;bg=02FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ele.tue.nl/ctw/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.electronicsworkbench.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.elektronik.htw-aalen.de/packjpg/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ellisys.com/ufo/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.emachineshop.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.emeditor.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ememopad.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.emit.jp/dgca/dgca.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.emit.jp/gca/gca.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.emsisoft.com/en/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.emu.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.emule-project.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.encase.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.encode.ru/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.endnote.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.endnote.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.enetsystems.com/~lorenzo/fidocad.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.enterbrain.co.jp/en/c_outline/goods_soft.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.entis.gr.jp/eri/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.entrust.com/entelligence/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.envisioneerexpress.com//FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eovia.com/home.jspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eovia.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.epanet.com/downloads.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.epocnova.com/mediasafe.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.equis.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.erain.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ericsson.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eset.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.esri.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.esri.com/software/arcexplorer/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.esri.com/software/arcview/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.etymon.com/Isearch/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eurekalog.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eurus.dti.ne.jp/~saba/vix.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eve-online.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.everestsoftwareinc.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.evermoresw.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.evernote.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eviews.com/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.expedia.com/daily/home/Default.asp?CCheck=1&affcid=39843520
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.explore-rpg.com/default.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.expswp.com/AboutEXP.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eyemail.com.cn/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ezbsystems.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ezgui.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fahrenheitgame.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.failproductions.co.cc
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.failproductions.co.ccDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fairusewizard.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.familysearch.org/eng/paf/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.familytreemaker.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.farb-rausch.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.farcry-thegame.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fasoo.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fast-report.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fastcad.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fazzou.com/driver/PCTools.rarFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.felmi-zfe.tugraz.at/dm_scripts/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fiddlertool.com/fiddler/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fifa2004.ea.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.file-extension-3gp.com/file-extension-3gp.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.file-extension-torrent.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.file-hunter.com/music/mustFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fileware.co.uk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.finalcut.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.finaldraft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.finalemusic.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.finalemusic.com/finaleguitar/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.finalemusic.com/notepad/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.finalemusic.com/printmusic/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.finalemusic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.finson.com/espana/productos/box/tlug/SCD0043/SCD0043.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firepad.com/catalog/index.php/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firestorm.cx/fswebcam/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firetongue.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fis.ncsu.edu/acs_extracts/Brio.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fiservfsc.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fishsim.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fixpcproblems.com/freebackupfix.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fjsoft.at/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.flashpoint1985.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.flexible.co.uk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.flexit.seFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.flightgear.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.flowjo.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fluent.com/software/fluent/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fmjsoft.com/fmt/kmp.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fmjsoft.com/fmt/ksc.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fmjsoft.com/fmt/ksf.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fmod.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.foaf-project.org/FNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.foobar2000.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.formatta.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.formdocs.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.formik.rksoft.sk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.formz.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.forteinc.com/agent/index.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.forum.nokia.com/Technology_Topics/Web_Technologies/Web_Runtime/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.forum.nokia.com/main/0
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.foveon.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.foxitsoftware.com/pdf/reader/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fpns.net/willy/wteledsk.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fractovia.org/uberto/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.framework.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.frameworkpascal.com/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.free-codecs.com/download/ZVR_Converter.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freebasic.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freecom.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freedb.org/src/latest/DBFORMATFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freelunchdesign.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freepascal.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freewebs.com/emilcont/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.frogans.com/en/discover/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fscreations.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fugawi.com/docs/navframe.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fujifilm.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fujixerox.co.jp/eng/index.htmlFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.funutilities.com
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005EC1000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.funutilities.com/files/SSaver/
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.funutilities.com/skins/default.aspx
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.furcadia.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.futuremark.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fxpansion.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gaeb2000.com/index.htmlFNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galleriasoftware.com/collagemaker/collinfo.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galtechsoft.com/dagesh.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gamehouse.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gameshark.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.garmin.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.garmin.com/garmin/cms/cache/offonce/us/maps/tripplanningsoftware/mapsourceFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.garmin.com/vehicles/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.garmin.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gburner.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gcn.cx/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gdal.org/frmt_hdf5.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gdal.org/gdal_vrttut.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gdsoft.com/swag/swag.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gemtek.com.tw/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.genbox.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.genericcadd.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.genetec.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.genserv.com/gs/gensgedf.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gentleware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.geo.uu.nl/~tvzessen/xvman310a/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.geocities.com/SiliconValley/Bay/9932/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.geocities.com/SoHo/Studios/4500/dmesh100a/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.geocities.com/emucompboy/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.geocities.com/holger_burghardt/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.geocities.com/peter_bone_uk/pivot.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.geocities.com/randyinc_nz/software/software.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.geocities.com/sbcarchiver/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gerberscientific.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.getright.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gfasoft.gfa.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ggnet.de/index.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ghisler.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ghisler.com/plugins.htm#contentFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ghisler.com/plugins.htm#filesysFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ghisler.com/plugins.htm#listerFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ghisler.com/plugins.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.giantscreamingrobotmonkeys.com/monkeyjam/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.glbasic.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.glbasic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.globalheavyindustries.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.globalstarsoftware.com/jetfighter2015/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnome.org/projects/dia/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.gnu.org/copyleft/lgpl.htmlIhttp://www.gnu.org/copyleft/gpl.html
                    Source: gpl.txt.0.drString found in binary or memory: http://www.gnu.org/licenses/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmp, gpl.txt.0.drString found in binary or memory: http://www.gnu.org/philosophy/why-not-lgpl.html
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/software/cpio/cpio.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/software/gettext/gettext.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/software/tar/tar.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gnupg.org/documentation/faqs.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.go.dlr.de/pdinfo_dv/ImageMagick.html#miffFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gobe.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.godot64.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.godot64.de/german/welcome.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.goldensoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.goldensoftware.comFNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.goodolddays.net/apps/id
                    Source: CToolbar.exe, 00000007.00000003.1918911472.0000000003181000.00000004.00001000.00020000.00000000.sdmp, adrkeys.dat.7.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.google.com
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031DD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com)
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/earth/FNUM
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031A6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.comools
                    Source: CToolbar.exe, 00000007.00000003.1918911472.00000000031DD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.comq
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gpsbabel.org/htmldoc-development/fmt_mapsend.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gpsmoldova.com/navitel/indexen.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gpstuner.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.graalonline.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.graphicode.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.graphpad.com/prism/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.graphtec.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.grasshopperllc.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.greatidea.com/paris/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gribuser.ru/xml/fictionbook/index.html.enFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.griddlers.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.griddlers.com/index.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.grisoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.grisoft.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gryc.ws/autorealm.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.guidancesoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.guitar-pro.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.guitar-pro.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002973000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.resources.dll8.0.drString found in binary or memory: http://www.gununipucu.net
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gunzonline.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gvox.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gzip.org/zlib/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hacha.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.haenlein-software.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hallmarksoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.handheld-basic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.handmark.com/products/detail.php?id=1FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.handmark.com/products/detail.php?id=85FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.handshigh.com/html/thoughtmanager.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.handstory.com/product/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.haskell.org/bz/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hcsoft.net/lab/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hec.usace.army.mil/software/hec-hms/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hellobasic.com/vd.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.helpscribble.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hemera.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hexworkshop.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hikvision.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hilgraeve.com/htpe/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hitecrcd.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hitmill.com/programming/vb/filetypes.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hitrust.com.hkFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hnsky.org/software.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.holophase.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.homedesignersoftware.comFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.homegoods.com/index.asp
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hoobie.net/brutus/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hosenose.com/adif/adif.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hotbar.com/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.hotbooksale.com/?prodid=137&mp=1
                    Source: is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.hotmoviesale.com/?prodID=60
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hp.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hp.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hpcalc.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hpl.hp.com/ptm/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hudmaker.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hudsonca.ca/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hudsonca.ca/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hungrysoftware.com/#/tools/adsos/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hydrocad.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ibiblio.org/osrt/omf/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ibiblio.org/pub/Linux/utils/compress/tzip-1.12.lsmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ibm.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ibsensoftware.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ice-graphics.com/ICEReader/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iceows.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.icon-king.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.icpnet.pl/~tomekpawlak/kgb/?lang=enFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.id3.org/intro.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ida.liu.se/~vaden/cgdi/#xvcgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.idpf.org/specs.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.idrisi.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.idsoftware.com/games/quake/quake2/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.idsoftware.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iesna.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.igrafx.com/products/flowcharter/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ikea.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iliumsoft.com/site/lp/listpro.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.im-c.de/lecturnity/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imagine-msn.com/Messenger/Post/Communicate/Wink.aspxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imc.org/pdi/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmp, sample_video_file.avi.txt.0.drString found in binary or memory: http://www.imdb.com/title/tt0000000/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.immervision.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.improvision.com/products/openlab/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ims-web.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.imsidesign.com/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.imtoolpack.com/
                    Source: CrawlerSetup12.tmp, CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.inbox.com
                    Source: CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.000000000237E000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.inbox.com/login.aspx
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.inbox.comU
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.incrediflash.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.incredimail.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.indigorose.com/products/autoplay-media-studio/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.infamus.com/albumwrap/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inform-fiction.org/zmachine/standards/z1point0/appd.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.infosun.fim.uni-passau.de/Graphlet/GML/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.infousa.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.infovista.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inin.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inivis.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inmagic.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inmagic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.innaphase.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.innonics.comFNUM
                    Source: CrawlerSetup12.exe, CrawlerSetup12.exe, 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.exe, 00000002.00000003.1840735695.0000000004460000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000000.1843086389.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, CrawlerSetup12.tmp.2.drString found in binary or memory: http://www.innosetup.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inpage.com/inpage.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inshame.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inshame.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.insoft.fi/eng/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.installshield.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.intelitek.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.intergraph.com/smartsketch/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.interwise.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.intuac.com/userport/john/apt/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.intuac.com/userport/john/btpc5/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.intuit.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ioneo.com/as_intro.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ipswitch.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.irislink.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.irrlicht3d.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.isi.edu/~hobbs/LFToolkit/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.isilo.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.isworld.org/endnote/index.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iti.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.itsth.com/en/produkte/cld.phpDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ivory.org/oldwebsite/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.j2global.com/jcom/j2/page/homeSplashFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jades.org/download.htm#utilsFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jahshaka.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jasc.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jasonweiler.com/VP3FileFormatInfo.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.javaview.de/guide/formats/Format_Jvx.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jave.de/figlet/fonts.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jbss.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jbss.deFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.jdoqocy.com/click-1714332-1147293
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.jdoqocy.com/click-1714332-9836638?cm_ven=CJ&cm_cat=1574127&cm_pla=1714332&cm_ite=Abebooks
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jes-soft.com/volleyball/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jesusonic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jetaudio.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jetico.com/bcarchive.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jgpaiva.dcmembers.com/gridmove.htmlFNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: CodecInstaller.exe.0.dr, CodecInstaller.resources.dll2.0.drString found in binary or memory: http://www.jockersoft.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.com/ToU.html
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, setup_CodecInstaller_full.exe, 00000000.00000003.1865720129.0000000000664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.com/ToU.html0x000C#327701040Software
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.com/codecinstaller_download.php
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/codecinstaller_index.php
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/codecinstaller_istruzioni.php
                    Source: CodecInstaller.exe.0.dr, CodecInstaller.resources.dll4.0.dr, CodecInstaller.resources.dll2.0.drString found in binary or memory: http://www.jockersoft.com/donations.php
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmp, README.txt.0.drString found in binary or memory: http://www.jockersoft.com/dotnetfx.php
                    Source: CodecInstaller.exe, 00000005.00000002.2869348611.0000000002848000.00000004.00000800.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000002.2869348611.0000000002838000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.com/downloads/latest/setup_CodecInstaller.exe
                    Source: CodecInstaller.exe, 00000005.00000002.2869348611.0000000002848000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.com/downloads/latest/setup_CodecInstaller.exep~
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/english/codecinstaller_index.php
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/english/codecinstaller_index.phpY:
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/english/codecinstaller_index.phpr
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/english/codecinstaller_index_sv.php
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/english/codecinstaller_instructions.php
                    Source: CodecInstaller.exe, 00000005.00000002.2869348611.0000000002782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.com/english/codecinstaller_vista.php#registry
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/english/codecinstaller_vista.php#registry%parameters
                    Source: CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/english/donations.php
                    Source: setup_CodecInstaller_full.exe, 00000000.00000003.1865720129.0000000000664000.00000004.00000020.00020000.00000000.sdmp, setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmp, README.txt.0.drString found in binary or memory: http://www.jockersoft.com/english/dotnetfx.php
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, setup_CodecInstaller_full.exe, 00000000.00000003.1865720129.0000000000664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.com/english/dotnetfx.phpSW_SHOWNORMALOpen
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, setup_CodecInstaller_full.exe, 00000000.00000003.1865720129.0000000000664000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.com/english/dotnetfx.phpnot
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.com/forum/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.com/privacy.html
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/redirect_
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000002.2869348611.0000000002782000.00000004.00000800.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe, 00000005.00000002.2869348611.0000000002AD7000.00000004.00000800.00020000.00000000.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/versionchecker/checker2.php?app=
                    Source: CodecInstaller.exe, 00000005.00000002.2869348611.0000000002782000.00000004.00000800.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000002.2869348611.0000000002AD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.com/versionchecker/checker2.php?app=codecinstaller&version=2.10.4.0
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/versionchecker/codecDatabase
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/versionchecker/codecsversion.xml/checkUpdatedCodecsError
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.jockersoft.com/versionchecker/errorsreport.php
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jockersoft.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jollytech.com/products/print_studio/index.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jonelo.de
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jonelo.de/java/jacksumFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jonelo.deDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jososoft.dk/yamaha/software.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jrmediacenter.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jrsoftware.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.juno.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jupiter-ace.co.uk/ace32.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.justsystem.co.jp/ichitaro/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kalassa.net/propilkki2FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kanzelsberger.com/pixelFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.karafun.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kaspersky.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kaspersky.com/support/sos5/key?qid=193239113FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kaspersky.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kazaa.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kencast.com/specs.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kexi-project.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.keypress.com/sketchpad/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.keypress.com/x5715.xmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.keywallet.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kgpsoftware.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kgpsoftware.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kgpsoftware.com/slamdb.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.khronos.org/collada/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kingsoftresearch.com/kso.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.klaimsoft.com/winuha/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.klicktel.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.koffice.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.koffice.org/kword/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.konfabulator.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.konyvcalc.hu/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.korg.com/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.kqzyfj.com/click-1714332-10305004
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.kqzyfj.com/click-1714332-10362086
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.kqzyfj.com/click-1714332-10364150
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.kqzyfj.com/click-1714332-10370189
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.kqzyfj.com/click-1714332-5674452
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kremlinencrypt.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ksdev.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kubotekusa.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kyuran.be/world/html/article-56-0.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kyuran.beDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.labcenter-electronics.com/index.html?/products/schematic.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lancos.com/prog.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.land-j.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lauterbach.com/frames.html?pp.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lavasoft.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lcdstudio.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ldraw.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lec.com/power-translator-software.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lego.com/eng/factory/design/ldd.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lego.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lenagames.com/bigjig.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lenex.de/lenex.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lexar.com/jumpdrive/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lextek.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lfs.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.libe57.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.libertybasic.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.libpng.org/pub/mng/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.libpng.org/pub/mng/spec/jng.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.libpng.org/pub/png/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lighting.philips.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.likno.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.limewire.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.line6.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lineage2.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.linear.com/designtools/software/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lingoes.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lingvo.ruFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.liquidaudio.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lirc.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.litestep.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lithium.it/forum/pop_profile.asp?mode=display&amp;id=178
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lithium.it/forum/pop_profile.asp?mode=display&amp;id=178DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lithium.it/forum/pop_profile.asp?mode=display&amp;id=249
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lithium.it/forum/pop_profile.asp?mode=display&amp;id=249DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.litsoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.livejournal.com/users/waider/415461.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lizardtech.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.llvm.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lodedata.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.logarithmic.net/pfh/bonkFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.logitech.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lokigames.com/development/smjpeg.php3FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.loksound.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.longestjourney.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.loopcad.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lossless-audio.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lotus.com/products/organizer5.nsfFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lotus.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ltg.ed.ac.uk/~ht/XMLData-Reduced.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lua.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.luigidifraia.com/c64/dc2n/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.luziusschneider.com/QuizProHome.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lysator.liu.se/~forsberg/linux/shell-scripts.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.lzop.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macdisk.com/binhexen.php3FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macdisk.com/conven.php3FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macdisk.com/macbinen.php3FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macdisk.com/macsigen.php3FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macdisk.com/mcmailen.php3FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macromedia.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macromedia.com/software/freehand/?promoid=home_prod_fh_082403FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macromedia.com/software/freehand/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macromedia.com/software/freehandFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macromedia.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macros.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mactive.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.madtracker.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.magix.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mainconcept.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.majesty2.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mapdroyd.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mapinfo.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mapinfo.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.maplesoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mapletop.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.markany.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.massive.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mastercam.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.matchware.com/en/products/mediator/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mathcad.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mathrevolt.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mathworks.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mathworks.com/products/simulink/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.matroska.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.maxis.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.maxon.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.maxthon.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.maxwellrender.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcgrathinfosolution.com/mis_en.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcw-tech.com/targetexpress/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mdli.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mechcad.net/products/acemoney/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mediachance.com/realdraw/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mediaforge.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.memory-map.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.menuetos.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.metaquotes.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mgisoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.michael-maniscalco.com/compression.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microfocus.com/products/extend/Datasheets/ACUCOBOL-GT.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.micrografx.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microtech.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microth.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microworlds.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.midi.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.midikaraoke.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.midl.co.jp/DLC/index-E.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.midnightblue.com/superjpg/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.milenix.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mindjet.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mindjet.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mindmapper.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mindpal.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mindspring.com/~gchii/eric/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mindworkshop.com/alchemy/gwspro.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mingw.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.minitab.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.minolta.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mioplanet.com/products/miomotion/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.miranda-im.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mircosoft.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.miscarchives.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.miscarchives.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mmbuilder.ru/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mmedia.com.twFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mnemosyne-proj.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mobygames.com/company/massive-development-gmbhFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mobygames.com/game/sheet/gameId
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.modulusfe.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.moleculardevices.com/pages/software/gn_genepix_pro.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.moleculardevices.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monkeysaudio.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.moor-software.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.moove.com/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.morpheus.com/?ref=crawlertoolbar
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drString found in binary or memory: http://www.morpheus.com/?ref=crawlertoolbarU
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.morpheussoftware.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.motorola.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.moviesoft.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozart-oz.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozart.co.uk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/products/firebird/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/projects/xul/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/rdf/doc/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/scriptable/typelib_file.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.orgFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.mp3radio.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.msblabs.org/tinydisk/index.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mscsoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.msgplus.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.msoftware.co.nzFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mtg.sk/rva/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mts.com/rpc3/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mtu-net.ru/dca/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.multieditsoftware.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.multigen-paradigm.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.muppetlabs.com/~breadbox/software/prf.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.musescore.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.musicator.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.musicindiaonline.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.musicmatch.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.musicnotes.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.musicxml.org/xml.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.musique.umontreal.ca/personnel/Belkin/NIFF.doc.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.muvee.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.muvee.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mycomicbookcreator.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.myfamilyinc.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mylittlebase.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mylivecam.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.myob.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.myriadonline.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mysql.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mysql.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mythicsoft.com/filelocatorproFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.n0usr.com/memory.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.namo.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nancy.co.jpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nanozip.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nanozip.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.navigon.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.naviter.si/products/seeyou.php?Itemid=213FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.navngo.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nbos.com/products/mapper/mapper.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nch.com.au/notation/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ndl.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.neillcorlett.com/ecm/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nemetschek.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.neosatusa.com/index.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.neplan.ch/html/e/e_home.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nero.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nero.com/us/NeroVision_Express2.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netcaptor.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netcracker.com/en/products/resource_inventory/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.netghost.ru/gff/graphics/summary/sgiyaodl_ru.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nethack.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.neuratron.com/photoscore.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nevrona.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.newzbin.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/labview/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ni.com/multisim/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nicolaudie.com/main.php?id_page=3FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nightkitchen.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nikon.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nirsoft.net/utils/smsniff.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nist.gov/speech/tests/sdr/sdr99/pages/faq/SRT_FAQ.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nla.gov.au
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nla.gov.auDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nlo-one.narod.ru/ctx/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nokia.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nokia.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nomadworld.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nongnu.org/lzip/lzip.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.notecenter.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.noteworthysoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.novadevelopment.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.novell.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.novell.com/products/zenworks/desktops/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.novell.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nticdmaker.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ntius.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nue.tu-berlin.de/forschung/projekte/lossless/mp4als.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nue.tu-berlin.de/wer/liebchen/lpac.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nue.tu-berlin.de/wer/liebchen/ltac.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nullsoft.com/nsvFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nunit.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nvidia.com/object/nvsg_home.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.o3dm.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oasis-open.org/cover/xmi.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oasistemi.itFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oatsoft.org/Software/RemoteKeysFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.obsidium.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.octopus-studio.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oel-downloads.co.uk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oldskool.org/disk2fdi/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oloneo.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.olsr.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.olympus-europa.com/consumer/2590_6730.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.omax.com.
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.omax.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.omegaresearch.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.omnis.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.on2.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.onicos.com/staff/iz/formats/gif.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.onlinetvrecorder.com/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.onlinevault.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.onset.com.au/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ontrack.com/software/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmp, license.txt.0.drString found in binary or memory: http://www.oo-services.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oops.co.at/AMANDA-docs/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opendarwin.org/projects/xar/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openehr.org/FAQs/t_archetypes_FAQ.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openexr.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openpa.net/arch.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openstreetmap.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opentech.co.krFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.openzim.org/Main_PageFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opera.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.optiy.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oracle.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.orbissoft.com/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.orbitersim.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.orcad.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.orcad.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.orcadpcb.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ordnancesurvey.co.uk/oswebsite/products/landline/techinfo.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.orgplus.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ortim.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.osronline.com/DDKx/gloss/glossary_7gmx.htm#ddk_ntf_gg_glyFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.osta.org/mpv/public/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.outerspace-software.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.overdrive.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozcad.com.au/products/animationworks.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oziexplorer.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oziexplorer.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozonehouse.com/ContextFree/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pacestar.com/edge/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pacifict.com/Home.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pagewunder.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.palm.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002960000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.resources.dll5.0.drString found in binary or memory: http://www.palmaniacos.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paloalto.com/ps/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.panasonic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pandaapp.com/pandahome/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pandasoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pando.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paradogs.com/pdx_ppf2.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paradogs.com/pdx_ppf3.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paradogs.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paraview.org/Wiki/ParaView:FAQ#What_file_formats_does_ParaView_support.3FFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.passmark.com/products/pt.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pathaway.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paulbeesley.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pc-shareware.com/quiz.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcad.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcbsd.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcisys.net/~melanson/codecs/4xm-format.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcisys.net/~melanson/codecs/film-format.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcisys.net/~melanson/codecs/interplay-mve.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcisys.net/~melanson/codecs/wc3movie.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcstitch.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pcsyncpro.de/e_home.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pdaanaesthetic.com/install.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pe.utexas.edu/Geosci/Standards/LAS/las.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pentaonline.it/comitato_hq/index.html
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pentaonline.it/comitato_hq/index.htmlDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.perfectoffice.nl/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.perl.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.personalcopy.com/sfpack.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pgp.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.philipstorry.net
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.philipstorry.netDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phnxthunder.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phoenix-sim.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.photodex.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.photofiltre-studio.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.photofont.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.photomodeler.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.physics.ucla.edu/~grosenth/jwpce.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piacton.com/products/versarray/software.aspx#1FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pingplotter.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pingplotter.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pinnaclesys.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pinnaclesys.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pipasoft.com/maccc/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/speccy/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pitrinec.com/clickymouse.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pitrinec.com/pkindex.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pivotstyles.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pixela.co.jp/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pixelmator.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pl32.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.planetannihilation.com/tamec/helpdesk/TA/formats/hpi.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.planetavp.com/modmaker/modmaker2.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.planetside.co.uk/terragen/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.planetside.co.uk/terragenFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.planetsquires.com/firefly.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.planetsquires.com/jproplugins.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.planneddigital.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.planneddigital.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.plasmacode.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.play.net/playdotnet/play/stormfront-info.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.plkr.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.plogue.com/?page_id=56FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pocketpc.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pocketthemes.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pollensoftware.com/datalink/s-scapes.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.poohbah.com/public_html/pbwine/pbwine.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.portsofcall.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.postgresql.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.povray.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.powerarchiver.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.powerarchiver.com/skinFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.powerbasic.com/products/pbcc/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.powerbasic.com/products/pbdll32/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.powerbasic.com/products/pbdos/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.powerbasic.com/productsFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.powerbasic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.powertodolist.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.prey.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pride-rock.com/forum/apnlist.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.printartist.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.prioregroup.com/cryptx.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.prodesktop.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.progdvb.com/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.programmersheaven.com/zone20/cat315/4989.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.projectwizards.net/en/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.prometheanworld.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.promt.ruFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.propellerheads.se/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protel.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protracker.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.proz.com/kudoz/english_to_swedish/tech_engineering/290728-lemf.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.psproms.com/emulation/gba_roms_emulator.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pstnet.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pstnet.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.psxemu.com/faq/faq-misc.shtml#Q2FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.psychology.nottingham.ac.uk/staff/cr1/dicom.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ptc.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ptc.com/product/arbortext/isodrawFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.puntotek.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.purebasic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pvx.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pysoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.python.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pyxia.com/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.qarc.narod.ru/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.qbssoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.qemu.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.qkiz.com/critical-seeker/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.qliktech.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.qnx.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quadrasol.co.uk/zukan-cadstar-pcb-design-softwareFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quake3arena.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.qualibyte.com/pixelformer/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quark.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quark.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quickbooks.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quicken.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quicklz.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quickoffice.com/palmos/quicksheet.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quiknet.com/~frcn/Fractals.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quiltpro.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quinnware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quinnware.com/list_plugins.php?type=inputFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quux.net/list/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.r-project.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.r4ds.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.raddeveloper.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.radgametools.com/smkmain.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ragtime-online.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ramsoft.bbk.org/csw.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ramsoft.bbk.org/maketzx.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ramsoft.bbk.org/tzxform.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.randydavis.com/vp/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rapideuphoria.com/database.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rapideuphoria.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rarlab.com/themes.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rarlabs.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rarlabs.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rarpasswordcracker.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ratdvd.dkFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rationalplan.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rbnet.it/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rbnet.it/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rdg.ac.uk/ITS/Topic/Graphics/GrGImagi01/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.real.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.real.com/realone/?src=realaudioFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.real.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.realarcade.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.realarcade.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.realaudio.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.realbasic.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.realbasic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.realcadd.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.realflight.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.realflight.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.reallegal.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.realtick.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.reaper.fm/FNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.rebategiant.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.recognisoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.redfaction2.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.redway3d.com/pages/redsdk.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.redzion.com/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.redzion.com/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.redzion.com/pr_Kriptirnik_en.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rekonet.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.relic.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.relic.com/product/homeworld2/description.phpFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.remobjects.com/FNUM
                    Source: CrawlerSetup12.exe, CrawlerSetup12.exe, 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.exe, 00000002.00000003.1840735695.0000000004460000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000000.1843086389.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, CrawlerSetup12.tmp.2.drString found in binary or memory: http://www.remobjects.com/ps
                    Source: CrawlerSetup12.exe, 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.exe, 00000002.00000003.1840735695.0000000004460000.00000004.00001000.00020000.00000000.sdmp, CrawlerSetup12.tmp, 00000004.00000000.1843086389.0000000000401000.00000020.00000001.01000000.0000000A.sdmp, CrawlerSetup12.tmp.2.drString found in binary or memory: http://www.remobjects.com/psU
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.remotecentral.com/files/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.remotesensing.org/geotiff/geotiff.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.resco.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.research.att.com/sw/tools/xmill/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.resortsoftware.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.retroarchive.org/cpm/cdrom/UTILS/00README.TXTFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.retrobase.net/gensplus/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.retroplatform.com/kb/15-122FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rhino3d.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ritlabs.com/the_bat/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ritlabs.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rjamorim.com/rrw/apac.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rjamorim.com/rrw/astrid.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rjamorim.com/rrw/audiozip.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rjamorim.com/rrw/aupec.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rjamorim.com/rrw/lbpack.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rjamorim.com/rrw/metavoice/metavoice.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rjamorim.com/rrw/pegasussps.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rjamorim.com/rrw/sonarc.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rjamorim.com/rrw/tac.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rjamorim.com/rrw/wavezip.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rjsoftware.com/AptiQuiz/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rkeene.org/oss/dact/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rkssoftware.com/calendarbuilder/overview.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roachnest.com/vectrex/vxhome.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roboform.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.robware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rock-chips.com/en/en.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rockbox.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rockstargames.com/grandtheftauto3/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rockstargames.com/maxpayne/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rockwellautomation.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rockwellautomation.com/rockwellsoftware/design/rslogix5000/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rockwellautomation.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.romanlab.com/apw/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roomarranger.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rorweb.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rowan.sensation.net.au/bruce-mr.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rowley.co.uk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roxio.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roxio.com/enu/products/toast/titanium/overview.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.roxio.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rpgmakerweb.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rtencoder.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.runesource.co.ukDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.runrev.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.runtime.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.runtime.org/gdb.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rw-designer.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.saba.com/products/centra/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.safer-networking.org/en/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sagesoftware.com/FNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.samplitude.com/eng/sam/hybrid.htmlFNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sap.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sarmsoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sas.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.satcodx.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sathawk.tvFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.savings-bonds-alert.com/us-savings-bond-wizard.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.scansoft.com/omniform/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.scansoft.com/paperport/viewers/default.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.schneider-electric.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sci.wsu.edu/math/faculty/barnes/borland/sprint.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.scottlu.com/Content/CExe.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.screem.org/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.screenplay.com/products/mms/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.screenweaver.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.scribus.org.ukFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.scriptbasic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.scriptbasic.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.seagullsoftware.com/solutions/gui.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sealedmedia.com/)INFO
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sealedmedia.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.seattlewireless.net/WarDrivingSoftwareFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.seeyou.ws/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sensorysoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.serence.com/site.php?page=prod_klipFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.serif.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.serif.com/albumplusFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.serif.com/pageplusFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.shareaza.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sharpc.com/CMFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.show-kit.com/showkit/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.shrew.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.shsforums.net/user/10485-sam/
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.shsforums.net/user/10485-sam/DEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sibelius.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.simplemachines.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.simtel.net/product.php?id=38726FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.simulationx.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sinterphase.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sitepublisher.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.skincrafter.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.skype.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slackiller.com/tutorials/tutorials/worldcraft1.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slickedit.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slickedit.com/dtd/vse/STRN
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.slysoft.com/en/clonecd.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smalleranimals.com/pickaxe.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smart-projects.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smartassembly.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smartdraw.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smartftp.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smarttech.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smarttech.com/XMLNotebook
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smarttech.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smhi.se/brdc/baltradformat/baltradformat.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smilebox.com/partner/preclick/pmm/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smirtware.com/products.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.smspower.org/music/vgmtools.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.snes9x.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.snmptg.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sns-hdr.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softAware.de
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softAware.deDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softbytelabs.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softexinc.com/selectOmnipass.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softimage.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softmaker.de/tm_en.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softpres.org/glossary:ipfFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softshape.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softsound.com/Shorten.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softsource.com/svf/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.softvelocity.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.software602.com/products/pcs/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.soldat.plFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.solid-edge.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.solidworks.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.solidworks.com/pages/products/edrawings/eDrawings.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sonic.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sonicfoundry.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sonicspot.com/sbstudio/history.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sony.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sony.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sony.net/Products/Hi-MD/sonic.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sonycreativesoftware.com/vegassoftwareFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sonydigital-link.com/DNA/sonicstage/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sonymediasoftware.com/Default.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sonymediasoftware.com/products/soundforgefamily.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sorensonmedia.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sorensonmedia.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sothink.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sothink.com/product/logo-maker/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.soundgraph.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.soundslimmer.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.spacecad.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.spaceyes.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.spampal.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.speakeasy.org/~russotto/chm/itolitlsformat.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.speckie.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.spectaculator.com/docs/zx-state/intro.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.speedproject.de/enu/squeez/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.speex.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.spincraftsoftware.com/AOPViewer.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.spiralgraphics.bizFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.splash-software.chFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.splashdata.com/splashid/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.spritesoftware.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.spss.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.spsys.demon.co.uk/#AirspaceFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.squish.net/generator/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.srs-inc.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ssec.wisc.edu/~billh/view5d.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stardock.com/products/bootskin/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stardock.com/products/cursorxp/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stardock.com/products/desktopx/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stardock.com/products/iconpackager/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stardock.com/products/logonstudio/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stardock.com/products/objectbar/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stardock.com/products/thememanager/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stardock.com/products/windowblinds/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.starrynight.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stat.umn.edu/HELP/files.html#11FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.statcrew.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stbote.de.vu/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.steampowered.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.steelbytes.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.steinberg.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.steinberg.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stelvio.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stepmania.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stmuc.com/moray/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stormdance.net/software/antenna/software%20overview.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stranded.unrealsoftware.de/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stuffit.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.stumbler.net/ns1files.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.summation.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sun.com/products/staroffice/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.superfigo.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.superfigo.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.supervisioncam.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.surething.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.surfplan.com.au/sp/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.surreal.com/games/index.php?gameID=3FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.svatopluk.com/rm2k/tutorials/xyz_spec.stmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sw-computerconsultancy.com/products/draft_Choice/dcwin.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sweetscape.com/010editor/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.swimrankings.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.swishzone.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.swordofthestars.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sybase.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sybase.com/ianywhereFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sybase.com/products/developmentintegration/powerbuilderFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sygic.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.symantec.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.synergy.com.br/ekahau.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.synfig.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.synology.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.synthzone.com/ensoniq.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.systat.com/products/sigmaplot/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tableausoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drString found in binary or memory: http://www.taglib-sharp.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.taijinmedia.co.kr/taijinwow/english/vision.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.taleworlds.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.talula.demon.co.uk/allegro/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tamasoft.co.jp/pepakura-en/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tascamgiga.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.taxact.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.taxcut.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tdsway.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teach2000.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tealpoint.com/softdoc.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tealpoint.com/softinfo.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tealpoint.com/softmeal.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tealpoint.com/softmovi.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tealpoint.com/softpnt.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teambg.com/iesdp/FilesFormats/AreFormat.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teambg.com/iesdp/FilesFormats/CHRformat.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teambg.com/iesdp/FilesFormats/CHUformat.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teambg.com/iesdp/FilesFormats/CREformat.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teambg.com/iesdp/FilesFormats/SPLformat.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teambg.com/iesdp/FilesFormats/TISformat.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teambg.com/iesdp/FilesFormats/VVCformat.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teambg.com/iesdp/FilesFormats/WEDformat.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.teambg.com/iesdp/FilesFormats/wmapformat.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.technelysium.com.au/winimp.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.technotrend.de/download/av_format_v1.pdfFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.techsoftuk.co.uk/2dv2.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tecplot.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.telestream.net/episodeFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tellini.org/any/3doku/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tenmax.com/teleport/pro/home.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tenmiles.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.terabyteunlimited.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tex.ac.uk/cgi-bin/texfaq2html?label=dviFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.textfiles.com/programming/FORMATS/pgcspec.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thaimodz.net
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thaimodz.netDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thbeck.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thebest3d.com/dogwaffle/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thebest3d.com/dogwaffleFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.theliquidateher.com/mightydraw-windows.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.themekit.com/t_vrek.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.themovieseditor.com/docs/HomePageFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.theos-software.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.theworld.com/obi/Maps/CIA/mapdata/cbd.textFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thezproject.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thinbasic.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thinbasic.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thinbasic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.think3.com/en/product_development/thinkdesign.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.thinkrelative.de/dlib/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiberiumsun.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ticalc.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ticalc.org/archives/files/fileinfo/84/8442.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ticalc.org/pub/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.timevalue.com/tvalue.htmFNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.titanalgorithms.com/rhea_pv2dFNUM
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.tkqlhce.com/click-1714332-10195038
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.tkqlhce.com/click-1714332-10279671
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.tkqlhce.com/click-1714332-10285147
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.tkqlhce.com/click-1714332-10368191
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.tkqlhce.com/click-1714332-10372324
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.tkqlhce.com/click-1714332-1174803
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drString found in binary or memory: http://www.tkqlhce.com/click-1714332-1512627
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.tkqlhce.com/click-3448213-10443728?sid=tb_ct
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drString found in binary or memory: http://www.tkqlhce.com/click-3524522-10388384?sid=tb_ct
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tmpgenc.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tomeraider.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tommesani.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tomovision.com/products/tomovision.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tomsnyder.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tomtom.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.toolbook.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.toplev.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.topografix.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.topografix.com/gpx.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.topsolid.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.touratech.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tracercad.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trackmaniagame.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trakax.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tranglos.com/free/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.transystem.com.tw/p-gps-iblue747.htm)RURL
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trassist.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.traverse-pc.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.treepad.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trendmicro.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trichview.com/help/index.html?rvf_specification.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trillian.ccFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.trimble.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tripos.com/custResources/mol2Files/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.troff.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.truebasic.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tsp.ece.mcgill.ca/MMSP/Documents/AudioFormats/AIFF/AIFF.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tsp.ece.mcgill.ca/MMSP/Documents/AudioFormats/CSL/CSL.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tune-up.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.turbocad.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.turbotax.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002973000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.resources.dll8.0.drString found in binary or memory: http://www.turkceyazilim.net
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tvgenial.com/FNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.uhs-hints.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ulead.com/cool3d/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ulead.com/dmf/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ulead.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.un4seen.com/mo3.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.un4seen.com/petite/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.undocprint.org/formats/page_description_languages/zjstreamFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unet.univie.ac.at/aix/cmds/aixcmds1/ar.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.unidata.ucar.edu/packages/netcdf/guide_toc.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.united-trackers.org/2000/reading/trackers_handbook/7.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.universalremote.comFNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.us.playstation.com/PSP/AboutFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.us.playstation.com/psp.aspxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.usr.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ust.hk/itsc/email/tips/tnef/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.uvmapper.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.uwe-sieber.de/util_e.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.v-com.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vaio.net/sonyvaio648.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vaio.net/sonyvaio658.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ventrella.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vernier.com/products/software/ga/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vernier.com/soft/lp.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vero-software.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.videohelp.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.viewpoint.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vikingsewing.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vingeo.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.virtualbox.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.virtualcd-online.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.virtualcd-online.deFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.virtualdub.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.virtualdub.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.visiform.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vistadb.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.visual-paradigm.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.visual-paradigm.com/product/vpsuite/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.visualcertexam.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vividas.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vlad1.com/~vladimir/projects/apng/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/products/thinappFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vocab.co.uk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vocaloid.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vocaltec.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.voiceinfo.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.volny.cz/brozm/t602vw/index_en.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.voxproxy.com/support/network.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vso-software.fr/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vso-software.fr/products/convert_x_to_dvd/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.vterrain.org/Implementation/Apps/VTBuilder/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.waltop.com.tw/P-my_note_t01s.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.watchguard.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wavpack.com/FNUM
                    Source: is-RD52J.tmp.4.drString found in binary or memory: http://www.websecurityguard.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.webshots.com/corporate/index.cgiFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.webshots.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.webtech.co.jp/eng/istudio/ps2/spec01.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.welcome.to/alan-ifFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.weresc.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.whatsupgold.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.whereisit-soft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.whisqu.se/per/docs/wmf.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wilders.org/anti_viruses.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winace.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winamp.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winamp.com/plugins/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winamp.com/skinsFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winamp.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winbot.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.windedhero.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.windedhero.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.windev.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wingmanteam.com/profiles/profiles_mouse.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winhki.com/en/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winmount.com/mount_mou.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winresume.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wintec.com.twFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wintertree-software.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winuae.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winzip.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winzix.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wise.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wisesolutions.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wjjsoft.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wolfram.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wolfram.com/cdf/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wolkersdorfer.info
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wolkersdorfer.infoDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wondershare.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wondertouch.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.workshare.com/products/wsdeltaview/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.world-machine.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.worldofspectrum.org/AZXformat.txtFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.worldofspectrum.org/RZXformat.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.worldofspectrum.org/projectay/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wotsit.org/search.asp?s=TJSFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wowwiki.com/.tocFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wrapcandy.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wxwindows.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.wyse.com/products/software/rapport.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.x-plane.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.x-ways.net/winhex/POS_Format.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.x-ways.net/winhexFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xaff.org/GI/OMF/omf.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xaraxtreme.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xemico.com/adc/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xenodream.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xenophore.com
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xenophore.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xeraina.ch/pgf/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xerox.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xfree86.org/4.3.0/Xcursor.3.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xilinx.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xiph.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xiph.org/ogg/vorbis/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xmind.netFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xml-cml.org/schema/cml2/core
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xnview.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xpadder.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xpgoodway.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xprotector.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xs4all.nl/~jvde/prof/chiappl.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xs4all.nl/~jvde/prof/v4pack.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xsquawkbox.net/xpsdk/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xteq.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xtracker32.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xtrkcad.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xune.com.ar
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xune.com.arDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.xymantix.com/sysmetrixlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yamaha-xg.com/soundvq/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yamaha.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yamahasynth.com/products/rs7000/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yanceydesktop.com/eBooks/ebooks.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yarix.comDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yenc.org/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yoeric.com/breadboard.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yokogawa.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.youngsan.co.kr/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yountel.comFNUM
                    Source: CrawlerSetup12.tmp, CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.yousendit.com/
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drString found in binary or memory: http://www.yousendit.com/S
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yoyogames.com/gamemakerFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.z-oleg.com/secur/avz/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.z-u-l.de/doc_en/index.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zapsolution.com/winlift/index.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zapsolution.com/zdrawus.htmFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zcalc.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zcureit.com/products.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zebra.com/id/zebra/na/en/index/products/software/discontinued.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zgameeditor.orgFNUM
                    Source: CodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zilog.com/software/zds2.aspFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zinio.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zipform.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zipgenius.it/engFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ziptv.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zmodeler2.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zonelabs.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zoner.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zootsoftware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zope.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zophar.net/gym/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zsnes.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zuccante.it/L3P/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.ccc.uni-erlangen.de/software/cactvs/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www21.ocn.ne.jp/~mizno/main_e.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www3.ca.com/Solutions/Product.asp?ID=260FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www4.discreet.com/3dsmaxFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www8.garmin.com/cartography/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwcip.informatik.uni-erlangen.de/~hovolk/ada/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwde.kodak.com/US/en/developers/productsTechnologies/prodTechFlashPix.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwse.kodak.com/global/en/service/tib/tib4353.shtmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wxbasic.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://x8mam8.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xaos.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xavprods.free.fr/lzx/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xbiblio.sourceforge.net/csl/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xfrog.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xmp.sourceforge.net/doc/format/digi_formatFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xmp.sourceforge.net/doc/format/stx_formatFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xprofan.mxii.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yodap.sourceforge.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zeldaclassic.armageddongames.net/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zmc.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zmey.com.ru/abtpp_e.htmlFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zzt.the-underdogs.orgFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://extras.skype.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/bjorn/tiled/wiki/TMX-Map-FormatFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/site/sc2gears/features/mouse-print-recorderFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/users/eriksiers
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/users/eriksiersDEF
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.nci.nih.gov/display/TCGA/Mutation
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.arcon-shop.com/FNUM
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_00404F61 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404F61
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main Start PageJump to behavior

                    System Summary

                    barindex
                    Yara detected EICAR
                    Source: Yara matchFile source: C:\Program Files (x86)\JockerSoft\CodecInstaller\TrIDDefs.TRD, type: DROPPED
                    Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nsaFDD9.tmp, type: DROPPED
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeCode function: 5_2_1CDCA0F7 NtQuerySystemInformation,5_2_1CDCA0F7
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_00403225
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_0040604C0_2_0040604C
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_004047720_2_00404772
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_024142A82_3_024142A8
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_0242A6B42_3_0242A6B4
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_0235E4402_3_0235E440
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_0240287C2_3_0240287C
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023BEE8C2_3_023BEE8C
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_0240CC5C2_3_0240CC5C
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023C8C782_3_023C8C78
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023B93542_3_023B9354
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023AB1D02_3_023AB1D0
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_0242B5E82_3_0242B5E8
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023A5FA42_3_023A5FA4
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023B9FEC2_3_023B9FEC
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_02431C242_3_02431C24
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_0240A8EC2_3_0240A8EC
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpCode function: 4_3_05BFECE34_3_05BFECE3
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpCode function: 4_3_05BF87EC4_3_05BF87EC
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpCode function: 4_3_05BFEF0D4_3_05BFEF0D
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpCode function: 4_3_05BFE6BD4_3_05BFE6BD
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpCode function: 4_3_05BFEE494_3_05BFEE49
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpCode function: 4_3_05BFD1A24_3_05BFD1A2
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpCode function: 4_3_05BFD2894_3_05BFD289
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpCode function: 4_3_05BF9A344_3_05BF9A34
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpCode function: 4_3_05BFD2494_3_05BFD249
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpCode function: 4_3_06A5377E4_3_06A5377E
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeCode function: 5_2_1CDCEC4E5_2_1CDCEC4E
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeCode function: 5_2_1CDCA0F75_2_1CDCA0F7
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeCode function: 5_2_1CDCEC975_2_1CDCEC97
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeCode function: 5_2_00007FFD9BB1404A5_2_00007FFD9BB1404A
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeCode function: 5_2_00007FFD9BB15DA15_2_00007FFD9BB15DA1
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeCode function: 5_2_00007FFD9BB119555_2_00007FFD9BB11955
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeCode function: 5_2_00007FFD9BB16FED5_2_00007FFD9BB16FED
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: String function: 023D1990 appears 61 times
                    Source: CrawlerSetup12.exe.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                    Source: CrawlerSetup12.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
                    Source: CrawlerSetup12.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) Intel Itanium, for MS Windows
                    Source: CrawlerSetup12.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                    Source: CrawlerSetup12.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                    Source: CrawlerSetup12.tmp.2.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 19900 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 20613 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 15401 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 20947 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 20917 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 20397 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 17781 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 18529 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 19933 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 20404 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 20289 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 3 datablocks, 0x1 compression
                    Source: is-ADSTV.tmp.4.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: get_OriginalFilename vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCodecInstaller.exe8 vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCodecInstaller.resources.dll8 vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ORIGINALFILENAME vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ]WINDOWS 95 OR WINDOWS NT IS REQUIRED TO INSTALL[COMMAND LINE OPTION SYNTAX ERROR. TYPE COMMANDYFILEDESCRIPTIONWIN32 CABINET SELF-EXTRACTOR9ORIGINALFILENAMEWEXTRACT.EXE)CABINET IS NOT VALID.)INTERNALNAMEWEXTRACT'FILERENAMEOPERATIONSWEXTRACT_CLEANUP vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eaLEGALTRADEMARKSTOOLBOOK IS A LEGAL TRADEMARK OFALEGALCOPYRIGHTPORTIONS COPYRIGHT9ASYMETRIXPORTIONS COPYRIGHT1FILEDESCRIPTIONTOOLBOOK)PRODUCTNAMETOOLBOOK'THIS PROGRAM CANNOT BE RUN IN DOS MODE.%ORIGINALFILENAMETB!4VS_VERSION_INFO vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesetupHelper.exe8 vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000293D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCodecInstaller.resources.dll8 vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002946000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCodecInstaller.resources.dll8 vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000003.1865319731.00000000006D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002934000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCodecInstaller.resources.dll8 vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002950000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCodecInstaller.resources.dll8 vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002957000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCodecInstaller.resources.dll8 vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002969000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCodecInstaller.resources.dll8 vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002973000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCodecInstaller.resources.dll8 vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002960000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCodecInstaller.resources.dll8 vs setup_CodecInstaller_full.exe
                    Source: setup_CodecInstaller_full.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: _RegDLL.tmp.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .VBPINFO
                    Source: classification engineClassification label: mal52.phis.troj.spyw.evad.winEXE@9/96@1/1
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_00404275 GetDlgItem,SetWindowTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_00404275
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_00402012 CoCreateInstance,MultiByteToWideChar,0_2_00402012
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoftJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Users\Public\Desktop\CodecInstaller.lnkJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeMutant created: NULL
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeMutant created: \Sessions\1\BaseNamedObjects\InitLang_SetLangID_TBR5
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeMutant created: \Sessions\1\BaseNamedObjects\TB4RunMtxctoolbarexeregsvr
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeMutant created: \Sessions\1\BaseNamedObjects\TB4RegisterMtx
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeMutant created: \Sessions\1\BaseNamedObjects\CTSUPP_MTX_FF_COOKIES
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Users\user\AppData\Local\Temp\nskFDC8.tmpJump to behavior
                    Source: Yara matchFile source: 7.0.CToolbar.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Program Files (x86)\Crawler\is-AVISQ.tmp, type: DROPPED
                    Source: Yara matchFile source: C:\Program Files (x86)\Crawler\is-4A847.tmp, type: DROPPED
                    Source: Yara matchFile source: C:\Program Files (x86)\Crawler\is-ADSTV.tmp, type: DROPPED
                    Source: setup_CodecInstaller_full.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
                    Source: setup_CodecInstaller_full.exeVirustotal: Detection: 31%
                    Source: setup_CodecInstaller_full.exeReversingLabs: Detection: 37%
                    Source: CrawlerSetup12.exeString found in binary or memory: /LoadInf=
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile read: C:\Users\user\Desktop\setup_CodecInstaller_full.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\setup_CodecInstaller_full.exe "C:\Users\user\Desktop\setup_CodecInstaller_full.exe"
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess created: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe "C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe" /NORESTART /verysilent
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeProcess created: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp "C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp" /SL5="$304AA,2431449,71680,C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe" /NORESTART /verysilent
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess created: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe "C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe"
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpProcess created: C:\Program Files (x86)\Crawler\CToolbar.exe "C:\Program Files (x86)\Crawler\CToolbar.exe" /REGSVR
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess created: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe "C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe" /NORESTART /verysilentJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess created: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe "C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe"Jump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeProcess created: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp "C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp" /SL5="$304AA,2431449,71680,C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe" /NORESTART /verysilentJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpProcess created: C:\Program Files (x86)\Crawler\CToolbar.exe "C:\Program Files (x86)\Crawler\CToolbar.exe" /REGSVRJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: acgenral.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: shfolder.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: ntshrui.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: cscapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: acgenral.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: version.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: acgenral.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: winmm.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: samcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: msacm32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: aclayers.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: sfc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: shfolder.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: msls31.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: version.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: shfolder.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: quartz.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: devenum.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: devobj.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: msdmo.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: qasf.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: wmvcore.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: wmasf.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: mfperfhelper.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: mp4sdecd.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: mfplat.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: rtworkq.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: wmvdecod.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: mp43decd.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: mpg4decd.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: qdv.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: msvfw32.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: wmvsdecd.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: ddraw.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: dxgi.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: dciman32.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: d3d10warp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: dxcore.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: d3d10warp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: cpfilters.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: tvratings.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: msmpeg2vdec.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: comppkgsup.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: avrt.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: d3d9.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: d3d10warp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: wmadmod.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: wmspdmod.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: mp3dmod.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: msmpeg2adec.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: avrt.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: d3d10warp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: d3d10warp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: avrt.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: avrt.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: d3d9.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: d3d10warp.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: avifil32.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: acgenral.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: msacm32.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: version.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: winmmbase.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: msimg32.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: shfolder.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: ctipsdef.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: samlib.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: ieframe.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: ntshrui.dllJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeSection loaded: cscapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                    Source: CodecInstaller.lnk.0.drLNK file: ..\..\..\..\..\..\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe
                    Source: CodecInstaller.lnk0.0.drLNK file: ..\..\..\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe
                    Source: Website.lnk.0.drLNK file: ..\..\..\..\..\..\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.url
                    Source: Help.lnk.0.drLNK file: ..\..\..\..\..\..\Program Files (x86)\JockerSoft\CodecInstaller\codecinstaller_faq.html
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile written: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\crawler.iniJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpWindow found: window name: TMainFormJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeAutomated click: Next >
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeAutomated click: I accept the terms in the License Agreement
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeAutomated click: Next >
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeAutomated click: Next >
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeAutomated click: Install
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeWindow detected: < &Back&Next >Cancel License AgreementPlease review the license terms before installing CodecInstaller 2.10.4.Press Page Down to see the rest of the agreement.COPYRIGHT NOTICEPermission is granted free of charge to any person (the "User") obtaining a copy of this software and associated documentation files (the "Software") to deal in the Software with the rights to use copy publish distribute and to permit persons to whom the Software is furnished to do so provided that:1) the above copyright notice(s) and this permission notice appear in all copies of the Software and that both the above copyright notice(s)2) this permission notice appear in supporting documentation3) the Software is not used for commercial purposes or commercial environments4) no money is asked to redistribute the softwareThe only exception to the 4th rule is that the Software can be freely included in cover CD/DVD distributed with PC magazinesAll other rights including decompilation modification and merging of the Software are reserved.For other uses not covered by this license or for commercial licensing please contact the author.THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.PRIVACY POLICYThe full text of the privacy policy is available athttp://www.jockersoft.com/privacy.htmlIn short:This software may incorporate a module that will send error reports to jockersoft.com website to let us fix the errors and provide better programs to our users. The user can avoid sending the error report by unchecking the "Send error report" field. The error report contains the error message and the program name. It may also contain an installation ID that will let us distinguish multiple error submissions from the same application. This installation ID is a randomly generated number and is not correlated with information about individual users.No other data is collected.TERMS OF USE of jockersoft.com websiteThe full text of the Terms of Use of jockersoft.com website is available athttp://www.jockersoft.com/ToU.htmlIf you accept the terms of the agreement click the check box below. You must accept the agreement to install CodecInstaller 2.10.4. Click Next to continue.I &accept the terms in the License Agreement
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                    Source: setup_CodecInstaller_full.exeStatic file information: File size 3934779 > 1048576
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeFile opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dllJump to behavior
                    Source: Binary string: v:\tb5\ctipsdef\Release\ctipsdef.pdb source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr
                    Source: Binary string: Extract: CodecInstaller.pdb source: setup_CodecInstaller_full.exe, 00000000.00000002.1867010508.000000000063D000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: CodecInstaller.pdb source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, setup_CodecInstaller_full.exe, 00000000.00000003.1865720129.0000000000664000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: Marco PontelloREM 7Symbol Table / Debug info used by Microsoft's compilersRURLNhttp://msdn.microsoft.com/library/en-us/vsdebug/html/_core_The_..PDB_Files.aspFNUM source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: v:\tb5\ctipsdef\Release\ctipsdef.pdb@ source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.dr
                    Source: Binary string: \enApp.icoaudiohex.txtAUTORUN.INFcodecDatabaseCodecInstaller.pdbfilterdatalib.dll source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, setup_CodecInstaller_full.exe, 00000000.00000003.1865720129.0000000000664000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: http://msdn.microsoft.com/library/en-us/vsdebug/html/_core_The_..PDB_Files.aspFNUM source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_00405DA3 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405DA3
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023D6208 push 00486E30h; ret 2_3_023D622C
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_02372250 push 00422E78h; ret 2_3_02372274
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023D6240 push 00486E68h; ret 2_3_023D6264
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023D62BC push 00486EE4h; ret 2_3_023D62E0
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_0241A2DC push 004CAF25h; ret 2_3_0241A321
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023DE294 push 0048EEC8h; ret 2_3_023DE2C4
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023D6284 push 00486EACh; ret 2_3_023D62A8
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_024102FC push 004C0F24h; ret 2_3_02410320
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023D62F4 push 00486F1Ch; ret 2_3_023D6318
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023D633C push 00486F64h; ret 2_3_023D6360
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_0243A308 push 004EAF30h; ret 2_3_0243A32C
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_024043EC push 004B5014h; ret 2_3_02404410
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023F63DC push 004A7004h; ret 2_3_023F6400
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023DE3D4 push ecx; mov dword ptr [esp], edx2_3_023DE3D5
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023B6030 push 00466C58h; ret 2_3_023B6054
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023DE06C push 0048EC94h; ret 2_3_023DE090
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023D6054 push 00486C7Ch; ret 2_3_023D6078
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023560AC push 00406CD4h; ret 2_3_023560D0
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023DE0A4 push 0048ECD8h; ret 2_3_023DE0D4
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023B60D8 push 00466D00h; ret 2_3_023B60FC
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_0240214C push 004B2D74h; ret 2_3_02402170
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_02356124 push 00406D4Ch; ret 2_3_02356148
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023B6110 push 00466D38h; ret 2_3_023B6134
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023DC144 push 0048CD6Ch; ret 2_3_023DC168
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023681FC push 00418E45h; ret 2_3_02368241
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023DE1F0 push 0048EE18h; ret 2_3_023DE214
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023D41E8 push 00484E10h; ret 2_3_023D420C
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023D61D0 push 00486DF8h; ret 2_3_023D61F4
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_02438644 push 004E926Ch; ret 2_3_02438668
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_023DE600 push 0048F234h; ret 2_3_023DE630
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeCode function: 2_3_0237C654 push 0042D27Ch; ret 2_3_0237C678
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Program Files (x86)\Crawler\is-AVISQ.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\it\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_shfoldr.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\ru\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Program Files (x86)\Crawler\ctbr.dll (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\filterdatalib.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\fr\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\trid.exeJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\uninst.exeJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\de\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_setup64.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Program Files (x86)\Crawler\CUpdate.exe (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Program Files (x86)\Crawler\is-RD52J.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\sv\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\tr\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Program Files (x86)\Crawler\is-ADSTV.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Program Files (x86)\Crawler\CToolbar.exe (copy)Jump to dropped file
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeFile created: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\hu\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Program Files (x86)\Crawler\is-HEK6I.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\pt\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\pl\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_RegDLL.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\System.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Program Files (x86)\Crawler\CTipsDef.dll (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Program Files (x86)\Crawler\is-4A847.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\es\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\InstallOptions.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\setupHelper.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpFile created: C:\Program Files (x86)\Crawler\ctbcomm.dll (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\license.txtJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile created: C:\Program Files (x86)\JockerSoft\CodecInstaller\README.txtJump to behavior

                    Boot Survival

                    barindex
                    Creates an undocumented autostart registry key
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr NULLJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr NULLJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr CLSIDJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\tbr CLSIDJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} NULLJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} NULLJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} NoExplorerJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} NoExplorerJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar {4B3803EA-5230-4DC3-A7FC-33638F3D3542}Jump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar {4B3803EA-5230-4DC3-A7FC-33638F3D3542}Jump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler ToolbarJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar\More Crawler Products.lnkJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar\Toolbar Help.lnkJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar\Toolbar Settings.lnkJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar\Uninstall Crawler Toolbar.lnkJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Multimedia\ActiveMovie\Filter Cache64 0Jump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Tries to delay execution (extensive OutputDebugStringW loop)
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpSection loaded: OutputDebugStringW count: 823
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeMemory allocated: 940000 memory reserve | memory write watchJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeMemory allocated: 2740000 memory reserve | memory write watchJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeMemory allocated: 1A740000 memory commit | memory reserve | memory write watchJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeCode function: 5_2_1CDCA0F7 rdtsc 5_2_1CDCA0F7
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpDropped PE file which has not been started: C:\Program Files (x86)\Crawler\is-AVISQ.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\it\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_shfoldr.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\ru\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpDropped PE file which has not been started: C:\Program Files (x86)\Crawler\ctbr.dll (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\filterdatalib.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\fr\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\trid.exeJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\uninst.exeJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_setup64.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\de\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpDropped PE file which has not been started: C:\Program Files (x86)\Crawler\CUpdate.exe (copy)Jump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpDropped PE file which has not been started: C:\Program Files (x86)\Crawler\is-RD52J.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\sv\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\tr\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpDropped PE file which has not been started: C:\Program Files (x86)\Crawler\is-HEK6I.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\hu\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\pt\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\pl\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_RegDLL.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\System.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpDropped PE file which has not been started: C:\Program Files (x86)\Crawler\is-4A847.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\es\CodecInstaller.resources.dllJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\InstallOptions.dllJump to dropped file
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpDropped PE file which has not been started: C:\Program Files (x86)\Crawler\ctbcomm.dll (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeDropped PE file which has not been started: C:\Program Files (x86)\JockerSoft\CodecInstaller\setupHelper.exeJump to dropped file
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile Volume queried: C:\Program Files (x86) FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile Volume queried: C:\Program Files (x86) FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_00405D7C FindFirstFileA,FindClose,0_2_00405D7C
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_004053AA CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004053AA
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_00402630 FindFirstFileA,0_2_00402630
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\Jump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\crawler.iniJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\AppData\Jump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeFile opened: C:\Users\user\Jump to behavior
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TYPE9VMware 4 Virtual Harddisk description file for split diskEXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware configuration (Unix like ver.)EXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TYPE,VMware 4 Virtual Disk (part of a split disk)EXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://en.wikipedia.org/wiki/VMwareFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://www.vmware.comFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware 4 Virtual Disk (part of a split disk)EXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qcow is QEMU specific image format, with support for compression and optional AES Encription.RURL
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://www.qemu.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TYPE VMware configuration (alternate)EXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMDKNAME"image-vmwaredisk-v4-split.trid.xmlUSER
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: QEMU Copy On Write disk image (generic)EXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TYPE&VMware 4 Virtual Disc (monolitic disc)EXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMWARE
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware 4 Virtual Harddisk description file for split diskEXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Marco PontelloREM ]qcow is QEMU specific image format, with support for compression and optional AES Encription.RURL
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware configurationEXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: img-qemu.trid.xmlUSER
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TYPE'QEMU Copy On Write disk image (generic)EXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TYPE%VMware configuration (Unix like ver.)EXT
                    Source: CToolbar.exe, 00000007.00000002.1922609977.000000000085B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TritonioRURL&http://www.vmware.com/products/thinappFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/FNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMDKNAME%image-vmwaredisk-description.trid.xmlUSER
                    Source: CodecInstaller.exe, 00000005.00000002.2880756166.000000001B2C3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TYPE!(part of a) VMware 3 Virtual DiscEXT
                    Source: CrawlerSetup12.tmp, 00000004.00000003.1924782954.00000000006BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: QEMU qcow disk imageEXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .VMCINFO
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Marco PontelloRURL#http://en.wikipedia.org/wiki/VMwareFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware 4 Virtual Disc (monolitic disc)EXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware configuration (alternate)EXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: image-vmwaredisk-description.trid.xmlUSER
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/products/thinappFNUM
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: image-vmwaredisk-v4.trid.xmlUSER
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware LocalizationEXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware BIOS stateEXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Virtual PC Virtual HD imageEXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: image-vmwaredisk-v4-split.trid.xmlUSER
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: image-vmwaredisk-v3.trid.xmlUSER
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: (part of a) VMware 3 Virtual DiscEXT
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeAPI call chain: ExitProcess graph end nodegraph_0-3279
                    Source: C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmpProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeCode function: 5_2_1CDCA0F7 rdtsc 5_2_1CDCA0F7
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_00405DA3 GetModuleHandleA,LoadLibraryA,GetProcAddress,0_2_00405DA3
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drBinary or memory string: LC_CFGProgmanj
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Windows Program Manager GroupEXT
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OPTYPE_PROGMAN
                    Source: CrawlerSetup12.tmp, CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drBinary or memory string: Progman
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\setup_CodecInstaller_full.exeCode function: 0_2_00405AA7 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,0_2_00405AA7
                    Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Lowering of HIPS / PFW / Operating System Security Settings

                    barindex
                    Disables DEP (Data Execution Prevention) for certain images
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers DisableNXShowUIJump to behavior
                    Whitelists domains for ActiveX usage
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}\iexplore\AllowedDomains\* NULL noneJump to behavior
                    Source: setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE

                    Stealing of Sensitive Information

                    barindex
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Program Files (x86)\Crawler\CToolbar.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire Infrastructure1
                    Replication Through Removable Media                    		1
                    Native API                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		21
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		1
                    Peripheral Device Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts2
                    Command and Scripting Interpreter                    		11
                    Registry Run Keys / Startup Folder                    		2
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		LSASS Memory4
                    File and Directory Discovery                    		Remote Desktop Protocol1
                    Browser Session Hijacking                    		1
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
                    Registry Run Keys / Startup Folder                    		2
                    Obfuscated Files or Information                    		Security Account Manager15
                    System Information Discovery                    		SMB/Windows Admin Shares1
                    Data from Local System                    		2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Software Packing                    		NTDS221
                    Security Software Discovery                    		Distributed Component Object Model1
                    Clipboard Data                    		2
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets11
                    Virtualization/Sandbox Evasion                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                    Masquerading                    		Cached Domain Credentials2
                    Process Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Modify Registry                    		DCSync2
                    System Owner/User Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                    Virtualization/Sandbox Evasion                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447786 Sample: setup_CodecInstaller_full.exe Startdate: 27/05/2024 Architecture: WINDOWS Score: 52 46 www.jockersoft.com 2->46 48 Antivirus detection for dropped file 2->48 50 Multi AV Scanner detection for dropped file 2->50 52 Multi AV Scanner detection for submitted file 2->52 54 3 other signatures 2->54 9 setup_CodecInstaller_full.exe 8 88 2->9         started        signatures3 process4 file5 34 C:\Program Files (x86)\...\uninst.exe, PE32 9->34 dropped 36 C:\Program Files (x86)\...\trid.exe, PE32 9->36 dropped 38 C:\...\CodecInstaller.resources.dll, PE32 9->38 dropped 40 17 other files (15 malicious) 9->40 dropped 66 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 9->66 13 CrawlerSetup12.exe 2 9->13         started        16 CodecInstaller.exe 30 13 9->16         started        signatures6 process7 dnsIp8 42 C:\Users\user\AppData\...\CrawlerSetup12.tmp, PE32 13->42 dropped 19 CrawlerSetup12.tmp 24 17 13->19         started        44 www.jockersoft.com 172.67.130.88, 49738, 80 CLOUDFLARENETUS United States 16->44 file9 process10 file11 26 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 19->26 dropped 28 C:\Users\user\AppData\Local\...\_RegDLL.tmp, PE32 19->28 dropped 30 C:\Program Files (x86)\Crawler\is-RD52J.tmp, PE32 19->30 dropped 32 10 other files (9 malicious) 19->32 dropped 56 Tries to delay execution (extensive OutputDebugStringW loop) 19->56 23 CToolbar.exe 293 27 19->23         started        signatures12 process13 signatures14 58 Creates an undocumented autostart registry key 23->58 60 Disables DEP (Data Execution Prevention) for certain images 23->60 62 Tries to harvest and steal browser information (history, passwords, etc) 23->62 64 Whitelists domains for ActiveX usage 23->64

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    setup_CodecInstaller_full.exe32%VirustotalBrowse
                    setup_CodecInstaller_full.exe38%ReversingLabsWin32.PUA.CrawlerToolbar

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe100%AviraPUA/Crawler.Gen
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe100%Joe Sandbox ML
                    C:\Program Files (x86)\Crawler\CTipsDef.dll (copy)17%ReversingLabsWin32.PUA.CrawlerToolbar
                    C:\Program Files (x86)\Crawler\CToolbar.exe (copy)22%ReversingLabsByteCode-MSIL.Ransomware.Crawl
                    C:\Program Files (x86)\Crawler\CUpdate.exe (copy)0%ReversingLabs
                    C:\Program Files (x86)\Crawler\ctbcomm.dll (copy)0%ReversingLabs
                    C:\Program Files (x86)\Crawler\ctbr.dll (copy)25%ReversingLabsWin32.PUA.CrawlerToolbar
                    C:\Program Files (x86)\Crawler\is-4A847.tmp25%ReversingLabsWin32.PUA.CrawlerToolbar
                    C:\Program Files (x86)\Crawler\is-ADSTV.tmp22%ReversingLabsByteCode-MSIL.Ransomware.Crawl
                    C:\Program Files (x86)\Crawler\is-AVISQ.tmp0%ReversingLabs
                    C:\Program Files (x86)\Crawler\is-HEK6I.tmp0%ReversingLabs
                    C:\Program Files (x86)\Crawler\is-RD52J.tmp17%ReversingLabsWin32.PUA.CrawlerToolbar
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe30%ReversingLabsWin32.PUA.CrawlerToolbar
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\de\CodecInstaller.resources.dll0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\es\CodecInstaller.resources.dll0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\filterdatalib.dll0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\fr\CodecInstaller.resources.dll0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\hu\CodecInstaller.resources.dll0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\it\CodecInstaller.resources.dll0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\pl\CodecInstaller.resources.dll0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\pt\CodecInstaller.resources.dll0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\ru\CodecInstaller.resources.dll0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\setupHelper.exe0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\sv\CodecInstaller.resources.dll0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\tr\CodecInstaller.resources.dll0%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\trid.exe4%ReversingLabs
                    C:\Program Files (x86)\JockerSoft\CodecInstaller\uninst.exe0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp4%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_RegDLL.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_setup64.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_shfoldr.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\InstallOptions.dll0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\System.dll0%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    www.jockersoft.com0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://www.fontbureau.com/designers0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://nsis.sf.net/NSIS_Error0%URL Reputationsafe
                    http://darchiver.narod.ru/FNUM0%Avira URL Cloudsafe
                    http://iesdp.gibberlings3.net/file_formats/ie_formats/chr_v2.htmFNUM0%Avira URL Cloudsafe
                    http://www.mmedia.com.twFNUM0%Avira URL Cloudsafe
                    http://www.rdg.ac.uk/ITS/Topic/Graphics/GrGImagi01/FNUM0%Avira URL Cloudsafe
                    http://www.ddisoftware.com/qimage/FNUM0%Avira URL Cloudsafe
                    http://tng3d.com/index.phpFNUM0%Avira URL Cloudsafe
                    http://www.cadifra.comFNUM0%Avira URL Cloudsafe
                    http://www.ortim.deFNUM0%Avira URL Cloudsafe
                    http://www.rdg.ac.uk/ITS/Topic/Graphics/GrGImagi01/FNUM0%VirustotalBrowse
                    http://www.smartdraw.comFNUM0%Avira URL Cloudsafe
                    http://www.ddisoftware.com/qimage/FNUM0%VirustotalBrowse
                    http://www.smalleranimals.com/pickaxe.htmFNUM0%Avira URL Cloudsafe
                    http://www.maxthon.com/FNUM0%Avira URL Cloudsafe
                    http://www.emeditor.comFNUM0%Avira URL Cloudsafe
                    http://iesdp.gibberlings3.net/file_formats/ie_formats/chr_v2.htmFNUM0%VirustotalBrowse
                    http://www.iti.deFNUM0%Avira URL Cloudsafe
                    http://tng3d.com/index.phpFNUM0%VirustotalBrowse
                    http://ecards.funutilities.com/ecards/000204/Family.html?tbid=%tb_id0%Avira URL Cloudsafe
                    http://www.bars.lg.ua/slim/#introFNUM0%Avira URL Cloudsafe
                    http://www.maxthon.com/FNUM0%VirustotalBrowse
                    http://www.godot64.de/german/welcome.htmFNUM0%Avira URL Cloudsafe
                    http://www.applian.com/FNUM0%Avira URL Cloudsafe
                    http://www.saba.com/products/centra/FNUM0%Avira URL Cloudsafe
                    http://darchiver.narod.ru/FNUM1%VirustotalBrowse
                    http://www.bars.lg.ua/slim/#introFNUM0%VirustotalBrowse
                    http://www.hitmill.com/programming/vb/filetypes.htmlFNUM0%Avira URL Cloudsafe
                    http://developer.valvesoftware.com/wiki/StudiomdlFNUM0%Avira URL Cloudsafe
                    http://ecards.funutilities.com/ecards/000204/Family.html?tbid=%tb_id0%VirustotalBrowse
                    http://www.astonshell.com/FNUM0%Avira URL Cloudsafe
                    http://www.redzion.com/0%Avira URL Cloudsafe
                    http://www.smalleranimals.com/pickaxe.htmFNUM0%VirustotalBrowse
                    http://www.applian.com/FNUM0%VirustotalBrowse
                    http://www.litsoft.com/FNUM0%Avira URL Cloudsafe
                    http://www.hitmill.com/programming/vb/filetypes.htmlFNUM0%VirustotalBrowse
                    http://apple2.org.za/gswv/a2zine/Docs/DiskImage_2MG_Info.txtFNUM0%Avira URL Cloudsafe
                    http://developer.valvesoftware.com/wiki/StudiomdlFNUM0%VirustotalBrowse
                    http://www.godot64.de/german/welcome.htmFNUM0%VirustotalBrowse
                    http://www.photofont.comFNUM0%Avira URL Cloudsafe
                    http://iesdp.gibberlings3.net/file_formats/ie_formats/sav_v1.htmFNUM0%Avira URL Cloudsafe
                    http://www.astonshell.com/FNUM0%VirustotalBrowse
                    http://www.saba.com/products/centra/FNUM0%VirustotalBrowse
                    http://www.lancos.com/prog.htmlFNUM0%Avira URL Cloudsafe
                    http://mwolson.org/static/doc/muse/Introduction.htmlFNUM0%Avira URL Cloudsafe
                    http://apple2.org.za/gswv/a2zine/Docs/DiskImage_2MG_Info.txtFNUM0%VirustotalBrowse
                    http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=0%Avira URL Cloudsafe
                    http://iesdp.gibberlings3.net/file_formats/ie_formats/sav_v1.htmFNUM0%VirustotalBrowse
                    http://www.muvee.comFNUM0%Avira URL Cloudsafe
                    http://www.litsoft.com/FNUM0%VirustotalBrowse
                    http://www.cyberlink.com/products/powerproducerFNUM0%Avira URL Cloudsafe
                    http://www.lancos.com/prog.htmlFNUM0%VirustotalBrowse
                    http://dnl.crawler.com/dnl/config/250/CrawlerRadio_Setup.exe0%Avira URL Cloudsafe
                    http://mwolson.org/static/doc/muse/Introduction.htmlFNUM0%VirustotalBrowse
                    http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=0%VirustotalBrowse
                    http://wiki.mobileread.com/wiki/WOLFFNUM0%Avira URL Cloudsafe
                    http://www.teambg.com/iesdp/FilesFormats/WEDformat.htmFNUM0%Avira URL Cloudsafe
                    http://www.redzion.com/0%VirustotalBrowse
                    http://www.realtick.com/FNUM0%Avira URL Cloudsafe
                    http://www.tsp.ece.mcgill.ca/MMSP/Documents/AudioFormats/CSL/CSL.htmlFNUM0%Avira URL Cloudsafe
                    http://www.idrisi.com/FNUM0%Avira URL Cloudsafe
                    http://www.powertodolist.com/FNUM0%Avira URL Cloudsafe
                    http://dnl.crawler.com/dnl/config/250/CrawlerRadio_Setup.exe4%VirustotalBrowse
                    http://www.encode.ru/FNUM0%Avira URL Cloudsafe
                    http://wiki.mobileread.com/wiki/WOLFFNUM0%VirustotalBrowse
                    http://www.teambg.com/iesdp/FilesFormats/WEDformat.htmFNUM0%VirustotalBrowse
                    http://www.tsp.ece.mcgill.ca/MMSP/Documents/AudioFormats/CSL/CSL.htmlFNUM0%VirustotalBrowse
                    http://www.cloanto.com/FNUM0%Avira URL Cloudsafe
                    http://www.epocnova.com/mediasafe.htmlFNUM0%Avira URL Cloudsafe
                    http://www.realtick.com/FNUM0%VirustotalBrowse
                    http://ecards.funutilities.com/ecards/000307/Wedding.html?tbid=%tb_id0%Avira URL Cloudsafe
                    http://www.powertodolist.com/FNUM0%VirustotalBrowse
                    http://www.encode.ru/FNUM0%VirustotalBrowse
                    http://dnl.imtoolpack.com/Dnl/config/250/IMToolPackSetup.exe0%Avira URL Cloudsafe
                    http://www.cyberlink.com/products/powerproducerFNUM0%VirustotalBrowse
                    http://www.improvision.com/products/openlab/FNUM0%Avira URL Cloudsafe
                    http://www.trimble.comFNUM0%Avira URL Cloudsafe
                    http://mark0.net/soft-trid-e.html0%Avira URL Cloudsafe
                    http://wiki.panotools.org/Hugin_Main_windowFNUM0%Avira URL Cloudsafe
                    http://www.pitrinec.com/pkindex.htmFNUM0%Avira URL Cloudsafe
                    http://www.stardock.com/products/objectbar/FNUM0%Avira URL Cloudsafe
                    http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=96200.10000001&type=3&subid=00%Avira URL Cloudsafe
                    http://psycle.pastnotecut.org/portal.phpFNUM0%Avira URL Cloudsafe
                    http://wrath.t35.comDEF0%Avira URL Cloudsafe
                    http://get.games.yahoo.com/proddesc?gamekey=chuzzleFNUM0%Avira URL Cloudsafe
                    http://www.idrisi.com/FNUM0%VirustotalBrowse
                    http://www.crystaloffice.com/maple/FNUM0%Avira URL Cloudsafe
                    http://joost.endoria.net/icontweaker/home/FNUM0%Avira URL Cloudsafe
                    http://home20.inet.tele.dk/hexmaster/bcs/tech_ref.htmFNUM0%Avira URL Cloudsafe
                    http://www.anrdoezrs.net/click-1714332-39962790%Avira URL Cloudsafe
                    http://www.jockersoft.com/english/codecinstaller_index.phpr0%Avira URL Cloudsafe
                    http://www.overdrive.com/FNUM0%Avira URL Cloudsafe
                    http://www.oatsoft.org/Software/RemoteKeysFNUM0%Avira URL Cloudsafe
                    http://www.crawler.com/help/default.aspx?src=tbmenu&b=2&m=CR_Options_Help&i=an0%Avira URL Cloudsafe
                    http://panks.tripod.com/DEF0%Avira URL Cloudsafe
                    http://www.think3.com/en/product_development/thinkdesign.aspFNUM0%Avira URL Cloudsafe
                    http://pencil-animation.org/FNUM0%Avira URL Cloudsafe
                    http://sweetheartgames.com/FNUM0%Avira URL Cloudsafe
                    http://wiki.openstreetmap.org/wiki/ProtocolBufBinary#File_formatFNUM0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    www.jockersoft.com
                    		172.67.130.88
                    		truefalseunknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.mmedia.com.twFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://darchiver.narod.ru/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.ddisoftware.com/qimage/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.rdg.ac.uk/ITS/Topic/Graphics/GrGImagi01/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://iesdp.gibberlings3.net/file_formats/ie_formats/chr_v2.htmFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tng3d.com/index.phpFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.cadifra.comFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.ortim.deFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.smartdraw.comFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.smalleranimals.com/pickaxe.htmFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.maxthon.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.emeditor.comFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.iti.deFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ecards.funutilities.com/ecards/000204/Family.html?tbid=%tb_idCrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.bars.lg.ua/slim/#introFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.godot64.de/german/welcome.htmFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.applian.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.com/designersCodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.saba.com/products/centra/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.hitmill.com/programming/vb/filetypes.htmlFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://developer.valvesoftware.com/wiki/StudiomdlFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.astonshell.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.redzion.com/setup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.litsoft.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://apple2.org.za/gswv/a2zine/Docs/DiskImage_2MG_Info.txtFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.photofont.comFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://iesdp.gibberlings3.net/file_formats/ie_formats/sav_v1.htmFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.lancos.com/prog.htmlFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://mwolson.org/static/doc/muse/Introduction.htmlFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.crawler.com/help/default.aspx?b=2&m=CR_Options_Help&i=CrawlerSetup12.tmp, 00000004.00000002.1928040294.000000000223F000.00000004.00001000.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.muvee.comFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.cyberlink.com/products/powerproducerFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://dnl.crawler.com/dnl/config/250/CrawlerRadio_Setup.exeCrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.dr, is-4A847.tmp.4.drfalse
                    • 4%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://wiki.mobileread.com/wiki/WOLFFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.teambg.com/iesdp/FilesFormats/WEDformat.htmFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.realtick.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.galapagosdesign.com/DPleaseCodecInstaller.exe, 00000005.00000002.2883515655.000000001C5F2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.tsp.ece.mcgill.ca/MMSP/Documents/AudioFormats/CSL/CSL.htmlFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.idrisi.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.powertodolist.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.encode.ru/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.cloanto.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.epocnova.com/mediasafe.htmlFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ecards.funutilities.com/ecards/000307/Wedding.html?tbid=%tb_idCrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://dnl.imtoolpack.com/Dnl/config/250/IMToolPackSetup.exeCrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.improvision.com/products/openlab/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.trimble.comFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://mark0.net/soft-trid-e.htmlsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://wiki.panotools.org/Hugin_Main_windowFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.pitrinec.com/pkindex.htmFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.stardock.com/products/objectbar/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://click.linksynergy.com/fs-bin/click?id=OEteVqYv4Mw&offerid=96200.10000001&type=3&subid=0CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.dr, is-RD52J.tmp.4.dr, is-4A847.tmp.4.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://wrath.t35.comDEFsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://psycle.pastnotecut.org/portal.phpFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://get.games.yahoo.com/proddesc?gamekey=chuzzleFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.crystaloffice.com/maple/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://joost.endoria.net/icontweaker/home/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://home20.inet.tele.dk/hexmaster/bcs/tech_ref.htmFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.anrdoezrs.net/click-1714332-3996279CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-4A847.tmp.4.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.jockersoft.com/english/codecinstaller_index.phprsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.000000000278D000.00000004.00000020.00020000.00000000.sdmp, CodecInstaller.exe, 00000005.00000000.1859628883.00000000000F2000.00000002.00000001.01000000.0000000B.sdmp, CodecInstaller.exe.0.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.overdrive.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.oatsoft.org/Software/RemoteKeysFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.crawler.com/help/default.aspx?src=tbmenu&b=2&m=CR_Options_Help&i=anCToolbar.exe, 00000007.00000003.1920075576.00000000023BA000.00000004.00001000.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://panks.tripod.com/DEFsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.think3.com/en/product_development/thinkdesign.aspFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://pencil-animation.org/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://sweetheartgames.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://wiki.openstreetmap.org/wiki/ProtocolBufBinary#File_formatFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.quinnware.com/list_plugins.php?type=inputFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.aerofly.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.vernier.com/products/software/ga/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.crawler.com/search/dispatcher.aspx?tp=dic&qkw=#search#&tbid=#TbId#CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-RD52J.tmp.4.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.yanceydesktop.com/eBooks/ebooks.htmFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ecards.funutilities.com/ecards/000506/Thank-You.html?tbid=%tb_idCrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, is-AVISQ.tmp.4.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://jss.sourceforge.net/moddoc/psm-form.txtFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.cimatron.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://droid.sourceforge.net/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.orcadpcb.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://nsis.sf.net/NSIS_Errorsetup_CodecInstaller_full.exe, uninst.exe.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://cfg.crawler.com/cr_config.asmx/getCursor?CursorID=%currentcursor%CrawlerSetup12.tmp, 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.00000000023BA000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000003.1920075576.0000000002425000.00000004.00001000.00020000.00000000.sdmp, CToolbar.exe, 00000007.00000000.1902365334.000000000057E000.00000002.00000001.01000000.00000018.sdmp, is-ADSTV.tmp.4.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.vernier.com/soft/lp.htmlFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.hilgraeve.com/htpe/index.htmlFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.avery.comFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.macdisk.com/conven.php3FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.accelrys.com/cerius2/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.b1.org/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.opendarwin.org/projects/xar/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.tdsway.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.teambg.com/iesdp/FilesFormats/CHRformat.htmFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://iesdp.gibberlings3.net/file_formats/ie_formats/bif_v1.htm#bifc_v1FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.planetsquires.com/firefly.htmFNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://vp.video.google.com/videodownload?version=0&secureurl=STRNsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.solidworks.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.idsoftware.com/games/quake/quake2/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://paulbourke.net/dataformats/tp/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.pgp.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.familysearch.org/eng/paf/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.teach2000.org/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.crawler.com/legal/about.aspxis-ADSTV.tmp.4.drfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.oracle.com/FNUMsetup_CodecInstaller_full.exe, 00000000.00000002.1867825999.0000000002981000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    172.67.130.88
                    		www.jockersoft.comUnited States
                    		13335CLOUDFLARENETUSfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1447786
                    Start date and time:2024-05-27 02:58:54 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 9m 49s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:12
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:setup_CodecInstaller_full.exe
                    Detection:MAL
                    Classification:mal52.phis.troj.spyw.evad.winEXE@9/96@1/1
                    EGA Information:
                    • Successful, ratio: 40%
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 99
                    • Number of non-executed functions: 53
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target CToolbar.exe, PID 7764 because there are no executed function
                    • Execution Graph export aborted for target CrawlerSetup12.exe, PID 7428 because there are no executed function
                    • Execution Graph export aborted for target CrawlerSetup12.tmp, PID 7492 because there are no executed function
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    21:00:01API Interceptor1x Sleep call for process: setup_CodecInstaller_full.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    172.67.130.88https://bing.com/ck/a?!&&p=92ed91860cbcd455JmltdHM9MTY4ODA4MzIwMCZpZ3VpZD0zZDIxNzhmZS05NmE1LTYzZDQtMTlkNy02YmQ3OTdiODYyNmYmaW5zaWQ9NTEzMw&ptn=3&hsh=3&fclid=3d2178fe-96a5-63d4-19d7-6bd797b8626f&u=a1aHR0cHM6Ly9zZWJpbmdlbmNsaWsuY29tL2NhdGVnb3J5L2Jsb2cv#ZXJpY2EudmFsdGVyaW9Ac3dpc3Nsb2ctaGVhbHRoY2FyZS5jb20=Get hashmaliciousHTMLPhisherBrowse
                      http://bing.com/ck/a?!&&p=92ed91860cbcd455JmltdHM9MTY4ODA4MzIwMCZpZ3VpZD0zZDIxNzhmZS05NmE1LTYzZDQtMTlkNy02YmQ3OTdiODYyNmYmaW5zaWQ9NTEzMw&ptn=3&hsh=3&fclid=3d2178fe-96a5-63d4-19d7-6bd797b8626f&u=a1aHR0cHM6Ly9zZWJpbmdlbmNsaWsuY29tL2NhdGVnb3J5L2Jsb2cv#bWljaGVsLnNhcmRvdUBldXJvY2xlYXIuY29tGet hashmaliciousHTMLPhisherBrowse

                        Domains

                        No context

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        CLOUDFLARENETUSMV XH DOLPHINPDF.exeGet hashmaliciousLokibotBrowse
                        • 104.21.85.101
                        WQs56g5xeC.exeGet hashmaliciousDCRatBrowse
                        • 172.67.25.118
                        xA4LQYIndy.exeGet hashmaliciousDCRatBrowse
                        • 172.67.19.24
                        Remittance#26856.htmlGet hashmaliciousHTMLPhisherBrowse
                        • 104.26.13.205
                        http://y6ss1.shop/Get hashmaliciousUnknownBrowse
                        • 188.114.96.3
                        https://instahilecin.net/Get hashmaliciousUnknownBrowse
                        • 104.21.72.53
                        https://sweet-moonbeam-28ccf4.netlify.app/appeal.html/Get hashmaliciousUnknownBrowse
                        • 104.16.117.116
                        https://origines-decoration.com/Get hashmaliciousUnknownBrowse
                        • 172.67.70.50
                        https://kruekanlogin.gitbook.io/Get hashmaliciousUnknownBrowse
                        • 172.64.146.167
                        https://interface01.nsxtlmv.workers.dev/Get hashmaliciousHTMLPhisherBrowse
                        • 104.26.13.205

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Program Files (x86)\Crawler\CTipsDef.dll (copy)

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):445576
                        Entropy (8bit):7.227975262606489
                        Encrypted:false
                        SSDEEP:12288:/GYEtrBgAq3cLqfvc52ON5si9ywqXGZPa3epgys51Xir6:xEYZcLqfvc52ON5si9ywqvOpgys51Xie
                        MD5:1BC2BCE3BA4B493085E4FD0A72698548
                        SHA1:2505EC7978B8C728D230D042187C0FB65A9439F2
                        SHA-256:B0B95F9C6AC425B7E0BB2010259B57133E88784ACC4CDAC36721009263155F02
                        SHA-512:A1CBA28C41DC9788A0615EC1F01CC0356C7C322BBEF78D67087A381074879870086E4021CA77BDA85198008C1A19C3A1CEB063F93502AC2D28510DA0998EC0F8
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 17%
                        Reputation:low
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*<..n]..n]..n]..kQ..x]..kQ..)]..I...o]..I...g]..n]..:]..kQ...]..kQ..o]..V..o]..kQ..o]..Richn]..........PE..L...{..K...........!......... ......P0.............................................................................. ...s......P.......L.......................D... ...............................H...H............................................text....r.......................... ..`.rdata........... ..................@..@.data...............................@....rsrc...L...........................@..@.reloc..X........ ..................@..B................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\Crawler\CToolbar.exe (copy)

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):2558088
                        Entropy (8bit):6.984123807515807
                        Encrypted:false
                        SSDEEP:49152:Z8a7VprRMwRiw39enoa8OpRqWrTPa/FOP:37Vdt68OpRqfFy
                        MD5:EC506EE0F7F493C09DEFC911CAEDFD08
                        SHA1:9CBD68C69A8A8426472FFF6087F5E074C7AD209A
                        SHA-256:9BDF501B298A48B82F0B791342A7BD5C183C567D64AE0C633A3BAE50EE1824E0
                        SHA-512:2ED0A8E1DEE2C0CAA381A9EFB4BA8360014A7A1F914A5AEBDD584065342F9BA80430CC1A3ABD6FD47C82F400E1A153FDFB3D5BEED6305C5B3EDE0965C4ECA0C8
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 22%
                        Reputation:low
                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....Q.M.................j...~.......~............@...........................'.......'..........@..............................j4.......|............&.........p*..................................................4................................text....X.......Z.................. ..`.itext.......p.......^.............. ..`.data................n..............@....bss.....^... ...........................idata..j4.......6..................@....tls.................@...................rdata...............@..............@..@.reloc..p*.......,...B..............@..B.rsrc....|.......~...n..............@..@....................................@..@................................................................................................

                        C:\Program Files (x86)\Crawler\CUpdate.exe (copy)

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):219648
                        Entropy (8bit):6.577379111754162
                        Encrypted:false
                        SSDEEP:3072:k6lEwA+M5hB4PpoBvGmWe8ATkkhBR7w5z4nsY4uYV4a9qWFmBYLpNXdnZ0x+H+Qs:1lE3IPpoBOVUmRqWgYNpdn7Oj
                        MD5:F26A0D32FC349033CDAE3438E44A62A5
                        SHA1:0BEA3B5046FECE31C9CD180977BC5AA6645B9991
                        SHA-256:FEF7A4ABAF2FAEE1DF509D8DE5B4E1B0004CBA63B00EE31ECFA642C69CE097CF
                        SHA-512:2FFC236A62E7F05918F1A82BF684C0EAB8A90D73723399E4EDCE67A4ED3A89FD253FC460348FAE846316030753E5215504F4D25097BDEBEF7A485A3BC0912E7B
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Reputation:low
                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................4.............@..............................................@.......................................,...................P...5...........................@......................................................CODE................................ ..`DATA................................@...BSS......................................idata..............................@....tls.........0...........................rdata.......@......................@..P.reloc...5...P...6..................@..P.rsrc....,.......,..................@..P.....................Z..............@..P........................................................................................................................................

                        C:\Program Files (x86)\Crawler\Languages\TBR5_CS.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 19900 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):19902
                        Entropy (8bit):7.988226404122076
                        Encrypted:false
                        SSDEEP:384:CdkxZ3taeHfsYIyPa3+DCjwwEIAcl9l1kUzlXdp6wgj2Y9KI:53taTAPUkCjZEeXJXHlVI
                        MD5:A247A96D7D93EB54F6EE44312E768580
                        SHA1:D4D5F45389BAADA36DF682D1F8DF4BFF48DD015D
                        SHA-256:0A2F249393A6233B7859544BA279FF7E0624D3AD4C0BB7837F7E7D05298E7A5A
                        SHA-512:DA7B2EBD9C926F360745E0ADA95C07568C1559A36B871F7C4E389C4D097486023C933DF264719026C68033E8C2EA74D2A8D38B45888196282FEB5841352EE80A
                        Malicious:false
                        Reputation:low
                        Preview:MSCF.....M......,...................b.......@.........$>W] .info.ini.....@.....$>.x .language.ini...).u4..CK.}I..H..=....(.6.B......b.Tj....V..`.3.._.p.{.;.8.:Tb.5..Z..A.M......#.K.{.H...C.Z...F..4..fo.....f...G_,.=.al}...e.h...2.X~..W..%.........eU.b....Y~..i../........6.......:...;......IVLn^].91..xQ..nu...G.l....2.$O...T7...)....rR'N..LhZ..m....W..b4.~c..E.,.^.y.../...^5./....j.w.._.-.b..Q.-.;..W}.../J....^..Qc).M..pb<.~55V...O7._]......z.....j.1..1[53LP...}.../.....(~....\.....I9.~E...|S...1....~.......z.F.._7?`..L.....&_....>lL...Yi.h.(..qqyQb......1.q..~5.G.,.._..z.....I..tV..1.78...{Q..O.. ..i...O_=z...-......W.?t.._...c..L.}......V2...:I.5.-..r^..O,.'...K4...~35..v..7..%..6.{...i.._=..+.@...+cI.f.j.).m..y=)...W.1>.....V.WF>k..]cV...hm|...LplX.6N>...zo..Y.....".."OOy]......6...^....v.;"N/.bn<...e.<..........).7..k...\T.hu^6..y.-F.P..Xl=.)]...)c...l.ye.......V"#.2...I...4 ..4.!..%..........2...Yi......F{f....8_.US~^Oi..s.\...=..g..jr.f.

                        C:\Program Files (x86)\Crawler\Languages\TBR5_DA.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):17468
                        Entropy (8bit):7.981885608922213
                        Encrypted:false
                        SSDEEP:384:mR97EpOhx85Rx1CYBmteokLKK38rxpQ1rjy2jwOovKHk1wbK+XpVsceuYb3t:mR9EpsWD3CYWeoQKhpQ135wniEGzscet
                        MD5:7C94D8B0553F4E1DAA3CF34992240633
                        SHA1:E7C5D1B3B2EBB45B0B125DF8B740076B64BCDB03
                        SHA-256:7F930E0607DED61E411F4B4880595CADA100B44C025C5746D2BE56D976425B1D
                        SHA-512:885E49CAE177E4D6315123FF799003B539945AFD0927D66B53D75B23375C28B0F6D6DADCDE3BC5AC4616A8E5BB1D79D1A4EC6AC067826B974C4D608BC2659294
                        Malicious:false
                        Reputation:low
                        Preview:MSCF....:D......,...................b.......?.........$>w] .info.ini.#...?.....$>&x .language.ini.z../3..CK.}[..F........e..i..dD..i.\m.e+........S.J......`.gw...6./.....%.K...A..RY.....n+. ..8..\../&..?}....A6..^.......N>....rF.........u7_-..$..X.y...n.....7WW...<.+...|.._fO^...m.'..j.M6..Mw..f.fW.4....f.X...r..f.....e?.........[.....[0_0..w?/.9...,|...v..l....k.U..].?].L..gim^...f...?.gYw..l...O...r..!..../.5\.r.EQ5....,{..v....5.g.-..6?......l.s|....i.M.e6...o..%..h..|....JI.e...ly3.I.p....|...l..f..j...Hx/B..+...W/.e......l..&......l.{q....+..[f......1...sN..`.W...iW/..iC?.&8E.......6.....*.=k78l._....m..n....;X=X....e..Y..].<......N.N..Y.;..vw....K.d...o....P..4../K.j....3xl..k.V...Lf....0{.I...`......f....$..o2<[......N6D....p!...y;.f...j9.h...'.c..z.........9...y.6...|.~..e.......6HU6.)P....i.Y.`.`.2}.Y]..t...z.sP.=......kX.o......V].[.....~.]"MV....x0.X.2e..A.|.......D..s..h.....%.....j.Z..p............. `....(.m..L..Z_.,..~...XLa

                        C:\Program Files (x86)\Crawler\Languages\TBR5_DE.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 20613 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):20615
                        Entropy (8bit):7.98653056904033
                        Encrypted:false
                        SSDEEP:384:VAOZiOZz3onl04m4JE+1ibJzEXB+bGoYPcg7FYglRWJTme5cUEgbuYGIMkJ7VIYu:V/iw7ol0HeQx+uGoYEgFYgl0pme5jB+H
                        MD5:0737C58AD124D69BE05DEBEBEFCD1388
                        SHA1:A99FA0ECEBC825A7A840C0B991BD3A7FCB9B59BD
                        SHA-256:14566B0A2E75151D63C7B4776B47DBA76595238BE553F6F2CA300EC495CAD207
                        SHA-512:4AA82A6FE720865D66A728144C056A50264729E1147802E4FFBD7070B80B130D4A2AB22DC6C46CAC4F88E33C1C743C8496C79490291C4681A3FDCB484E9379AA
                        Malicious:false
                        Reputation:low
                        Preview:MSCF.....P......,...................b.......B.........&>.A .info.ini.....B.....&>.A .language.ini.b..|.4..CK.}..F..}.~...r.R.d...6. #$.uZ.dM{0.0+.U..d.L.U..7X`.........W[o.O...G.e.4.....<..........EU..g.y.{.y.}...m.,6e.,?...m}I?.r..W.....i.m.zg........D..Q.].te].6.......3O....k..}Yues..6..e.8yY.mW..E.#.G.x.;o....h....n.*...>.1=.<...\.3.@..S.X..5..t.)..Y.r7O.5...fW_:_^U.USV.W.W....j.v.W.u.7.~..Y.<.........'....4.Y..E.s...r^.w.....9..fQ6.e.l...YVe[..e..0..F~..a....p.z].P....A`.rY.0....x.~...*.....).....W4g.......v..n.C.N.....b..V.5l.S,.M........O...C...].St...W..>.b.b.....^>q..X+..#..^.n,...;.`..`......+w......z.k.t.....f.+. u.1.........yr.z.H..V+..q.h..[.Xu .....0...u.rT.T.,...i.[\.<~r^....sm.....?Od...p9.....C.Ls/....}........h.K.-..g.....|..LuqQ...k.I.............t..Z.......S$VxQ..._}...{R'.%Ld.....,V....N...U....=.\.q...z.......X....+.n7.a.r.........Z..[....f.L......Z..?!uNf.W......u..0}..c...D.F..0:. ..`

                        C:\Program Files (x86)\Crawler\Languages\TBR5_EN.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 15401 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):15403
                        Entropy (8bit):7.981608866887037
                        Encrypted:false
                        SSDEEP:384:1tYTBLxgrZ2CCrmgvu61Sv4DLXDGCvsnsvIrQ:1tYTBLxQfgW6HXNKQ
                        MD5:5AAFA358570747EED1CAC05917B75CF1
                        SHA1:2E27FDBAA1568C2ACFC59273E7E558EDD629D3C1
                        SHA-256:6199FBBA173500937A61AD85AA2653471FA73762D40EA0A0EAE8B80DCE8B1833
                        SHA-512:89C627C2DDAE33A7A7F0355C229E1D4C3F53F88515A05F1003934668531FC02E30DA94BFE0AE72CCC8DDAC3E49DA3E950DD4ABC6680BAB05B8E69CEF9EFE6885
                        Malicious:false
                        Reputation:low
                        Preview:MSCF....)<......,...................b.......B.........$>.] .info.ini.....B.....$>Zw .language.ini...j.P2..CK.}..6..#...&d..j.$H.P,....[1..V...NLL..XU..J.&3U....'....G.'... ..Y%.....n..$.....;...n......W....?;..7.7.mWw..?.._]..vu.\.7....n3,.U..H.O.....*.............,S.Y..>$..t.l.%.>..W..j.%..b5l..r..N..w.M.....y.y..3f3fX...\w[.1+..3[......c....M7..............'C.n.n....].$...v.^v..nu.Xu.(K..YY...w.u..u[....+L^f.n...%....O.....L.....n..p.[-....`)./D.s..L..?.+..InZ|.y..........r.......7.b../....e..v..qA.~.\m........n....7..;...?d...4.7..M............f..............d...1#.<9...Z/..*.Yl.....Q.....g.......o.U.i..6.x..js.DV........".YS...5^.......u......=.,R.RW.].@.$rt.../..[.L;Y...l..<Ppa.....-..~u..Z-..6.[...)F.%k.K.W....[,.~H.L:..............|...T...n..bG/<.E.......vC.V...].\'?........2..Q....M.X...l..../.3.+.U..f._E..^|..2....>.6....0.M%r.qS..m..on.l..\....H..p}.....VV*UJ....|p.7x!..O..[lo.6..^,...M.3l..... ../....D...u]..c....../....2

                        C:\Program Files (x86)\Crawler\Languages\TBR5_ES.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 20947 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):20949
                        Entropy (8bit):7.986691318896878
                        Encrypted:false
                        SSDEEP:384:6jyYgXieP7Z69u/Djp0enwDRD4LsvnzSb9wQ5ok1hJ+IUtGVb+6u3:6WY2i2Zku/vtSDjmbZ/1/+IvVb9G
                        MD5:90E92491AC7B38D915C309840B98A94C
                        SHA1:8F3673AA4F26B40F2C3959CBB5194C8668F9D8EC
                        SHA-256:166A01F04306ED1C11D611A21C5A16DF2E1A0156F103CF5B4D12EB5DDA891742
                        SHA-512:6EE5E890914C1FDA9D8403FA702F8AAEF97133C4C61F8AA78C167F2CA4BF1F3A13CE88AC075D2D73D7D8C0F8888FE98BB3D0607D0CD10E3FDB5D481446FCA8AC
                        Malicious:false
                        Reputation:low
                        Preview:MSCF.....Q......,...................b.......B.........$>.] .info.ini.x...B.....$>Yx .language.ini....J2..CK.}Ko.F......Fu....d........jPU..n.\\\P..D...&3U%....f7.Zz...;o...'.K...Wf.l.......G0.....UQ....^t_..........VeRv....Y../.......o...u......\7.\.<y...l.gY:o...r[.M.F..W..Z...eu.....<q6E[8.f....u....u.-.bQ=....jZ.....B...`H.i.).de..6..@K..IV...+.m..mu...T.Fn...^h.?.5|.....j\..e~..q.p.w.a....W.]..7..Eg.....%...%..S..lW.t...,....w7.6...K.r.,.....n:\.....8I.~...+.......(.#.)..M.:.rY.~..~....?t....iiM.M...D5.k.....Y.4..........=.....^...J8.b.(..h.E{S8.b.+./..0.D.%.x.[6...ng....s[..,..+.bY|....E.'..|...g..U...a-NY;.Lk.....0.M]-..........:...j7m.,.x,.biN.j...y.w.k.k........vX\W.\....z.6....X........|....o...Z..bi.h[..5.;...i....h..9I....R..Y....r].H.gg4!.<.s.a.'d...........D...yS-.+...Y....Y..D^.U.<.1..i..f.lh. (...Xh.r...._..(w.D.!..y...rW7.....g..K..9.h...6}o5.....:yS..M..h.5<.D.v.d...B7...0..w..y.*.r.2..p ....0.}...)U.....Py

                        C:\Program Files (x86)\Crawler\Languages\TBR5_FR.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 20917 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):20919
                        Entropy (8bit):7.986544815310402
                        Encrypted:false
                        SSDEEP:384:2pUmt/tl5GAruYysvLxL0H/dvUAIeepfhkHm9dWTVPI7RwzDM:2J/5VLvdofdc9eeayWZw7RwM
                        MD5:342E30FF5F43B7AFFE7762E6AB81858D
                        SHA1:0774BCB76DFDF531D6897A2D7635754DCE8BAB90
                        SHA-256:770BF64B1FA2BA0C8E6F350E9A751C19A261342168AD83F3F13D36C8A8D38A2B
                        SHA-512:25359273B7EED3F36F9D8FDFCCD1B9B90B2B4D511444195F816C807C667BBFC5DF57D55D1F1F64412E72B988B084B59EE58ADACB6D4CA847768C8712B1D68031
                        Malicious:false
                        Reputation:low
                        Preview:MSCF.....Q......,...................b.......C.........%>.D .info.ini.....C.....%>.D .language.ini......0..CK.}I..8..=...J/D{f#.I.))Q..E....[...Fc 7..+.L.....7....(`.......%..Im.xD.r.A7*.P\..}.=...i^V......7.U.x_~..n.g..H../.xRWW..j.j..._.X4mYW..........q.g...cS;..Y.MW|..$.....)......o..W}y.W..............c[Vm.o6y._....E.4..>......%..=..="="H".....H.{2..h...7].T..M.wEL#7K../4.?>)..u......R?N...e].t...3G.k.e.:y.A.[..3..[gW4.3..X.3.M...s........hp(...eq"..x...p~W\8.M....z{...;g[wE.x.)V..h....=...|{.'.I=..U.....H~..M....M.......fw.qs.qu.7W..WT.N...`#4.. .F`X...~)_u}.i.Z3......C.MqU.]....6.J.*?1...'.}..N....yu......n.)W.d@..+.........W.....%,......z...#..\.F@..\.F,....,...q@.q=..Y..|..t(..Us.Z"`.........n.....[A.Fn?.N.;+.Kg/.6.3.\..Y......c.:....>.].>Q....__..e.....S..%.(...y].~........I...y....\. 2%....3.n...........H.*...*...7.:x.F^...i.Ag...u~.{._.i..`.I.....&.C..m...uSWe...3t/..=x..)..O.E[o......SJ2....t ..F...?*.$..Z..e.rl,....b._....?.V

                        C:\Program Files (x86)\Crawler\Languages\TBR5_IT.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 20397 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):20399
                        Entropy (8bit):7.9864526439670795
                        Encrypted:false
                        SSDEEP:384:AsJWJOp4+bvBUG+YDwxZarp9fU+1h8rCOqSmyCHQDcT2EC1hg6:HJWJqrBUEDAZ298+T8rCOBmyNDcT2X
                        MD5:41C7EBC7FB45DD8115B2C016092B070D
                        SHA1:BF5E0FB10C292D499856D69ECE6EE22666CABBB2
                        SHA-256:8660B90D804144D137EAB8E9BECC4711CE9D253E37A1FB387BFE6A6643438D27
                        SHA-512:F1DB5A2F8FB6A54E56749B31F6AA43B435B044B08B1BE7CD34002FECADA14232327683FC7925134FD034C9C6D1B9CDAEC20D5F133946547D8846CEFFAB7AEEC1
                        Malicious:false
                        Reputation:low
                        Preview:MSCF.....O......,...................b.......C.........$>+^ .info.ini.....C.....$>3x .language.ini.`.t..4..CK.}.$..].....b.....N.)....r.6U...............E.t.a.`...m0.A..{_.......f.Ed.HI@.....W[...W...u......b......'?......]S..O~..[....}.j.u...m...[...O.........4i..p.l;o.z.z....).dQ ..j...;...z.y.f.-:...Po..e.w...~.j.M.....|-_T... .A...r.m:<:....]\...}...<..7.u.o.;\..$.B..@.=k.o...f.Z..BS.y....k.y..yg/.....Q..4.7.3o.b.w.~..{k{YC....[...mV..v.....[v.4...V...*.')..u.h..2..M...z...t....m..u.....m.tw.Z.I.r.a..U..9.X.I..o...B........U..hg.EGk..6.}......Y...lh...p...[.C.5...^.....Bka..^...^.x......M.w.a.....z.!"..R/...m.^...xC/k..n...i.9{.m.l..u.o..*..*....U.....'>..."?H%....E..Q.];,E...-....V..n.5....y.z........]gxE..U^....Y7[".?.....#..D...3-M..M(tD.s....M.x..w....a.UiY......).....</..~M.h...-......pL.x.,.~..WxQ.dAi.)M.77mG.tGt.v.E.....m..A/.t...5.B.=......J..HS..j.....]..ITi.c.....;...;.3.Q.v..5B.,.gC.mh...D.(.h!x....#6_.....D.[.};H..Y.2....a_..

                        C:\Program Files (x86)\Crawler\Languages\TBR5_NL.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 17781 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):17783
                        Entropy (8bit):7.981962141161374
                        Encrypted:false
                        SSDEEP:384:VlgHswUKo9jU1rnUdhehtu+9Mpp8bqArYAwE7nVcJQ5TjMIL8r:V+Edj6nxtuUWp8uuBNjMIL8r
                        MD5:AE70274EB6218D89EACDA75AEC6C547A
                        SHA1:CE67F3C0D4F4261F1AE76F777F2774FEBAA6313E
                        SHA-256:49E6B1664EA68B0A8788500C3C9D46F8F60BC9E3BBCE42E03AC3EBF20D086BDE
                        SHA-512:3A6CAA7F5B672A660CB77B4EFFCD84E477A9ABB15CA62610E27165C326880C520E8A928AB408F11611B22E711EF3977D6EA0B1E0698C3AE7CF297397D4ED4D40
                        Malicious:false
                        Reputation:low
                        Preview:MSCF....uE......,...................b.......D.........'>wK .info.ini.....D.....'>PK .language.ini...>.u3..CK.}..F.......,Z.Yt.H......(i$u.U-iw.....UMUV2....{a......w...;..I.I.....#....h.,.........j6..._}.....e.._].mw....7._..vsK...W.n]mV._..z.o.M.....|xF.gE.|Q~YU.ns...w..a......us...v}[oV.o..>Z......6.}.Eo.....].....D.p...F....]_U.......V.^....4q.Zw.nSuM}.U.]...F.".%......1q^..rS..u...w.v....v...GS.p.t...7.....X;...Z7.}..7.....e&..S~_.4..c}W.U..Wu......&.n.n.U..YwQ....8.O....<.........2zl~.D..^.no.......c.s.e....z..3X..........{qX5.w.kow..}E...?6.....`gpc..}.[......._%....m...{...n...o...x...B.o~..B.....a#.$..n.=Tw..|w...Fn..D.Mt........>...J..p[.C.h1...F.2/.R.4...'x..1U..u...4.wu..q...,M.-t.Y.[.....j......W.jE....@.......e../_.......Bu...}...\$....-.J..c<.3.o.)"..6.o....).'..7..\...HS..j..].9.4..u>./.u..>.0.....Z...e.x!...v.h..R,...C..........=4]`..j}.Wk..X....6j7.#.F..._.....57V..#_.^.m\i.....w{:.r[.%n0...}.....4.".J....s..~....x.U

                        C:\Program Files (x86)\Crawler\Languages\TBR5_PL.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 18529 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):18531
                        Entropy (8bit):7.984652842340794
                        Encrypted:false
                        SSDEEP:384:POthZ5tGjrlj277j8HTujDs0o9sWDSOyLxQfRxFrtgtC9I:PIvtcrlaYgDs5/JZxVtMCO
                        MD5:381D15E1B6B59900C8E4CFB2EB9E35AC
                        SHA1:C471DF6935A8D33A52C4C0C748AD86BA036E7376
                        SHA-256:85A7268DD680912DE4B8458621F4EE1B01581003E3E19826431E2BD0C5E506CC
                        SHA-512:808EF661D2BC0935330D0385950777F00F2278902B37DC8ECC82C42739E745A5402853CCF99CCA601D0CEEC145ACE7DAC69C409B33899742E6DD4821B513CE60
                        Malicious:false
                        Reputation:low
                        Preview:MSCF....aH......,...................b.......@.........=;.V .info.ini....@......<r{ .language.ini..k...5..CK.}.$.y...!x..).t..PP.81..D..5.,...73.V.."..S...&D..zEh..z...d.../.'..;'.Y...F.@.D.f..3........j.w...p...c.........W.?..^^..O..fV}........ui.?.}.4]............./.^.X".j^...iV..O...1....rW..b.6.}..J.^.L<..u=.*.x...:qZ..F..m...Q..zYl...7....,~u....&G._..p...4...\.ie.L.(...lrS..x.r.>....CW..za.....0...`~....1....X....T.......]IaT.7......G1.t.$.,/~............7....4~\...~..{c.>.k.;.l.+.X}U.kn..|....c..../~.%tk;.q...8..jS,.O.t..c=..~..Kc.7/........(V8.brS..EU,1.i.8..~.......aw6..R..+..+......m......E....i4..8..1-_.0....~;...`SpF.r.....6*c?.n.........Um..\<......Ev.%..............~n;2.@.....oI;....o.be..&.r......s..Jd4|.>..... .. ..c.1...r.f.2:.....6.e.E~..=3..X\m..n[..^...9Y....._1.........k/....OQ...2....jrS......g...cg"..`..m.(H.\.!.._\..$.....4K.\...k1-.?.%..I....#V.7.....^.x#xE}....|3.......GZ......0."..z.#.].rh.V..

                        C:\Program Files (x86)\Crawler\Languages\TBR5_PT-BR.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 19933 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):19935
                        Entropy (8bit):7.988570153438695
                        Encrypted:false
                        SSDEEP:384:ICqj/szKiWtOfYVkvn77WPoRzvD7+tnoEyKIuu+HlOFZg:ICqj7rSyyHWPuzvDgIuhwFa
                        MD5:47BA28593D52E1FA6F9148CBB5FBDA56
                        SHA1:C393C9272CC4494878B721C38F20CFCB83D9B1D7
                        SHA-256:C358D1E20304A4DF4F2BBCEF21476C855F01DE3250ABDA6EB7BEC1338A6A79B0
                        SHA-512:B22783AEE601CC3092999B442D27C83F559D2CB82FF7A3C49D1A110083C5DE692D940130FCE9A6A229A054DB90C4006028B98507776FB1815FB36A373B59C4CC
                        Malicious:false
                        Preview:MSCF.....M......,...................b.......R.........$>.] .info.ini.^...R.....$>Kx .language.ini...q.X2..CK.}..F..^....DdJ.P..q0..J..F)..CEHJT...>w..J.NO..)$...U.@E...%...6...'.%}.5N>.P..4..z..h.......=)......./..z...u...*..>.j...fs.....z_uN.]...y.......M.=t..^4..A.."J...U.8..Y......Gt.Rx*...........o.us..m.,......ov....r.l.......^Q.u...s?{.....'.'.H..?..F..I.fY...?...j7.i.NB...o|..7.v..wU..../2?I..j...g....s..b...g..&...;..FS..zW9M.t..0......r:.}.`.4....u..P|..0J.l.-J..}....S.k7.?.nn.5..j..._....p3.{a.l.n.K...e..f....i^u.7h.*W.a,R.YT..g.|.Y5.._....[a".@....yU_..o....;..y................k..o_<{..s.j .....r....V.I...)..~.>v..'..<..'~...{A+....|.....R.^....E....G.E.n..<..:4...B[.ox...q.=.>..c0.....I|.f{.>.'~.d.>..u.b^.>..._..K.aa.%...dQ...*..^|[..fMkQ......E.e..j...WU[sW...........-+.Eu.4...+..HI.I.q.....G..z .^V$.r..S.P...3.4:6i^.J..f.6...`"...Ks.O.n..U.c.....f]..P.p....\..|.a~+].K.^..B&.A'^~[o.R..U:N.S.w.....|I#.aZ..Az..

                        C:\Program Files (x86)\Crawler\Languages\TBR5_PT.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 20404 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 2 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):20406
                        Entropy (8bit):7.986356193538562
                        Encrypted:false
                        SSDEEP:384:qXzAanO+CdTJ/zeaApTWoaWN3JrcJeiX+DVk5MbXg0iibbZsrN:qXzAavaAzaWJJr75Vk+bXnnZsrN
                        MD5:5BE10C60E31ABEBAB205EAE9FDB082EC
                        SHA1:450F966D33B60712AFB45218FD2B6CA5DB2449C3
                        SHA-256:8720960D846DFF584C8EB8CC485A82090B08BD349A33B3CD2C0A9B04DF90EDA3
                        SHA-512:79040C6042C7ADFDF33BBA8003C93EA31A2D76A2EB623B8337EFAD757EF85ADDF0F19772014F89184DFB337D30A1465E1BF200031AFF9E4B3190306A2E3CB551
                        Malicious:false
                        Preview:MSCF.....O......,...................b.......D.........$>.] .info.ini.....D.....$>@x .language.ini..._.#2..CK.}K..F..]......c..".tw...t:...GNeIB.`.`F.2...F..YUB.v......).a..tj.E.....d.......=,ZRg....gf.[...^...<.~xY.i..'g.M.yV..t....'..~9...m.}..U...*.N|._..6|?.B."}v...j.o^y...\.....5<f.J......Yu..W...[.m...^m.N./v......l[....e.... {...'.n.L.4K...SAdT...i...S.M..M}U.M....S5.....O........~..Y...{.]]....;jf....m...>N=...t...vYo.....7}...m..~.%.lU....%...4.t.8.Pk..$=..?o.....kx.+..W.R.../6.z../.M.Vt.|..p....8L.zU.x............t.....^.vS.Rz..V.o.-.n..R.f...,l.f.h.W.6.r.-6..XFq....J.....+X....ia"..3lM.#.0.O..'.}...u5...v.._....FK\`...?..u[...v...<.C...... .8...Xq..k...3?.*}..jh........C...H`.+..~K....n...v;.Z.g`c..x3......~#O.<.v..;.o..P'L.8H.~..#E=.....E(...xY.k.e={]m..Y....!.E......].....S.X.K.o...(g.y..W"?.."E.+r..^.+...yx..AV$..@V._`..~..26Z...u...........@>..K....~....g]..n..e..9.M..[.q....... S...u.'.M...=......R,....v.,..o@.

                        C:\Program Files (x86)\Crawler\Languages\TBR5_RU.cab

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Microsoft Cabinet archive data, many, 20289 bytes, 2 files, at 0x2c +A "info.ini" +A "language.ini", number 1, 3 datablocks, 0x1 compression
                        Category:dropped
                        Size (bytes):20291
                        Entropy (8bit):7.989885430758288
                        Encrypted:false
                        SSDEEP:384:1uQ+j9Z3OuLYbmNT7vnhfkIs3KyHKmp/TC/9HYtcityTGaapJb9h2z++1P:83Z+u8m17v1kIyVKg2/hY6KXqz++1P
                        MD5:3B87F2F1DBFD58853130B0E4EFC69822
                        SHA1:5D040D1BF63777CFC82CC6B84ACE4A78F4D70BF7
                        SHA-256:61748F48074AC7218D13677899F7E7C155DCAA959D74736B12BFD7D195F51A05
                        SHA-512:D66114A43F10C5A3C96C4E8FAC777B160F389339BF7F3457DF083CF98CE65F456B7959E6A5438129007491B7A35D199CC80F72EDCFCAF6E601C23532A8C6D237
                        Malicious:false
                        Preview:MSCF....AO......,...................b.......@.........$>.] .info.ini.....@.....$>Rx .language.ini.5...+*..CK.[[...~W..Ci..Q.h...+.....,....I....h.".....m`.A..+.Z........4..../T...%{..Y.U.....YrOW...9............+'.|.A..........wN}.>....W..8.......-}....g7...K.D.x...P........x.....lkvev.8^.A,.......2.])..J...+...l{vk.e9)..8.N.7...-.m...!....v...4vH.N.Q.[N....9..&...z'_.5..BfrP.+.E..L;...._+O.Ay.v.]>...9...F......1...K...27..A....vA.o`..Z..m...*.N..v.C.>..h...C...`.|]N..p...*....,.hI.:....,..c.W....-.x..@d....3.ZNi~#c..o.wev.......KH...1..)...f..8..A...U..Mu...E.;t...*.d...n..9#........w.y....N1.O;.o...O...z{..>=..T...1.?b..q.M....R!...jv.w8..Z...?...oGGi.........}5-.....0b...|f.?.F..^f7.V,].......734.1.L....^............7.....A5~...'....h.|A...x..E,..7M....B_<..Y+./.R.v|.y..i.......o ..K.H+.%..........X....0.E.-...,BW<......w.j...Hz..s...t.#.Xg......}`.eL.*<e.{.P.....9........)......6.}vq.......@.p...-.....F.1.&9M.`...eE.x...$...fF.:PJz...

                        C:\Program Files (x86)\Crawler\TBR5LanguageAct\info.ini

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):66
                        Entropy (8bit):4.769561308943036
                        Encrypted:false
                        SSDEEP:3:U2sJlNuZdAYgKaFLsUhLVLP:0JXuiDxVLP
                        MD5:53AF18B3E044ABD6EE40508FD77F7CD8
                        SHA1:7FE5C167784AC656B79C126630176F139A16EFA0
                        SHA-256:98C0A5D49B7A8C63753D4F0F31459775F3EC9B0DB1EB0B4D4C6FAB2C40BABD02
                        SHA-512:643ECC069EBE14752F1CC66F541E36AB01D70DFEADACAEDD33272CDBD442922CAF95C1F400D431690240840F76F22BC785EA2CBAE4C3B237D0CACDDA6B8F1EF7
                        Malicious:false
                        Preview:[Main]..IsUTF8=1..ShortName=en..LongName=English..Version=1.0.0.13

                        C:\Program Files (x86)\Crawler\TBR5LanguageAct\language.ini

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:Unicode text, UTF-8 text, with very long lines (418), with CRLF line terminators
                        Category:dropped
                        Size (bytes):40341
                        Entropy (8bit):5.335279404414363
                        Encrypted:false
                        SSDEEP:768:G9OR62N3sLZ9vk5KHUHG3Z8ejEeATMab89TATtNgdYOzXUav+Z3:pd8fkJYlATMr9TATNZ3
                        MD5:242162E4E65F2396B15009FF83516736
                        SHA1:D520FC37BA4E9C54D94AC76374FD401E8AB21A74
                        SHA-256:93103FC6B3E93C5E9D87131C9BD3A133F34E17B526193043D01E63E60676F35E
                        SHA-512:E17B34E8325F7D06E5449B1D8956B5E6785F4ED95FC19ED6869BD7B44061DA2C1811488CBF6DB7907F94C837B4EAF2773A5C1F569198A6EB6009A84C25E545BC
                        Malicious:false
                        Preview:[Main]..00466AF6=Card Number:..00E5831A=Click 'Next' to continue uninstalling %BRAND Toolbar...013E13C3=Target:..014EA21E=Alternative Address..02CC0569=Quick Web search through multiple search engines..030BE715=Language Settings..034C251C=Do you really want to cancel current download?..03598748=Your current %BRAND Toolbar settings have been saved!..037EE7F2=%BRAND_LONG has blocked an application from changing your default search settings.#13#10#13#10Click here to change your default search settings...0383016A=Type your search term(s) in the text box and then hit Enter or click "Search"..03D92D9B=General Settings.....03E23F81=File Download..04223D6B=Open Facebook Wallpaper Gallery..04408F0F=Plugin Version (): ..04581BF9=Update Settings..0478EC7E=Time synchronized at %DATE%..0553DEF0=Install Smileys & eCards..057CF892= Skin Settings ..05AA32DA=Automatically search from Address Bar..05BBA681=Help Us Improve %BRAND Toolbar!..05FBCBCE=Daily..05FE5D65=Enable Search Bar..060BAB36=Auto && Bike

                        C:\Program Files (x86)\Crawler\adrkeys.dat

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):93
                        Entropy (8bit):4.085910758671591
                        Encrypted:false
                        SSDEEP:3:tgRR10S4gy278S4gy2O9DwS4ID:2Fr4gXP4gXu4ID
                        MD5:387905FA62CAB4A010DDE9CC8B6C85AB
                        SHA1:B2F2AB6299DDC2D2B130F9BBC6880A58D434BC99
                        SHA-256:0BA15EDD750ECE73ABE6F03FF0BC115255553B85B3108DEF5AF6FB230FB8EB7D
                        SHA-512:F7C8831F61CF7DEE5E7ABC99E7B7F0CE3A02655FA55FBFA707855AAFF9DA8CB836BEA95750C65E959F845062CD47761E3182529A827F42E722624C269AC1C001
                        Malicious:false
                        Preview:crawler=http://www.crawler.com..search=http://www.crawler.com..google=http://www.google.com..

                        C:\Program Files (x86)\Crawler\confirm.dat

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:ASCII text, with no line terminators
                        Category:modified
                        Size (bytes):9
                        Entropy (8bit):3.169925001442312
                        Encrypted:false
                        SSDEEP:3:tPk:tM
                        MD5:205BC73C4AB4286A1FB9D4C18322777C
                        SHA1:8CC7ACB8F360901E81CAB8460B63A515A6E9CE99
                        SHA-256:FE00B67B6DD1143F383553116B83DADCE3502FB0282C3EC4DDAA99F756119626
                        SHA-512:757EFE46F6C7FFDB324AEF75E80B5C26AF05BEBCFC0DDDE7CDB55D1F4391ED9A7541CFC68E3B5D445CAA1D896BAA655B3D04BD62A4D38910D0B6888452E54657
                        Malicious:false
                        Preview:Confirmed

                        C:\Program Files (x86)\Crawler\ctbcomm.dll (copy)

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):1443840
                        Entropy (8bit):7.538098910157712
                        Encrypted:false
                        SSDEEP:24576:xxxehiqoxc5tvMqHUxR7JrWwfwxY+YY2axMXMFnw6kegFbGgtQ/:heloKTvJ2w/Z2axMXMSaDgc
                        MD5:3C1DBCF542A4B2D6C90591C52FE1F99D
                        SHA1:A68BE3F0E6DDEC8C61A2206CAF055DF22F2A495F
                        SHA-256:2880949839ABF544833AF2B3AB82B3C62B3F524F20DAD13D628113EEF0171E96
                        SHA-512:7545EF067AD1C7B04FD4E45C5728EEFDA83FEF3405991BC745D2AAF4EFC69FFE40D02B75E44C5914A4E53635687461AAABDC2C1B1518695CAB5BFA7077D6A8A7
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...j..K..........................................@.................................<...........................................^'...`...R.......................t..................................................................................text............................... ..`.itext.............................. ..`.data....9.......:..................@....bss.....S...@...........................idata..^'.......(..................@....edata...............<..............@..@.reloc...t.......v...>..............@..B.rsrc....R...`...T..................@..@.....................`..............@..@........................................................................................................................................

                        C:\Program Files (x86)\Crawler\ctbr.dll (copy)

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):1228424
                        Entropy (8bit):6.648949057646524
                        Encrypted:false
                        SSDEEP:24576:qk1fR/1vwc6hAUMK5QxoWcfadg2f84j7LRcvJT7kdQuOs:qk9R6DAdVg2f8YRcRT7kdp3
                        MD5:888CF0C3ACD148574FBEE1994A2AE890
                        SHA1:7E2E3B154B288B5987B9243B817E2F0D861C3324
                        SHA-256:730A3D954FFB37D820CE42E203E18C99408EB0FB8A5103F28F2D5DF67AC5331C
                        SHA-512:2504F14927B046839DAF78688B05C984C0B5F4122D1BA33614175C5B647092D72A48C703E6AB7A44C4D1334F03E21D6B66B682BB279EBF7E4D6DE6830F9B407C
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 25%
                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....Q.M.................8...f......TH.......P....@..........................0..........................................A......../.......a................... ..|....................................................................................text....,.......................... ..`.itext..l....@.......2.............. ..`.data....2...P...4...<..............@....bss....TO...........p...................idata.../.......0...p..............@....edata..A...........................@..@.reloc..|.... ......................@..B.rsrc....a.......b...@..............@..@.....................T..............@..@........................................................................................................................................

                        C:\Program Files (x86)\Crawler\is-4A847.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):1228424
                        Entropy (8bit):6.648949057646524
                        Encrypted:false
                        SSDEEP:24576:qk1fR/1vwc6hAUMK5QxoWcfadg2f84j7LRcvJT7kdQuOs:qk9R6DAdVg2f8YRcRT7kdp3
                        MD5:888CF0C3ACD148574FBEE1994A2AE890
                        SHA1:7E2E3B154B288B5987B9243B817E2F0D861C3324
                        SHA-256:730A3D954FFB37D820CE42E203E18C99408EB0FB8A5103F28F2D5DF67AC5331C
                        SHA-512:2504F14927B046839DAF78688B05C984C0B5F4122D1BA33614175C5B647092D72A48C703E6AB7A44C4D1334F03E21D6B66B682BB279EBF7E4D6DE6830F9B407C
                        Malicious:true
                        Yara Hits:
                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\Crawler\is-4A847.tmp, Author: Joe Security
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 25%
                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....Q.M.................8...f......TH.......P....@..........................0..........................................A......../.......a................... ..|....................................................................................text....,.......................... ..`.itext..l....@.......2.............. ..`.data....2...P...4...<..............@....bss....TO...........p...................idata.../.......0...p..............@....edata..A...........................@..@.reloc..|.... ......................@..B.rsrc....a.......b...@..............@..@.....................T..............@..@........................................................................................................................................

                        C:\Program Files (x86)\Crawler\is-ADSTV.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):2558088
                        Entropy (8bit):6.984123807515807
                        Encrypted:false
                        SSDEEP:49152:Z8a7VprRMwRiw39enoa8OpRqWrTPa/FOP:37Vdt68OpRqfFy
                        MD5:EC506EE0F7F493C09DEFC911CAEDFD08
                        SHA1:9CBD68C69A8A8426472FFF6087F5E074C7AD209A
                        SHA-256:9BDF501B298A48B82F0B791342A7BD5C183C567D64AE0C633A3BAE50EE1824E0
                        SHA-512:2ED0A8E1DEE2C0CAA381A9EFB4BA8360014A7A1F914A5AEBDD584065342F9BA80430CC1A3ABD6FD47C82F400E1A153FDFB3D5BEED6305C5B3EDE0965C4ECA0C8
                        Malicious:true
                        Yara Hits:
                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\Crawler\is-ADSTV.tmp, Author: Joe Security
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 22%
                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....Q.M.................j...~.......~............@...........................'.......'..........@..............................j4.......|............&.........p*..................................................4................................text....X.......Z.................. ..`.itext.......p.......^.............. ..`.data................n..............@....bss.....^... ...........................idata..j4.......6..................@....tls.................@...................rdata...............@..............@..@.reloc..p*.......,...B..............@..B.rsrc....|.......~...n..............@..@....................................@..@................................................................................................

                        C:\Program Files (x86)\Crawler\is-AVISQ.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):1443840
                        Entropy (8bit):7.538098910157712
                        Encrypted:false
                        SSDEEP:24576:xxxehiqoxc5tvMqHUxR7JrWwfwxY+YY2axMXMFnw6kegFbGgtQ/:heloKTvJ2w/Z2axMXMSaDgc
                        MD5:3C1DBCF542A4B2D6C90591C52FE1F99D
                        SHA1:A68BE3F0E6DDEC8C61A2206CAF055DF22F2A495F
                        SHA-256:2880949839ABF544833AF2B3AB82B3C62B3F524F20DAD13D628113EEF0171E96
                        SHA-512:7545EF067AD1C7B04FD4E45C5728EEFDA83FEF3405991BC745D2AAF4EFC69FFE40D02B75E44C5914A4E53635687461AAABDC2C1B1518695CAB5BFA7077D6A8A7
                        Malicious:true
                        Yara Hits:
                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\Crawler\is-AVISQ.tmp, Author: Joe Security
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...j..K..........................................@.................................<...........................................^'...`...R.......................t..................................................................................text............................... ..`.itext.............................. ..`.data....9.......:..................@....bss.....S...@...........................idata..^'.......(..................@....edata...............<..............@..@.reloc...t.......v...>..............@..B.rsrc....R...`...T..................@..@.....................`..............@..@........................................................................................................................................

                        C:\Program Files (x86)\Crawler\is-HEK6I.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):219648
                        Entropy (8bit):6.577379111754162
                        Encrypted:false
                        SSDEEP:3072:k6lEwA+M5hB4PpoBvGmWe8ATkkhBR7w5z4nsY4uYV4a9qWFmBYLpNXdnZ0x+H+Qs:1lE3IPpoBOVUmRqWgYNpdn7Oj
                        MD5:F26A0D32FC349033CDAE3438E44A62A5
                        SHA1:0BEA3B5046FECE31C9CD180977BC5AA6645B9991
                        SHA-256:FEF7A4ABAF2FAEE1DF509D8DE5B4E1B0004CBA63B00EE31ECFA642C69CE097CF
                        SHA-512:2FFC236A62E7F05918F1A82BF684C0EAB8A90D73723399E4EDCE67A4ED3A89FD253FC460348FAE846316030753E5215504F4D25097BDEBEF7A485A3BC0912E7B
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................4.............@..............................................@.......................................,...................P...5...........................@......................................................CODE................................ ..`DATA................................@...BSS......................................idata..............................@....tls.........0...........................rdata.......@......................@..P.reloc...5...P...6..................@..P.rsrc....,.......,..................@..P.....................Z..............@..P........................................................................................................................................

                        C:\Program Files (x86)\Crawler\is-RD52J.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):445576
                        Entropy (8bit):7.227975262606489
                        Encrypted:false
                        SSDEEP:12288:/GYEtrBgAq3cLqfvc52ON5si9ywqXGZPa3epgys51Xir6:xEYZcLqfvc52ON5si9ywqvOpgys51Xie
                        MD5:1BC2BCE3BA4B493085E4FD0A72698548
                        SHA1:2505EC7978B8C728D230D042187C0FB65A9439F2
                        SHA-256:B0B95F9C6AC425B7E0BB2010259B57133E88784ACC4CDAC36721009263155F02
                        SHA-512:A1CBA28C41DC9788A0615EC1F01CC0356C7C322BBEF78D67087A381074879870086E4021CA77BDA85198008C1A19C3A1CEB063F93502AC2D28510DA0998EC0F8
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 17%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*<..n]..n]..n]..kQ..x]..kQ..)]..I...o]..I...g]..n]..:]..kQ...]..kQ..o]..V..o]..kQ..o]..Richn]..........PE..L...{..K...........!......... ......P0.............................................................................. ...s......P.......L.......................D... ...............................H...H............................................text....r.......................... ..`.rdata........... ..................@..@.data...............................@....rsrc...L...........................@..@.reloc..X........ ..................@..B................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\AUTORUN.INF

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:Microsoft Windows Autorun file
                        Category:dropped
                        Size (bytes):48
                        Entropy (8bit):4.319773835029478
                        Encrypted:false
                        SSDEEP:3:It1M7LHLaJREJOXLNn:e1MPH+fgOXLN
                        MD5:622970263861DDD6E91DCFFDD6824107
                        SHA1:6D98EFB397BD9899B86B6BB1756F426B6A4F5B4D
                        SHA-256:12F1653A6D90AB20DDF878D277283E1C2E041B47819FD5C79837FD14F711CF32
                        SHA-512:F4C8F7F3A720BA8B5F440CAC2A843D440BBE85333F45449D6BEE93B5DA18A5BC899CC868232829F7392FD12F2BEE8E5FBA9DDAC1DCFF45E92D8D3E07F810DA75
                        Malicious:false
                        Preview:[autorun]..icon=App.ico..open=CodecInstaller.exe

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\App.ico

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:MS Windows icon resource - 5 icons, 16x16, 8 bits/pixel, 32x32, 8 bits/pixel
                        Category:dropped
                        Size (bytes):18718
                        Entropy (8bit):6.485522596710265
                        Encrypted:false
                        SSDEEP:384:rI7talueT02qdGaMcfltdJhjjLZCR1cUXhhx5wTIUhlP:retalu1bGaMcfzdJhvNCROUXhhxAr
                        MD5:71F4FB8A1D84BCFE35B9B4CE5E97FF00
                        SHA1:F66E638283928ED05F9E2B736FE6A9B1B762F3DC
                        SHA-256:ED49BCE7DE8FD99A9B4AFAC7F32BB216FE8F1270D73B512910F369DCE328FE19
                        SHA-512:B7FF333B20CA75D27B388991D49B6CCF901A750C471C96ABB9B24D7A3B8B9CCE13029CC98DD7FC16826C905153A6F8F5FF2FD984E87CB5B775F47977256EC867
                        Malicious:false
                        Preview:..............h...V... .................... .h...f... .... .........00.... ..%..v#..(....... ...........@.................................R.....{{{..........................|I...l.................................................................qqq..2P.....................%W...U...I...=...1...%s...P.................HH..%%....................s...P.....................W%..U...I...=...1...%.s...P...........\..N.....................b...J.s.2.P...........g...V.........................xxx.XXX...........w...{...k...v...Q...X..c..U.s.J.P.2..........p...i...|...p...c...Z...P..vC.s.%.P.................x...n...d..wC..l7..q;.....s...P................}...l..P...i..xC..~K..p=..V .P......................t...r..O...J..r=.._+.P2..................k...o...]...h...b...\..e1..d...............u...o..f..........~H..\..wA.2P....s.............s.H.W.%.U...I...=...1...%s...P...............k.H.H.%.%..................s...P..................H.s.%.W...U...I...=...1..s%..P............................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):1065984
                        Entropy (8bit):6.015020402956652
                        Encrypted:false
                        SSDEEP:12288:UeuaOrS/rc/jW8hT64KPM50naSlPNW4/wSOYExZ8UwlPOAsuEy7LM:Ud2/rc/jW8TK050nHlg4/wSUA7sl
                        MD5:0A7C0374DA795E987E1F490B495B82F5
                        SHA1:5A576A1FAEF8A01F2B32431C2D50B0B80ED25BB5
                        SHA-256:C712F8EE22AE98E0F7D8E58C518687BF9D53F0C8B7AB38E75AC5F37F35C98940
                        SHA-512:6951C7B46AB68701A7EF459A2BC9A8EB68854DFBE31D4374EB2A73E79E01CC3250A653F9DF4E3F6CF05B9E18A59062FF446FF5B3C9791EA8461C583FF2B3DF06
                        Malicious:true
                        Yara Hits:
                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe, Author: Joe Security
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......O.....................T........... ... ....@.. ......................................................................l...L.... ..ZP........................................................................................... ..H............text........ ...................... ..`.rsrc...ZP... ...R..................@..@.reloc...............B..............@..B................H........u.............@...`v............................................9.....{....9.....{....o......(....*....0..k............(....s......s....}.....s/...}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....{....o....o.....{....o....o.....{....o.....{....o.....{....o.....(.....{.....o.....{.....o......{....r...po.....{.....o.....{.....o.....{....r...po.....{....o.....o.....{....o.....o......{....o....r!..po.....{....o.....o.....{....o....o.....{....o.

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe.config

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):1299
                        Entropy (8bit):4.679795913429784
                        Encrypted:false
                        SSDEEP:24:2diIK0m4499gK14Ev+XQqX1EWv3fDvDfKPeVvWSv1fDviv:cjrNK9gNqRQEWnDTKP4uSFD6v
                        MD5:A1DCF560794500B152866E3923DF9482
                        SHA1:A7285D5035A97942A1F045E92492F6C2A7875CF1
                        SHA-256:5B1822D8EBB70D9DA37E21C20EE66765D6F955661A87385349C6ECC366209431
                        SHA-512:A5AE6517D42F875B9C9046EE4D902377D6B12AC97DBE65082B0C6224BCCB4B5C8AE271F59B61CF757331222F52B103DD3A61EE0B6BDB0ABF1C7540AD8707911F
                        Malicious:false
                        Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="CodecInstaller.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <CodecInstaller.Properties.Settings>.. <setting name="updateEvery" serializeAs="String">.. <value>14</value>.. </setting>.. <setting name="AppId" serializeAs="String">.. <value />.. </setting>.. <setting name="updateMinusLastcheck" serializeAs="String">.. <value>-2147483648</value>.. </setting>..

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe.manifest

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):483
                        Entropy (8bit):4.981484871227995
                        Encrypted:false
                        SSDEEP:12:TMHdt43O5WigVyOXIlSN9aMN2U5NciC2xA5NEz:2dt4+lglIINwMPgi0K
                        MD5:729E2F8A47ECDD530E33ED274A25AD50
                        SHA1:B48C4F2C44D9163F6C4489C9C1F6157310839E89
                        SHA-256:F5E6F3F89D7B15E0392E7969F8873F54215EB664D59AFD7E52850702D82480FA
                        SHA-512:BCD3012052C8A830DC1C6E25F95AD2A3A193B90B083C6BED65F8277696ACAE99F4A2C942E1EC93A8236D3FA2F4947FA6526C4D0D18CF6BC0B986952B73B68512
                        Malicious:false
                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="2.10.2.0" processorArchitecture="X86" name="CodecInstaller" type="win32"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level="asInvoker" uiAccess="false"/>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.pdb

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:MSVC program database ver 7.00, 512*739 bytes
                        Category:dropped
                        Size (bytes):378368
                        Entropy (8bit):3.9774364091285506
                        Encrypted:false
                        SSDEEP:3072:c6wvnvL3PiO4QNI995a7yGJRd4CVoRag2fpIIlHQfj6LjyIryALky5:c6w/vL3Pp4QyvGJRZdPnFQf+TrbLky5
                        MD5:D5461C2F5E226CD5BE6243F16363E0DA
                        SHA1:89FDCE1C83EC97BC637211572CBFDE9479122DFA
                        SHA-256:9C94E695C39B6C062454480F6FD2C44976BD30769D9857794AC6ACF336CB4783
                        SHA-512:E0BFE5D73A102320D68FC6A004412055BCA6BCFDB7A31C3470E23115AE0559E362AD39350789D9AD0BDFD7BD505926304B1F6F441D4A1439B88A00345E402605
                        Malicious:false
                        Preview:Microsoft C/C++ MSF 7.00...DS...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.url

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:MS Windows 95 Internet shortcut text (URL=<http://www.jockersoft.com>), ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):51
                        Entropy (8bit):4.522012901519396
                        Encrypted:false
                        SSDEEP:3:HRAbABGQYm/0S4y8RLDn:HRYFVm/r4yuD
                        MD5:A73C315EFD75FD1299B72FDCA6BD5BC7
                        SHA1:422E9398B1C128C4368199522CCF5D0C4C9E9239
                        SHA-256:CB37BA56836A96290D182CD45A2FC5BBC02A94144039A85819694FAAF7A612F6
                        SHA-512:ED7675FBA9969F5A518B4BBCC9523810580164091E28A08296EB5ED4D7741102F314F3CC49727164DA151FD67DE3E864645DC7BCB13827C1DDF16A0E0AE7E320
                        Malicious:false
                        Preview:[InternetShortcut]..URL=http://www.jockersoft.com..

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):2911760
                        Entropy (8bit):7.995272355682231
                        Encrypted:true
                        SSDEEP:49152:7dEcBcF8uyzpe7D/rqvAp03AsZ+ekzaUHWEznr3ZDT0G5NnjS:PRdw7nqop03BZ+eSYq7Bb5pO
                        MD5:3AFF13BDB88B4D57D41DC605A18738C9
                        SHA1:B8C33AA7FE67CF8552721167F1B91D821F67808E
                        SHA-256:79F37E9818DE57BE68D81288C2E3D3F470E62E3F3677476F46EAEE293628896A
                        SHA-512:34CB6AB85F51FE607F00BC7CC38B7F2B2F299F2820E12D026B24D0CED8C2A50F44F76940F9A611A1ED5E056D36F309F38F101BDA978C0BB3C4E0DCB1EEC5B497
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 30%
                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................T......0.............@...................................,..........@..............................@....P...............Q,......0............................... ......................................................CODE....`........................... ..`DATA................................@...BSS......................................idata..@...........................@....tls.....................................rdata....... ......................@..P.reloc.......0......................@..P.rsrc........P......................@..P....................................@..P........................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\README.txt

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):1073
                        Entropy (8bit):4.868073219222687
                        Encrypted:false
                        SSDEEP:24:mAxOllqajtSDmWWv2JE3qzBoO9dM6x139EeuKzn:mAxhs0HWRazBoOXM63tEe1z
                        MD5:49533D7018227564A355F44EE948EC80
                        SHA1:8E8D6B8996F52B5AFF823E3E64D29EEA7A22CFA1
                        SHA-256:CB44AF9162DAF44F680E339E73353007252DF0252527D0D52BF3E59033A624FF
                        SHA-512:0EC48AFC6DC3F20CA9718F1C9754DD05633647E15039EA4309F59897E424B6198015DBDE5837B8AF3DDA1E0B65252334B186DF18903AAFBE1D2DDF4619CDF86A
                        Malicious:false
                        Preview:CODECINSTALLER....-ENGLISH:..CodecInstaller is a program that helps you solve filters-related issues...It lets you see the currently installed filters, analyzes video files to understand which codecs they use and helps you download and install the ones you really need...With this new version you can also change the priority and the mappings of the installed codecs... ..Please refer to http://www.jockersoft.com for updates and new programs.....IMPORTANT: This program to run requires the Microsoft .NET Framework 2.0 or higher that can be freely downloaded from Microsoft.com website..For additional info and download links please see..http://www.jockersoft.com/english/dotnetfx.php....-----------------------------------------------....-ITALIANO:..Fai riferimento a http://www.jockersoft.com per aggiornamenti e nuovi programmi.....IMPORTANTE: Questo programma per funzionare ha bisogno della Microsoft .NET Framework 1.1 scaricabile gratuitamente dal sito Microsoft.com..Per maggiori informazion

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\TrIDDefs.TRD

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:RIFF (little-endian) data, TrID defs package
                        Category:dropped
                        Size (bytes):1959312
                        Entropy (8bit):5.494800887535293
                        Encrypted:false
                        SSDEEP:49152://bhMSJmy6UC6ko6Ryg3ug7bUhijSpsXqF72qF7O:G
                        MD5:4FC3710A24CA55E158944D824615A4AD
                        SHA1:F246A4FE69F30880BC53E2B6160C5CB78C368F34
                        SHA-256:A95DB8E55A164A7293AAB8FCFB536EF8F5C00BF596C00D5731322A70E73DDEFE
                        SHA-512:3DA1DF75100A79376BD414E56357A79979DD7EF706CC5A32A1A2B4370F55605FB9194344BBE99933F7B4EC97729DB2316364204841B1A869339E41D873444140
                        Malicious:true
                        Yara Hits:
                        • Rule: JoeSecurity_EICAR, Description: Yara detected EICAR, Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\TrIDDefs.TRD, Author: Joe Security
                        Preview:RIFF....TRIDDEFN....G...DEFSp...DEF ....DATA....PATT..........%1BK....INFO....TYPE..010 Editor bookmarkEXT ..1BKNAME..1bk.trid.xmlUSER..Marco PontelloREM H.010 Editor is a powerful Hex Editor with Binary Templates and scripting.RURL$.http://www.sweetscape.com/010editor/FNUM......MAIL..marcopon@gmail.comHOME..http://mark0.netDEF ....DATA....PATT!...........Stable File Version .....STRN..........BIO-RAD SCAN FILE - ID....STABLE FILE VERSION....SCANNER_MAXPIX....SCANNER_MAXQTY....SCANNER_UNITS....SCANNER_BIAS....SCAN HEADER....SCAN_AREA....NAME....SIZE....IMAG.INFO....TYPE..Bio-Rad Scan fileEXT ..1SCNAME..1sc.trid.xmlUSER..Marco PontelloRURL..http://www.bio-rad.com/FNUM......MAIL..marcopon@gmail.comHOME..http://mark0.net.DEF ....DATA....PATT..........2IMGINFO....TYPE+.2IMG Universal Format disk image (Apple II)EXT ..2MG/2IMGNAME..2mg.trid.xmlUSER..Marco PontelloRURL<.http://apple2.org.za/gswv/a2zine/Docs/DiskImage_2MG_Info.txtFNUM......MAIL..marcopon@gmail.comHOME..http://mark0.net.DEF ..

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\audiohex.txt

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):14010
                        Entropy (8bit):5.496183483094533
                        Encrypted:false
                        SSDEEP:192:fGd4BGCynABgH2/j2a9//thtquPhFenv3N0aYgzv9jo:edElqABgc//thtquPhWPDlo
                        MD5:FDA5107D32E905D9B34370B1328D233B
                        SHA1:082E92FA4AC36C0E90D67A4EB8385F792C0B1D7F
                        SHA-256:2E64C1169EFD2C3869170F4B842CFEAF7A2341F9A1B6366EF140E67EB3677952
                        SHA-512:96CAD97FB46149964E8B1FD51B66D7C91C42D6028B8ECD275444A398DC72DDFCE1F276B3012171A5FFD89DED366AA719AE9DD6744CF600BC7599C34B319E90D6
                        Malicious:false
                        Preview:0x0000~WAVE_FORMAT_UNKNOWN~Microsoft Corporation~Unknown or unspecified format..0x0001~WAVE_FORMAT_PCM~Microsoft Corporation~PCM audio in integer format..0x0002~WAVE_FORMAT_ADPCM~Microsoft Corporation~Microsoft adaptive PCM..0x0003~WAVE_FORMAT_IEEE_FLOAT~Microsoft Corporation~PCM audio in IEEE floating-point format..0x0004~WAVE_FORMAT_VSELP~Compaq Computer Corporation~VSELP codec for Windows CE 2.0 device..0x0005~WAVE_FORMAT_IBM_CVSD~IBM Corporation~Not specified..0x0006~WAVE_FORMAT_ALAW~Microsoft Corporation~Not specified..0x0007~WAVE_FORMAT_MULAW~Microsoft Corporation~Not specified..0x0008~WAVE_FORMAT_DTS~Microsoft Corporation~DTS..0x0009~WAVE_FORMAT_DRM~Microsoft Corporation~Microsoft Digital Rights Managed encrypted audio..0x000A~WAVE_FORMAT_WMSP1~Microsoft Corporation~Speech audio codec..0x0010~WAVE_FORMAT_OKI_ADPCM~OKI~Not specified..0x0011~WAVE_FORMAT_DVI_ADPCM~Intel Corporation~Not specified..0x0012~WAVE_FORMAT_MEDIASPACE_ADPCM~VideoLogic Systems~Not specified..0x0013~WAVE_FORM

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\codecDatabase

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):2409
                        Entropy (8bit):5.029535426161535
                        Encrypted:false
                        SSDEEP:48:vcRkhQh3oOGafezFM2L9czCUpkILboxP4kj6v42skeuYB2xgt2RXvY4PlLdaYo/d:vcehQZGafezF5azCUBLbGgO6A2q7B2Fq
                        MD5:0AF4CCDA91335247850E7EEFB84971C6
                        SHA1:3BF6FF33CAAED4016D19E6A181F22CCAE409E504
                        SHA-256:22BB573342A212745C8BB88A794F9F61160F75D0B09FFD1F7049104C367AAD2C
                        SHA-512:133C8D29891391D403EBB2DEF6EF3A7C1C26545DD31E2FF095C3471BC2ABC52D2A2A3FA10200D5CFF24AA3E031C3934DE1D7E8B38F18A10FD2474C02784C332C
                        Malicious:false
                        Preview:VIDEO..quartz.dll..iccvid.dll..iyuv_32.dll..xvidvfw.dll..xvid.ax..xvid.dll..wmvdmod.dll..DivX.dll..DIVXDEC.AX..divx4.dll..DivXc32f.dll..DivXc32.dll..msh261.drv..msh263.drv..ir50_32.dll..R50_32.DLL ..ir41_32.ax..ir32_32.dll..Iyvu9_32.dll..mpg4c32.dll..msrle32.dll..msvidc32.dll..wmv9vcm.dll..pclepim1.dll..vp6vfw.dll..QDV.DLL..CLRAMD.AX..MPG4DS32.AX..VVVIDFLT.AX..TM20DEC.AX..VDOWAVE.DRV..mp4sdmod.dll..wmsdmod.dll..mp43dmod.dll..mpg4dmod.dll..APmpg4v1.dll..m3jpegenc.ax..DivXG400.ax..SubTitDS.ax..bicubic_resizer.ax..windivx.ax..minidivx.ax..mpeg2Decoder.ax..msscds32.ax..wmvds32.ax..wmv8ds32.ax..m3jpegdec.ax..DivX_c32.ax..lmpgspl.ax..mpgdec.ax..ivivideo.ax..DSCinemVideoDecoder.DLL..atidvcr.dll..divx412.dll..huffyuv.dll..ATIYUV12.DLL..ffdshow.ax..vsfilter.dll..3ivxDSDecoder.ax..3ivxDSEncoder.ax..3ivxVfWCodec.dll..blizzard.ax..CLVSD.ax..xl_x263dec.dll..ffvfw.dll..i263_32.drv..xl_yv12.dll..tsbyuv.dll..msyuv.dll..vp31vfw.dll..cdvccodc.dll..pvljpg20.dll..pvmjpg21.dll..pvwv220.dll..rricm.dll..rrvc

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\codecList.txt

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):668
                        Entropy (8bit):4.924063825429866
                        Encrypted:false
                        SSDEEP:12:rf8WhgrBEgxF2RVBJVazROXFmjJWD6mz2P0XWeI/NtXQWv:rarmgxsRVQz6I0tz2Ttlxv
                        MD5:06201C22C32B0A89717F986140F8ACC8
                        SHA1:1EC22EE70CED77C13D6DA70C2C92C30AA04F3FD0
                        SHA-256:E686863B17026CF0FE0000B7580493F79178AD2746B708D83C1490AF7AC39B30
                        SHA-512:D318B23911243FB585CD60F5D0280452FA4AB1A7AB693307D70709DD1696E38A997F711E1B0EAA311448D13186B116E8A3020590AC714DA0C08C70DE3A4902D8
                        Malicious:false
                        Preview:# this is an example of a valid codecList.txt file:..# lines that start with # are comments and will be ignored..#..# STRUCTURE:..# line1 = tag (optional)..# line2 = path of the setup program (.exe) (optional)..# line1 (optional)..# line2 (optional)..# .....# lastLine = add '+' plus the filename of a video file ( .avi o .mpg ) (optional)..#..# to let codecInstaller check if the codec(s) in this list is already installed, the content of line1 must be the tag of the codec. Valid tags are:..# divx xvid FFDShow matroska indeo5 ac3filter vorbis mp3 ofr..# ..# ..# BEGIN example..#xvid..#XviD-1.0-RC1-25012004.exe..#+EXAMPLE_S.W.A.T._Trailer.avi..# END example..

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\codecinstaller_faq.html

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:HTML document, ASCII text, with very long lines (570), with CRLF line terminators
                        Category:dropped
                        Size (bytes):2794
                        Entropy (8bit):4.936654510158556
                        Encrypted:false
                        SSDEEP:48:ImMq1UqWMjo6dxzkZuGgWG6KEuJFfc2XJFaFe3KuOYF3gttKA9IVjMvrAm4SQmMG:SI31FQvGPQFeCYml9IOAwErf8
                        MD5:0258ED35D6E3931AF49E84C7A821CFD1
                        SHA1:371BFCD79DBE06A555C0E25D46DF4BBFC3BA7C1B
                        SHA-256:CE01F0881DCF017F96F0B50814A2B4F7D55C09FBE6974D5EDBECC17D4CBE3FCA
                        SHA-512:55D702D26368C41233BBBC1E67B6D50103120FF8D61EB1A6C9E306BF7CD6BA6EED02372188B3D4025CB32CCE17C2C2822F7B881C54B30EF46E68B953BBF8D9CD
                        Malicious:false
                        Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />..<title>CodecInstaller FAQ</title>..</head>..<body>..<h3>What is CodecInstaller in short?</h3>..<p>CodecInstaller is a program that helps you solve filters-related issues.<br />.. It lets.. you see the currently installed filters, it analyzes video files to understand.. which codecs they use and helps you download and install them.<br />.. With this new version.. you can also change the priority and the mappings of the installed codecs. </p>..<h3>How to Install/Uninstall?</h3>..<p>To install CodecInstaller, execute the file setup_CodecInstaller.exe you can get.. from the <a href="http://www.jockersoft.com/codecinstaller_download.php">downloads.. page</a> and follow the wizard. <br />.. To uninstall CodecInstaller, open the &quot;Ad

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\de\CodecInstaller.resources.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):36864
                        Entropy (8bit):3.666041323287311
                        Encrypted:false
                        SSDEEP:384:ZdSTMkG4mNkO+zlzwgIVWd5722/z/jF9TvEe:ZdSTMkG4Vdwgke5q2/z/jF9DD
                        MD5:8ED0552BE74622C310CF76A586703750
                        SHA1:F55E5F5F006C88EA0D165C2D36C7504C52AC63AC
                        SHA-256:825AD829C91BE5B050F3EBE8E92B0C2F5105611665FD2A9746A3BDEF32E8AE97
                        SHA-512:083FCEF7992166429181F749EEA52D3A0CBF1B18614F6F11931B902B61D5A1106527B35ABF117A7108E04718F66E68EF2C46B2EBA182E0F2D2125D32A5708923
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L...........!.....`... .......t... ........@.. ....................................@.................................\t..O.................................................................................... ............... ..H............text....T... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\es\CodecInstaller.resources.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):36864
                        Entropy (8bit):3.882948561304107
                        Encrypted:false
                        SSDEEP:384:00OMPR/1TzrX7++MAOOOVEIMMR08bDBVVvMy21Xpxcx9h989FA9S9Ife:7OMPV1Tz3+nrBnBVVvJ2Tx7cW
                        MD5:6D0C9C9898D7E32551971A22F7C202DC
                        SHA1:15D604588FCD50D5610DC2E14E50FB00C99A818C
                        SHA-256:7E4C4A70C983AA9171218079486DC3025FA3157F2C15633735FA4EB3929AE442
                        SHA-512:27AA687C99463E13E1FB7435C255EFD6B13A3A41FD285CDDB4D2F5C98C9395EA1F3B7CACE918E877A3092948C8C70F331BE71B689A735711B8885C06639EB42C
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L...........!.....`... .......z... ........@.. ....................................@..................................z..W.................................................................................... ............... ..H............text....Z... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\example\codecList.txt

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):656
                        Entropy (8bit):4.8381440241282405
                        Encrypted:false
                        SSDEEP:12:rf8WhgrBEgxF2RVBJVazROXFmjJWD6mz2P0XWeIWWv:rarmgxsRVQz6I0tz2TtBv
                        MD5:036CCEF594F773F901DBCD56205C2C0B
                        SHA1:1B0CE395B7ED04DBD89800FD534F83CC88E880BA
                        SHA-256:079AB95D86C5587CDB01E7241D79BB144AA3216C7980B295FA96F685A94DA85B
                        SHA-512:7B0D91DD321A3F605EB4507408557DFEA031AA23D698F128344301420792E3EF450F86E819530EA35EE248A7866580D625D22699BA66F3E6FD95D35B53D4F35E
                        Malicious:false
                        Preview:# this is an example of a valid codecList.txt file:..# lines that start with # are comments and will be ignored..#..# STRUCTURE:..# line1 = tag (optional)..# line2 = path of the setup program (.exe) (optional)..# line1 (optional)..# line2 (optional)..# .....# lastLine = add '+' plus the filename of a video file ( .avi o .mpg ) (optional)..#..# to let codecInstaller check if the codec(s) in this list is already installed, the content of line1 must be the tag of the codec. Valid tags are:..# divx xvid FFDShow matroska indeo5 ac3filter vorbis mp3 ofr..# ..# ..# BEGIN example..xvid..XviD-1.1.3-28062007.exe..+sample_video_file.avi..# END example..

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\example\sample_video_file.avi.png

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PNG image data, 256 x 312, 8-bit/color RGBA, non-interlaced
                        Category:dropped
                        Size (bytes):8323
                        Entropy (8bit):7.881855432731324
                        Encrypted:false
                        SSDEEP:192:kf82WnzGNfrHQLV058opiXV4JsPfyK9bUVilTTlseHmh2:kf82aatrHQL2FuVgsnyK9AVil/W8W2
                        MD5:32F45591C2E7CB46AC9999734E260904
                        SHA1:9C23F76BA7B53E7152446C74EAB9B59DE401D35C
                        SHA-256:9B6E4BA2DCB63C3691FF32610ED1417B88FB78D1707ADA393ACFC6DC2176E0C3
                        SHA-512:A4A1CC744805C7F9F8FD7B01B53F17CD3DC2DAC7495F96F4B241C104B378DF4BD0AA7E5CF82BC95B2C185F4602B7943D55139AC8F2DDC3E46581FC25C6C4880C
                        Malicious:false
                        Preview:.PNG........IHDR.......8......[-.....gAMA......a... :IDATx^..JDA.......1....F.A..Y0.0b...`.....Ml..p......^....g.L=L.?........................K}.I..vj:......{7.oZ.......j[.?..p...p...HG.u..#.V.4..y:+..&.>...H]z.i......k3.5...ZCX..#..z..5..t...6C..Y..,.?v.?..*..A..,.......X..........V.`.B....T,......N(XY..+.:P1beJ;TZi..mLhe.58p.-FV...f$%~.........1hzp..r...{....0%R.....i..............>.Wx.eyQb.6s/CWt.S].0.....yt.C....8.|.....ix..Yt.p.o...F./....a...L............. .O..W..kS...".EaI..^7..>._..=......M.it....!..vp.....vdi1:C;..R......%..BU.....(.....D.G5...G...bn\]....%...8t..._+....4N*..[.......d..ML..?.)....?v.{M.<.B.34.L...q<+..3.,mfN..iq..\......@.-.N...+.)8E.._..f...eETe n0.`-.A+kGEj=. .....x9S.,c.f.#.4.A=..O....\.....Y....W ......&..12....7....%.f...}.|6.....=..[....0.9t.16z..#....)....L.5..h.e..(...,.W.3........vB.GV/>.>@..z....4..N.<..&D.1.`-k^..S..6PA......Q.C....FY....wB.S..~rp....ylx...X..\...w..c..^..I...%....[.g.........x..LuB.E.....ala

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\example\sample_video_file.avi.txt

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):1548
                        Entropy (8bit):5.115288472608215
                        Encrypted:false
                        SSDEEP:24:qIAEVgxz7Ni+V2J41krLWVkSvFVhgwVStPTzdMPEdP/Hbz+j9RPZ14bJiPIsU2kQ:3sti+V641iiOcFkwUtPTzggP+16bJFIJ
                        MD5:2A98ABF0866E3CFA742D7737C8AA8578
                        SHA1:6EAAB7B23C27BFDBF1BCEFC1B4758F9E272B5550
                        SHA-256:7201F41C9745DC7E2BA83B086822FBB7230ED6195D3AA4A0F27DB2494644D46C
                        SHA-512:18EC087D666C44FAEC84A3B039CCC186255BF76D5D73C0DA57FCA1A6B1996B54314E6249474C3DDB5A9D2E151B5BEE9E55C8B789D9BE6794C4E5585AB363B517
                        Malicious:false
                        Preview:# This is a sample YourVideoName.txt info file...# Lines that starts with '#' are comments and will be ignored....###################..# DO NOT EDIT THE NEXT LINE..[MOVIE]....# DO NOT EDIT WORDS BEFORE '='..Title=Sample Video File..Genre=action....Source=DVD..Time=1.56:45..Width=624..Hight=352..Codec=XviD 1.1.3..Quality=High....Language=English..Subtitles=..Type=Film..Series=..EpisodeNumber=..Season/Series=..Genre=Action / Thriller / Crime....Director=John Smith..Producer=Robert Johnson, James Williams..Studio=..Actors=..Year=2007..Country=USA ..Rating=Rated PG-13 for violence, language and sexual references.....#Film page at International Movie DataBase..IMDBLink=http://www.imdb.com/title/tt0000000/....Synopsys=The real story of a programmer who wrote something called CodecInstaller.....#Objective comment:..Description1=THIS IS JUST AN EXAMPLE!! READ THE GUIDE TO LEARN HOW TO CREATE THIS..Description2=Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor inci

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\filterdatalib.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):33792
                        Entropy (8bit):5.829009579732329
                        Encrypted:false
                        SSDEEP:768:j4pYoORq5zeh+xgSsJN3pmJJrdm1mzWlyQKErDSqJ:81ORUeNN3pmJJrdm1mzyXlJ
                        MD5:99E9E9A16B2F2D11DC31EC521386DC31
                        SHA1:BD7D30E03F623114161BCDDD3A4D73C3E8B2E2D8
                        SHA-256:7D9A7CCCCE286DDE2425BE3F53BC3032AEC971B03B299A0B68DA058E0BBB38A8
                        SHA-512:C0EA105FBF5EF883ED2880D6ADAF399BE537F87465DC8FF6958F40729B2249B0DA99A4AD9AB6C6AF32B23A140B1C897FE3FC0E15F7D8FBD3D2A779748555F4C3
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................1.....'.4.......7.......!.......&......G..............G.......(.......6.......5.......3.....Rich....................PE..L.....O...........!....."...f......./.......@..............................................................................L...x...............................x....................................A..@............@..............DA..H............text...3 .......".................. ..`.rdata...N...@...P...&..............@..@.data................v..............@....rsrc................x..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\fourcc.txt

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):18148
                        Entropy (8bit):5.370206536058559
                        Encrypted:false
                        SSDEEP:384:LKGEDHjD37O58fiNM/+J4L6V0nTX6E/lpyhYy33AXhOfmpBuW:MDHy6AIF
                        MD5:1A5562EC2979BEDD733C914A296322CD
                        SHA1:F8B2DF22C7EB032BBA28F1EC457201AFAFCEBD6D
                        SHA-256:45D61105D2D628B1D351EE93E8DF531C97355C7D71793C59047ACBF49F309744
                        SHA-512:4BC8EB1C8C9D806CD50ECEEBABC2B5849F697E628AB36B7191D2B33F2F0BDE71334E831DF013EE672C62D7370085FFE70914ED5FAA32476A811D6727FAF2A6E9
                        Malicious:false
                        Preview:FourCC~Company name~Description~Registration date..AEMI~Array Microsystems, Inc.~Array VideoONE MPEG1-I capture.~14-Sep-98..ALPH~Ziracom Digital Communications Inc.~Not specified.~24-Apr-01..AMPG~Array Microsystems, Inc.~Array VideoONE capture/compression.~09-Jul-98..ANIM~Intel Corporation~Intel RDX.~12-Jun-96..AP41~Microsoft Corporation~Reserved.~02-Apr-01..AUR2~AuraVision Corporation~AuraVision Aura 2 codec.~04-Jan-94..AURA~AuraVision Corporation~AuraVision Aura 1 codec.~04-Jan-94..AUVX~USH GmbH~AUVX video codec.~15-Mar-02..BT20~Brooktree Corporation~Brooktree MediaStream codec.~05-Jun-95..BTCV~Brooktree Corporation~Brooktree composite video codec.~05-Jun-95..CC12~Intel Corporation~Intel YUV12 codec.~12-Jun-96..CDVC~Canopus, Co., Ltd.~Canopus DV codec.~21-Nov-97..CGDI~Microsoft Corporation~Microsoft CamCorder in Office 97 (screen capture codec).~10-Sep-01..CHAM~Winnov, Inc.~MM_WINNOV_CAVIARA_CHAMPAGNE.~05-Sep-93..CM10~CyberLink Corporation~MediaShow 1.0.~21-Aug-00..CPLA~Weitek~Weitek

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\fr\CodecInstaller.resources.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):36864
                        Entropy (8bit):3.7151621022512535
                        Encrypted:false
                        SSDEEP:384:UoMwBFfDqOpTRBQ/wR8NEy2jcYz1OHqcI9qK9DtI5ue:UoMwBRTnQoRQl2jcYx4qcI9f9W5B
                        MD5:6F8D4BFB8745DFDC24FC07C8CF9C75BE
                        SHA1:48DE21462BD177781A7C564BF92F481877C7C638
                        SHA-256:67F496BC3D07047D1A576D284817C639E5AA8721201B32C1DD448DED02E1A731
                        SHA-512:5FB6AC0AAFF5722C7ED9C71EBFD6F558F77A67FA3E94A8B4B3A5E433B9B4D15B4E047A52A88EBBA3A7A51C65CA02063D9F5C2B4BEA6C379133260368F2CF127D
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L...........!.....`... .......u... ........@.. ....................................@..................................u..S.................................................................................... ............... ..H............text....V... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\gpl.txt

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):35147
                        Entropy (8bit):4.573442652974749
                        Encrypted:false
                        SSDEEP:768:Mo1acy3LTB2VsrHG/OfvMmnBCtLmJ9A7D:Mhcycsrfrnoue
                        MD5:D32239BCB673463AB874E80D47FAE504
                        SHA1:8624BCDAE55BAEEF00CD11D5DFCFA60F68710A02
                        SHA-256:8CEB4B9EE5ADEDDE47B31E975C1D90C73AD27B6B165A1DCD80C7C545EB65B903
                        SHA-512:7633623B66B5E686BB94DD96A7CDB5A7E5EE00E87004FAB416A5610D59C62BADAF512A2E26E34E2455B7ED6B76690D2CD47464836D7D85D78B51D50F7E933D5C
                        Malicious:false
                        Preview: GNU GENERAL PUBLIC LICENSE. Version 3, 29 June 2007.. Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed... Preamble.. The GNU General Public License is a free, copyleft license for.software and other kinds of works... The licenses for most software and other practical works are designed.to take away your freedom to share and change the works. By contrast,.the GNU General Public License is intended to guarantee your freedom to.share and change all versions of a program--to make sure it remains free.software for all its users. We, the Free Software Foundation, use the.GNU General Public License for most of our software; it applies also to.any other work released this way by its authors. You can apply it to.your programs, too... When we speak of free software, we are referring to

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\hu\CodecInstaller.resources.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):28672
                        Entropy (8bit):3.580575369735589
                        Encrypted:false
                        SSDEEP:384:9e/gXZsMc+fHYOm/gK+ejx3ytyGuCwP8Xja9ejxY2/07Ue:ossMc+fdtAP8Ta9jT
                        MD5:6F2E13394979F60DA5100DB7D6DA4A17
                        SHA1:93D3012F8D31C286B5A5616BCE6AA25AB9DBF4F9
                        SHA-256:3DD146B1F795519FB2D7EAA1A93364047ED2EADD0916CABC4ECCC9AA7EE814E4
                        SHA-512:9092A18033F150CAC3AB6873A8B53EDD55F2DA40FE9BA3D29845430DBA12AD7B3C26B6E653E89D41317BD93C6BEB3630D2A33A7B4F062A4237316A8B29EA9BFF
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L...........!.....@... .......^... ...`....@.. ....................................@.................................P^..K....`............................................................................... ............... ..H............text....>... ...@.................. ..`.rsrc........`.......P..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\it\CodecInstaller.resources.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):40960
                        Entropy (8bit):4.1838715924402425
                        Encrypted:false
                        SSDEEP:384:s9xMq7bsfa1wzyoVdXwWOaOu9U9YrXg9o93aohDMXRv9r9cK2itEOOfdX8xH9O9J:scTC1wzyoZzBukK2itEfmxOybcd9Apc
                        MD5:C80AD1CF4EBE5C7AC0962C91882F79C0
                        SHA1:E12AB6ED4667754EE3025BD3AAF72E4FF33756A2
                        SHA-256:F89A0B07B74A13A869957729CA7AA2C69661AF5DDEDD2FDD3834FD5A3B8432AA
                        SHA-512:E0CD3866D95FE079636726885C86FCE880081C8C6F44EB317623781012A878D04E1F3A71FB6E3F4B5AA88103CD6973031828F131C787E473878491199AC99327
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L...........!.....p... ........... ........@.. ....................................@.................................X...S.................................................................................... ............... ..H............text....o... ...p.................. ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\lgpl.txt

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):7639
                        Entropy (8bit):4.504461845403901
                        Encrypted:false
                        SSDEEP:192:Che7vhVL0qhYqlpIle4RrJQSsOBng4kS/cKM6L:bvjxhYWpce48OngvA
                        MD5:6A6A8E020838B23406C81B19C1D46DF6
                        SHA1:E7D563F52BF5295E6DBA1D67AC23E9F6A160FAB9
                        SHA-256:A853C2FFEC17057872340EEE242AE4D96CBF2B520AE27D903E1B2FEF1A5F9D1C
                        SHA-512:12291AFDBC1DAF063A0829E93FBD95FB8EAC599CFB962408DD900CE261DC1117D3AE2B7FD27B90C3ED69E57C4398A0B678B0FFD1DF8BA7C1ED02D0280825D3AF
                        Malicious:false
                        Preview:.. GNU LESSER GENERAL PUBLIC LICENSE. Version 3, 29 June 2007.. Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed.... This version of the GNU Lesser General Public License incorporates.the terms and conditions of version 3 of the GNU General Public.License, supplemented by the additional permissions listed below... 0. Additional Definitions. .. As used herein, "this License" refers to version 3 of the GNU Lesser.General Public License, and the "GNU GPL" refers to version 3 of the GNU.General Public License... "The Library" refers to a covered work governed by this License,.other than an Application or a Combined Work as defined below... An "Application" is any work that makes use of an interface provided.by the Library, but which is not otherwise based on the Library..Defining a subclass of a class defined by the Library

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\license.txt

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):3379
                        Entropy (8bit):5.217786395883509
                        Encrypted:false
                        SSDEEP:96:r30tfQHnxBZSSvb+OxvJnxvJzJLLQ3N3yDffD4A:IdQHnxBZSST+Obnb9LLQ3N3ksA
                        MD5:5BA063FDF4BD70D67DE0594167610816
                        SHA1:8956FB7F47CE6A32B745DB1CE6194F2B6F02FA32
                        SHA-256:B0103A22B09D58C49E2B5C0FC9576DB3E64B48BB4E01774DB217575A3B3BBE70
                        SHA-512:B59816B48BBED1218830E955B0E120E30D9F8D3986D068F4D95723464BA687791C0B36C69990DFE15973C2DB9F479802DDFDA1A5DF7581E24144FAB160F5119D
                        Malicious:false
                        Preview:License for CodecInstaller:....COPYRIGHT NOTICE....Permission is granted, free of charge, to any person (the "User") obtaining a copy of this software ..and associated documentation files (the "Software"), to deal in the Software with the rights to ..use, copy, publish, distribute, and to permit persons to whom the Software is furnished to do so, ..provided that the above copyright notice(s) and this permission notice appear in all copies of ..the Software and that both the above copyright notice(s) and this permission notice appear in ..supporting documentation. The User accept to use the Software with these restrictions: he can't ..modify, merge and/or sell copies of the Software.....THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT ..NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ..NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED ..IN THIS NOTICE

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\myVideoFile.txt

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):670
                        Entropy (8bit):5.007755684403236
                        Encrypted:false
                        SSDEEP:12:qAQ1R6LvTgxzcbe39OQGgQjEzP64hG6M2A3ljUVuoNMANDSBcML:qAO8Hgxz7NSgqg641MwVuoNMHWML
                        MD5:668B55EFF83076797320F0C77400B41B
                        SHA1:A467D69DAC04B29445171CB3B74003F75545D604
                        SHA-256:D14574A423CC894A326E17D8A66DD03B714D8495211B3C77D50CC36EA8685B73
                        SHA-512:01274CD369C89EF93F7CE35244A4ABF2185D2FE9E1EBB2410345CBB6961D816ADA2AF0AC4AFC19A2F73F105DC955BA9AF781739B14D77973925E228A432B1728
                        Malicious:false
                        Preview:# This is the skeleton of a info file...# it must have the same name of the Movie plus the '.txt' extension..# Lines that starts with '#' are comments and will be ignored....###################..# DO NOT EDIT THE NEXT LINE..[MOVIE]....# DO NOT EDIT WORDS BEFORE '='..Title=..Genre=....Source=..Time=..Width=..Hight=..Codec=..Quality=....Language=..Subtitles=..Type=..Series=..EpisodeNumber=..Season/Series=..Genre=....Director=..Producer=..Studio=..Actors=..Year=..Country=..Rating=....#Film page at International Movie DataBase..IMDBLink=....Synopsys=....#Objective comment:..Description1=..Description2=..Description3=..Description4=....#Subjective comment:..Comments=

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\pl\CodecInstaller.resources.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):36864
                        Entropy (8bit):3.765245993111167
                        Encrypted:false
                        SSDEEP:768:kJrGExT+APwJ2+20m4Ax5s0W5CXBDA9L1zi:6aAPi0k9L1zi
                        MD5:5C498A6203A99434FC5A4ECF8E20EAB4
                        SHA1:4C5D1B1DF0990DCB9703003581EC97DFFA038FAE
                        SHA-256:AFF6896F3C5158D71E139154A8C1999FBFB8DFE078C28369D73BE6633EDD6623
                        SHA-512:3AA283F72365EF02513A85E766E1C58D48650762F8CD6DD4A975B4DFB8DC76B3CDB707AAB27A711979BF8E220AD403411B84EAE52FD0964A9CAED6EF46F4D618
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L...........!.....`... .......u... ........@.. ....................................@..................................t..W.................................................................................... ............... ..H............text...4U... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\pt\CodecInstaller.resources.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):36864
                        Entropy (8bit):3.636590677556212
                        Encrypted:false
                        SSDEEP:384:JUoLp1qOFcvO+sRfBIMme5CMmxNCkLQVIll1L/Zw0ne:J7Lp1qOxCecxNCkLQyX1LW0e
                        MD5:A9C26AEAB68C4226F6F0EC876AFCECA2
                        SHA1:F2CF26652A46FB99C7788C59334587DF43F76E5C
                        SHA-256:EE94B13C056FCB9ED543EF8331CA58CFA552B2FEB1ACEAD7C531C2E258CA5853
                        SHA-512:624B1098B6D5E8459A5806208F6C2D348CA6E07EEDF21A8BDF9C6DC1487F5188B82993C2E5EE11552AEB8412A89C16200AB76FFF8BAE3A3B5D1D577561F1B42D
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L...........!.....`... .......s... ........@.. ....................................@..................................r..W.................................................................................... ............... ..H............text...4S... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\ru\CodecInstaller.resources.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):40960
                        Entropy (8bit):4.1103790192825524
                        Encrypted:false
                        SSDEEP:384:twO3WMCUgnMLpDJ9z0gOQeu6dQFbrGDuSZbvdtiD+8f/lgWz9D/ne:+O32UigpDJ9SQFGDuSZbvUNgWz9re
                        MD5:68F248332186872A02280C2328DDB8CF
                        SHA1:7D2403BD4CE91D5535B13513FA60BA08C190D018
                        SHA-256:95174A995CF302D4C8C127378B93212D39EFDE75D26EA02F017054FDAFB0AF3F
                        SHA-512:B0DF8D852D0E8F15AEF313323EE1248349BA90E6002BA499C1CBCCCA12B17D2D832CC29D5CBF627DD68A4BB99D559C4430A65691C5E1895F66D6CEE5EA8F620B
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L...........!.....p... .......... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text....e... ...p.................. ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\setupHelper.exe

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):8704
                        Entropy (8bit):4.604367254349273
                        Encrypted:false
                        SSDEEP:96:PoKe5n/87+u3+6c2oU4kI12A3jbeQC1B79WOIgUPbJDp3SWdyvc:QKj7+u7oWIoA3/eR9WpgUPeU
                        MD5:5E784011EF3AF92DC1CBAC2136970EE9
                        SHA1:B4154F9D01803200BCDD138C2298E80BCDC5E3EF
                        SHA-256:D2305226172B0030CB3ACAACB1B0A768FB0A1009D2FCE017CAD70B6194B7632A
                        SHA-512:73F52DF9DEA8431CF3F016758C2E351D1964136B693EB98CA5498EFD992F64EA51C2CF4961F5D0082866EE43FFD7B13113D65B310210B3468A8ACE90E3B47B32
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^..F.............................8... ...@....@.. .......................................................................7..W....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................8......H.......0%..............x$................................................(....*.0..-.......~....- r...p.....(....o....s...........~....*.~....*.......*.~....*Vs....(....t.........*..(....*....0..........(......i.>.......%.9.....rC..p(....-C.rO..p(....-Y.r_..p(....-V.ro..p(....-S.r...p(....-P.r...p(....-P+d...(.........i.0..+....(....(.....\...(.....R...(.....H...(.....>......(.....1.....i.0..+....(..........o....(......r...p( ...&*............$....0..?........%(!...(".......

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\sv\CodecInstaller.resources.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):18944
                        Entropy (8bit):4.963564983968288
                        Encrypted:false
                        SSDEEP:384:KAtX14ajHZOr+3EYzfV0XQqTnKcPh120y7EOe:Kg14ajG+0IfV0XQqDKcPhGw
                        MD5:EADE2486B23C212FC549B998CA1C6AA0
                        SHA1:78FB5C371D9BE4CD1BFB71B9E1866D164D1505C8
                        SHA-256:8237757A956B670573BC7C8129F0E712DABCA2640BF6C5168DC683B523072860
                        SHA-512:3E018C5467745D80874BD056992970E55D10566C8919D34501776E60507E8A27FDD9671EFC57513B65810A394863EEF7030D706FA61C16C49A1ADC4261957483
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L...........!.....B...........a... ........@.. ....................................@.................................La..O.................................................................................... ............... ..H............text....A... ...B.................. ..`.rsrc................D..............@..@.reloc...............H..............@..B.................a......H........Z..............P ..y:.........................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP.V7.....A.H.4................$.t.h.i.s...T.e.x.t......l.a.b.e.l.1...T.e.x.t......l.a.b.e.l.1.0...T.e.x.t.W.....Analysera fil.FM.jliga format f.r den valda filen: (v.lj ett f.r mer information)..V.lj den fil du vill analyser

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\tr\CodecInstaller.resources.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):36864
                        Entropy (8bit):3.721947855767216
                        Encrypted:false
                        SSDEEP:384:0Y1Wj7nPOSJlQATBKbLYw3AFiKBceKPxPR9aLbUe:0Y1Wjrr83bLJ3feKP9R9Mn
                        MD5:3BB5FD0FDCE957CC8850924F9BB34870
                        SHA1:72626592B233F0026C6487E30FD25C05DC1A194D
                        SHA-256:2C61DC4CCA29074C5F5BA77FA4FE898E82676681988C2E1AFF06712ED71EF784
                        SHA-512:1409985DF56B7B1C9889D236A723F381A991EAAA99B34382D1DE0B57EB537D087C5F79D21924004F676F7EA2F9CEAF0B6338053ABB76E3D5087640D0CB86CA1B
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......L...........!.....`... ......nt... ........@.. ....................................@..................................t..O.................................................................................... ............... ..H............text...tT... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\trid.exe

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                        Category:dropped
                        Size (bytes):60928
                        Entropy (8bit):6.059762576575963
                        Encrypted:false
                        SSDEEP:1536:LanTg8NuY5CrrXwKPtt5h5FbNXSgv2d70bdmf2:+gtJrHn9FbNCgv2dApmf2
                        MD5:562FB3EDB3C3ED9B56EFD7B869D8F9AE
                        SHA1:E2978BC736A0216BE5723C7C8027442693DB1B7B
                        SHA-256:BFBFA2634E9197914CBE91D992487FB29D5B7F914C1524A37172C9BDC341E15E
                        SHA-512:B7261ED0B96BE9123B64F13F4E448FB0379C5D0A0EC1D07E0B39F73DF44B72FCCC369B0C75519E6381ADC4B1C18F50FCF17FFFC708A0472B1AD0178C6269E593
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 4%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....YM...............8............@.............@.................................W...........................................\....................................................................................................................text...............................`..`.data...............................@....rdata..............................@..@.bss.....................................idata..\...........................@...........................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Program Files (x86)\JockerSoft\CodecInstaller\uninst.exe

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                        Category:dropped
                        Size (bytes):67106
                        Entropy (8bit):6.656794185145072
                        Encrypted:false
                        SSDEEP:1536:3u4EQalMK/ewGnh0mJ77NeYRNgKvMCFYSiqGX32:3Nyah0mJFeqgKVGH2
                        MD5:ECC29B7F78B1A3EF9103597BE5ABDD16
                        SHA1:9C142298701295540B5CF5FB309E1A9E84B68106
                        SHA-256:4E3144A9F6CD8D9EF996C6E1ECA664EDFB377F7B997CD86DAE03A72DAA9555F6
                        SHA-512:11FABB80D7EEA17CE393E5AB417F1409C79DE0FB5A2CE0DC22BD8CDC0CAA1B6DB0862B0EB7CC64C4DB0338CFB7761D38491BF829B62861D0E908A8096CCC40DC
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L....7.H.................Z..........%2.......p....@..........................@...............................................s...........e...........................................................................p...............................text...vY.......Z.................. ..`.rdata.......p.......^..............@..@.data................p..............@....ndata.......@...........................rsrc....e.......f...t..............@..@........................................................................................................................................................................................................................................................................................................................................................

                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecInstaller\CodecInstaller.lnk

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Apr 15 15:04:26 2012, mtime=Mon May 27 00:00:00 2024, atime=Sun Apr 15 15:04:26 2012, length=1065984, window=hide
                        Category:dropped
                        Size (bytes):1319
                        Entropy (8bit):4.582455268686823
                        Encrypted:false
                        SSDEEP:24:8m0GhKfELdOEOkMyUAG8fhXgdVRMdVzUUECVMqyFm:8m0GhBLdOVkMmthXgdVKdVoYVVyF
                        MD5:18EF0D5721D42E18E3BCF33604DFF59D
                        SHA1:05D99B8F08D99B011A92A20651D8E5150F246F5F
                        SHA-256:D42E42ED8E1DF36285263DB5726C25594A844C158B79CAEC45191C4580250085
                        SHA-512:F5328E4F6F147CAE54F48183CF2A0725473B42567D606A0669491CE413B30D53C92E52BE5C67693E80882984898DFF2087D2996148F9C70F89F1B250F533EA5C
                        Malicious:false
                        Preview:L..................F.... ....!.n!...bVR3....!.n!....D...........................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....}*..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1......X....JOCKER~1..F......X...X...........................}*..J.o.c.k.e.r.S.o.f.t.....f.1......X....CODECI~1..N......X...X...........................}*..C.o.d.e.c.I.n.s.t.a.l.l.e.r.....r.2..D...@.. .CODECI~1.EXE..V......@...X......i.........................C.o.d.e.c.I.n.s.t.a.l.l.e.r...e.x.e.......r...............-.......q...........'.-......C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe..R.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.J.o.c.k.e.r.S.o.f.t.\.C.o.d.e.c.I.n.s.t.a.l.l.e.r.\.C.o.d.e.c.I.n.s.t.a.l.l.e.r...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.J.o.c.k.e.r.S.o.f.t.\.C.o.d.e.c.I.n.s.t.a.l.l.e.r.........*................@Z|...K.J.

                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecInstaller\Help.lnk

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Aug 2 13:15:18 2007, mtime=Mon May 27 00:00:01 2024, atime=Thu Aug 2 13:15:18 2007, length=2794, window=hide
                        Category:dropped
                        Size (bytes):1344
                        Entropy (8bit):4.636720672934813
                        Encrypted:false
                        SSDEEP:24:8mNHKfELdOEOkM9yAz8fhX7dVxgdVzUUEfqyFm:8m1BLdOVkM9RshX7dV2dVo0yF
                        MD5:53FBEED3A1E542ADB80E4C1FB389603C
                        SHA1:2C25D91D1A2668FA3C5EA787777F6F3A9BB2DACE
                        SHA-256:8579E95432C639BF37F0A7306B8630530DA3B1AF9732E88752EBECB37597297F
                        SHA-512:6202452D6D8995CBE42FD3CE7E58BFBEA54B53A14FF0110C37FB3F70C475284A024E459A26702B6CE2F5B8160D19A094CE34523E04B7E790AF61D9FDAD14FA43
                        Malicious:false
                        Preview:L..................F.... ...........>.3........................................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....}*..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1......X....JOCKER~1..F......X...X...........................}*..J.o.c.k.e.r.S.o.f.t.....f.1......X....CODECI~1..N......X...X...........................hj..C.o.d.e.c.I.n.s.t.a.l.l.e.r.....|.2......7.q .CODECI~1.HTM..`.......7.q.X......J.........................c.o.d.e.c.i.n.s.t.a.l.l.e.r._.f.a.q...h.t.m.l.......w...............-.......v...........'.-......C:\Program Files (x86)\JockerSoft\CodecInstaller\codecinstaller_faq.html..W.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.J.o.c.k.e.r.S.o.f.t.\.C.o.d.e.c.I.n.s.t.a.l.l.e.r.\.c.o.d.e.c.i.n.s.t.a.l.l.e.r._.f.a.q...h.t.m.l.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.J.o.c.k.e.r.S.o.f.t.\.C.o.d.e.c.I.n.s.t.a.l.l.e.r.........*.

                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecInstaller\Website.lnk

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon May 27 00:00:01 2024, mtime=Mon May 27 00:00:01 2024, atime=Mon May 27 00:00:01 2024, length=51, window=hide
                        Category:dropped
                        Size (bytes):1319
                        Entropy (8bit):4.611407805255947
                        Encrypted:false
                        SSDEEP:24:8muRRnKfELdOEOkMG/lE7AG8fhXBdVR4gdVzUUEw7IqyFm:8mMBLdOVkMG/lZthXBdVegdVoe7RyF
                        MD5:F46C15B79D0E16A9F56E81448EE1B9B6
                        SHA1:3729703DEF30BF8CE8210D69BDB119CB6A10A71B
                        SHA-256:11F3528EDCF561B4250A4B0342CE88FDF7C30EC9F934F1487F5B050B66FEB296
                        SHA-512:FE6DB1D81006E1EB849B6B8AD5E15A802FD876A3726F3049DE084A52F96F340C85D71AA5EDB177B9DFDDEE2E43FF8DE8E4E27772F11750CEF0B0551DCB3CB1D5
                        Malicious:false
                        Preview:L..................F.... ....*.3....*.3....*.3...3............................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....}*..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1......X....JOCKER~1..F......X...X...........................}*..J.o.c.k.e.r.S.o.f.t.....f.1......X....CODECI~1..N......X...X...........................$..C.o.d.e.c.I.n.s.t.a.l.l.e.r.....r.2.3....X.. .CODECI~1.URL..V......X...X.......#....................hj..C.o.d.e.c.I.n.s.t.a.l.l.e.r...u.r.l.......r...............-.......q...........'.-......C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.url..R.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.J.o.c.k.e.r.S.o.f.t.\.C.o.d.e.c.I.n.s.t.a.l.l.e.r.\.C.o.d.e.c.I.n.s.t.a.l.l.e.r...u.r.l.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.J.o.c.k.e.r.S.o.f.t.\.C.o.d.e.c.I.n.s.t.a.l.l.e.r.........*................@Z|...K.J.

                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar\More Crawler Products.lnk

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Mon May 27 00:00:07 2024, mtime=Mon May 27 00:00:09 2024, atime=Mon Mar 26 05:04:48 2012, length=2558088, window=hide
                        Category:dropped
                        Size (bytes):2019
                        Entropy (8bit):3.298552148629156
                        Encrypted:false
                        SSDEEP:24:8W0XiNgE6dOE4TVMUtf0OA+8fAwkdfj10rqdWnfX+/et4I0jUUEnqyFm:87id6dOlVM6cVVAbdb6rqdYXSIlkyF
                        MD5:7FFD79C9C78F5582A90C9A6B9A15F587
                        SHA1:D79AC6F125BB451B374C9E5622663406CDCEBA9D
                        SHA-256:078C5673F3060E626230D0E3F513D00832F1CA1E9EC85F174D9167ACFD3398D0
                        SHA-512:F5DEBA857A3086280F3F14704D88C5A13B467B26BCB0FA03E57E64C82E45E354870617BE7C8C334E45841B852DB0DA0FB14E77AF0B7FB2E5631FF3C6CC4972B3
                        Malicious:false
                        Preview:L..................F.@.. ....MX7...1..8.....\Y......'..........................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....I.s.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X....Crawler.@......X...X......s:.....................A.C.r.a.w.l.e.r.....f.2...'.z@.0 .CToolbar.exe..J......X...X......t:........................C.T.o.o.l.b.a.r...e.x.e.......Z...............-.......Y...........'.-......C:\Program Files (x86)\Crawler\CToolbar.exe..:.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.r.a.w.l.e.r.\.C.T.o.o.l.b.a.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.r.a.w.l.e.r.\.)./.s.h.o.w.u.r.l. .h.t.t.p.:././.w.w.w...c.r.a.w.l.e.r...c.o.m./.p.r.o.d.u.c.t.s./...C.:.\.W.i.n.d.o.w.s.\.S.y.s.t.e.m.3.2.\.u.r.l...d.l.l.........%SystemRoot%\System32\url.dll......................................................................................

                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar\Toolbar Help.lnk

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Mon May 27 00:00:07 2024, mtime=Mon May 27 00:00:09 2024, atime=Mon Mar 26 05:04:48 2012, length=2558088, window=hide
                        Category:dropped
                        Size (bytes):2057
                        Entropy (8bit):3.321799120541306
                        Encrypted:false
                        SSDEEP:24:8WHXiNgE6dOE4TVMUtf0OA+8fAwkdfj10rqdF0X+/et4I0jUUEnqyFm:8qid6dOlVM6cVVAbdb6rqdOXSIlkyF
                        MD5:10EFA5B884E9BA99B4E056A5CB24A2EB
                        SHA1:EC9A46019963F76DDB530B692B74BBCEA6BF76A6
                        SHA-256:4CFDB8493DB3BEE631942E1B8E32DDA1D64840A3E90030D3A74F43069388D69B
                        SHA-512:3B08FBABFB51DA7C91D65504667C0D85498D2025C18DF9BA01EAF76EEA570CC0E928F686AAAB036F5E39501E1F878269254B4FA9E821A73A8762F8C0ABAB8E93
                        Malicious:false
                        Preview:L..................F.@.. ....MX7.....8.....\Y......'..........................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....I.s.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X....Crawler.@......X...X......s:.....................A.C.r.a.w.l.e.r.....f.2...'.z@.0 .CToolbar.exe..J......X...X......t:........................C.T.o.o.l.b.a.r...e.x.e.......Z...............-.......Y...........'.-......C:\Program Files (x86)\Crawler\CToolbar.exe..:.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.r.a.w.l.e.r.\.C.T.o.o.l.b.a.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.r.a.w.l.e.r.\.<./.s.h.o.w.u.r.l. .h.t.t.p.:././.w.w.w...c.r.a.w.l.e.r...c.o.m./.h.e.l.p./.d.e.f.a.u.l.t...a.s.p.x.?.s.r.c.=.T.b.M.e.n.u...C.:.\.W.i.n.d.o.w.s.\.S.y.s.t.e.m.3.2.\.u.r.l...d.l.l.........%SystemRoot%\System32\url.dll................................................

                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar\Toolbar Settings.lnk

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Mon May 27 00:00:07 2024, mtime=Mon May 27 00:00:09 2024, atime=Mon Mar 26 05:04:48 2012, length=2558088, window=hide
                        Category:dropped
                        Size (bytes):1987
                        Entropy (8bit):3.283759822840643
                        Encrypted:false
                        SSDEEP:48:8ETd6dOlVM6cVVAbdb6rqdiJdb6mb6lkyF:8SVM6cEUrmJlky
                        MD5:263558D8158C243F3EB85DED6B2CF7E1
                        SHA1:75512009C3FBC66C93D2BC6FBF70A5CFF43979A4
                        SHA-256:06C4361A46446EA4594CFBF41E9400F8C84800010A3D5704114106638A28952B
                        SHA-512:7CFFA0FFD68E32F431CCC1FFD9CB7ACA01AB0FBBC9666BB97522ACC1CDF6DFDD09120D9C59E30DE1CA8A60130DB44072B4D68D8F9A98F69FFC6D172E9664370C
                        Malicious:false
                        Preview:L..................F.@.. ....MX7.....8.....\Y......'..........................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....I.s.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X....Crawler.@......X...X......s:.....................A.C.r.a.w.l.e.r.....f.2...'.z@.0 .CToolbar.exe..J......X...X......t:........................C.T.o.o.l.b.a.r...e.x.e.......Z...............-.......Y...........'.-......C:\Program Files (x86)\Crawler\CToolbar.exe..:.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.r.a.w.l.e.r.\.C.T.o.o.l.b.a.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.r.a.w.l.e.r.\.../.s.e.t.t.i.n.g.s.+.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.r.a.w.l.e.r.\.C.T.o.o.l.b.a.r...e.x.e.........%ProgramFiles%\Crawler\CToolbar.exe................................................................................................................

                        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar\Uninstall Crawler Toolbar.lnk

                        Download File
                        Process:C:\Program Files (x86)\Crawler\CToolbar.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=1, Archive, ctime=Mon May 27 00:00:07 2024, mtime=Mon May 27 00:00:09 2024, atime=Mon Mar 26 05:04:48 2012, length=2558088, window=hide
                        Category:dropped
                        Size (bytes):1983
                        Entropy (8bit):3.286061874561908
                        Encrypted:false
                        SSDEEP:48:8yTd6dOlVM6cVVAbdb6rqd5cdb6mb6lkyF:8EVM6cEUrmpJlky
                        MD5:D7B846DC60DC94942A0B26F796746AD0
                        SHA1:1A1BCCD4945FE65717AEF70CBFA5B4D8DE0E357E
                        SHA-256:2FE94E96C9E3F067784ECEE85F1D4A1B1D725FFDE1C3BD13056FB4E21E40473C
                        SHA-512:22181E9D4CE3CC47A3BAC5D7BCE8EF18E4B678003929FCE896964B4FCA136ADEA1C1B83F3477B02BB4147407CBE3589D18F96175A85B14C0FA0EE458D8D60383
                        Malicious:false
                        Preview:L..................F.@.. ....MX7...wv.8.....\Y......'..........................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....I.s.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1......X....Crawler.@......X...X......s:.....................A.C.r.a.w.l.e.r.....f.2...'.z@.0 .CToolbar.exe..J......X...X......t:........................C.T.o.o.l.b.a.r...e.x.e.......Z...............-.......Y...........'.-......C:\Program Files (x86)\Crawler\CToolbar.exe..:.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.r.a.w.l.e.r.\.C.T.o.o.l.b.a.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.r.a.w.l.e.r.\.../.u.n.i.n.s.t.+.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.r.a.w.l.e.r.\.C.T.o.o.l.b.a.r...e.x.e.........%ProgramFiles%\Crawler\CToolbar.exe....................................................................................................................

                        C:\Users\Public\Desktop\CodecInstaller.lnk

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Sun Apr 15 15:04:26 2012, mtime=Mon May 27 00:00:00 2024, atime=Sun Apr 15 15:04:26 2012, length=1065984, window=hide
                        Category:dropped
                        Size (bytes):1301
                        Entropy (8bit):4.598513334371894
                        Encrypted:false
                        SSDEEP:24:8m0khKfELdOEOkM1tUAG8fhXXdVRMdVzUUECVMqyFm:8m0khBLdOVkM15thXXdVKdVoYVVyF
                        MD5:B053E58D4C1E5A76EAF89A73D84B9570
                        SHA1:49A91FC3B06451D1AA437585AFCE97ECBB8F0766
                        SHA-256:4781BD6AE6569EB55CF63A80394C2CDCCDC75BFD0EF943E94E95477D55430C35
                        SHA-512:2E6ACE6B312E602B966C84CF84C4A8B6D79C2332B727E79C72B9031C5E2F40671E5A5F7CC0FE9CE6C5B179B6E3FC27241BE4EE2B5C566EC36462AF04165C8984
                        Malicious:false
                        Preview:L..................F.... ....!.n!....ie3....!.n!....D...........................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~2.........O.I.X......................V.....}*..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1......X....JOCKER~1..F......X...X...........................}*..J.o.c.k.e.r.S.o.f.t.....f.1......X....CODECI~1..N......X...X...............................C.o.d.e.c.I.n.s.t.a.l.l.e.r.....r.2..D...@.. .CODECI~1.EXE..V......@...X......i.........................C.o.d.e.c.I.n.s.t.a.l.l.e.r...e.x.e.......r...............-.......q...........'.-......C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe..I.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.J.o.c.k.e.r.S.o.f.t.\.C.o.d.e.c.I.n.s.t.a.l.l.e.r.\.C.o.d.e.c.I.n.s.t.a.l.l.e.r...e.x.e.0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.J.o.c.k.e.r.S.o.f.t.\.C.o.d.e.c.I.n.s.t.a.l.l.e.r.........*................@Z|...K.J.........`.......X

                        C:\Users\user\AppData\Local\JockerSoft\CodecInstaller.exe_Url_4t2i51jukdgmkdlwbxp45yg0m0woj4n0\2.10.4.0\emywetrs.newcfg

                        Download File
                        Process:C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):442
                        Entropy (8bit):4.337882398793596
                        Encrypted:false
                        SSDEEP:12:TMHdGGnOuOXdOGEN+PvvXFfEN+JvvXpOXdONI3xT:2dANZv1fTviv
                        MD5:9242AA31498C0A80AAF0CA59484D7F7D
                        SHA1:804ED55D8267B4F31C3840039DAE33AAD17487A6
                        SHA-256:7AB67FACB2C2B95EAAA9DE6A855093D10AF550B9D468A41086B356414B173225
                        SHA-512:125E5D5BE8D5136A1C39A285D1BF7E4CC8AF0F51CFFF63BAA738DED9EC817309AA66630AE15819743CB5A84E82B90CD0DD880A2D1B0CE7B49F96DBDEB085E208
                        Malicious:false
                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <CodecInstaller.Properties.Settings>.. <setting name="Opened" serializeAs="String">.. <value>1</value>.. </setting>.. <setting name="Language" serializeAs="String">.. <value>en</value>.. </setting>.. </CodecInstaller.Properties.Settings>.. </userSettings>..</configuration>

                        C:\Users\user\AppData\Local\JockerSoft\CodecInstaller.exe_Url_4t2i51jukdgmkdlwbxp45yg0m0woj4n0\2.10.4.0\sxdjhiao.newcfg

                        Download File
                        Process:C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):326
                        Entropy (8bit):4.456959785763579
                        Encrypted:false
                        SSDEEP:6:TMVBd1IGnOtgOXLoAOYY5hQ0RXKRF/+XpvvvXCgOXLoAONI3QIT:TMHdGGnOuOXdOFfEN+JvvXpOXdONI3xT
                        MD5:0E1808F5732C42678670E5DB22A0B930
                        SHA1:60EE2146722744C2AB159B25794CE88019A63D9C
                        SHA-256:7DD60E9698C473478046A0F775880AFAE14B6CF2FC0E128E9F7F8E4F91AE8DE8
                        SHA-512:505531F7623A889A1C682A5932D5F4107F350BFD4AAE52AC40B56D8D859B8AF3BEBC5FCA676FE773D415B85672BB18E4BDBA1FF0B8146EC4379D137D287606C0
                        Malicious:false
                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <CodecInstaller.Properties.Settings>.. <setting name="Language" serializeAs="String">.. <value>en</value>.. </setting>.. </CodecInstaller.Properties.Settings>.. </userSettings>..</configuration>

                        C:\Users\user\AppData\Local\JockerSoft\CodecInstaller.exe_Url_4t2i51jukdgmkdlwbxp45yg0m0woj4n0\2.10.4.0\user.config (copy)

                        Download File
                        Process:C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):326
                        Entropy (8bit):4.456959785763579
                        Encrypted:false
                        SSDEEP:6:TMVBd1IGnOtgOXLoAOYY5hQ0RXKRF/+XpvvvXCgOXLoAONI3QIT:TMHdGGnOuOXdOFfEN+JvvXpOXdONI3xT
                        MD5:0E1808F5732C42678670E5DB22A0B930
                        SHA1:60EE2146722744C2AB159B25794CE88019A63D9C
                        SHA-256:7DD60E9698C473478046A0F775880AFAE14B6CF2FC0E128E9F7F8E4F91AE8DE8
                        SHA-512:505531F7623A889A1C682A5932D5F4107F350BFD4AAE52AC40B56D8D859B8AF3BEBC5FCA676FE773D415B85672BB18E4BDBA1FF0B8146EC4379D137D287606C0
                        Malicious:false
                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <CodecInstaller.Properties.Settings>.. <setting name="Language" serializeAs="String">.. <value>en</value>.. </setting>.. </CodecInstaller.Properties.Settings>.. </userSettings>..</configuration>

                        C:\Users\user\AppData\Local\JockerSoft\CodecInstaller.exe_Url_4t2i51jukdgmkdlwbxp45yg0m0woj4n0\2.10.4.0\we99acby.newcfg

                        Download File
                        Process:C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):589
                        Entropy (8bit):4.440641791364009
                        Encrypted:false
                        SSDEEP:12:TMHdGGnOuOXdOTfKthfEN+/vvXGEN+PvvXFfEN+JvvXpOXdONI3xT:2dAqfKPBvWZv1fTviv
                        MD5:6465031B6440318E07B6EA299BB237C6
                        SHA1:9E3555E90B186214E90B254545CFDFEFC7D980BF
                        SHA-256:84E6DEB4D164D07B2CA70415B378B7F7EE2C3209C9DA251724EC645D85DE9E82
                        SHA-512:A3F5640FD627D2AE925944ED4F80963D696347897FA0BD937536A4121A92A3140546F44EA08D9B6FB764AEB4B78D2409DC8CFE9EE932058B80288067765214D0
                        Malicious:false
                        Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <CodecInstaller.Properties.Settings>.. <setting name="updateMinusLastcheck" serializeAs="String">.. <value>638523540084238776</value>.. </setting>.. <setting name="Opened" serializeAs="String">.. <value>1</value>.. </setting>.. <setting name="Language" serializeAs="String">.. <value>en</value>.. </setting>.. </CodecInstaller.Properties.Settings>.. </userSettings>..</configuration>

                        C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp

                        Download File
                        Process:C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):1162240
                        Entropy (8bit):6.617567923063223
                        Encrypted:false
                        SSDEEP:24576:BC7v+ye8PIbtzXqENJ0+3ONEAD1TxAzONCCuEx9M:BC7mfvha0J06gD7cWCw
                        MD5:DFB7304D96F8F1C29FDA2748779663D7
                        SHA1:1D836DF6A5373DB4EDDE087F31B61561E7F071CA
                        SHA-256:F487FAF0E64ABF18EB5C0B6F79F410EE96A1E1C6DDE473F2BD3FFABF05812027
                        SHA-512:C8455C34D47BA88ECAED794ABA0D093B6C813E7C0E061453FB535F5C1C1287F2F52520899456D067A225EA3CAFDF598176A78F9F317C25A32C30FCA0270C2D7E
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 4%
                        Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................0...................@...........................p...........h..........................................................................................................CODE................................ ..`DATA.....G.......H..................@...BSS......!...@......."...................idata.......p...0..."..............@....tls.................R...................rdata...............R..............@..P.reloc...............T..............@..P.rsrc....h.......h...T..............@..P.............0......................@..P........................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\AFAsearch.bmp (copy)

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PC bitmap, Windows 3.x format, 440 x 98 x 8, image size 43122, resolution 2834 x 2834 px/m, 255 important colors, cbSize 44196, bits offset 1074
                        Category:dropped
                        Size (bytes):44196
                        Entropy (8bit):6.324507565259146
                        Encrypted:false
                        SSDEEP:384:mPa2DDrUZfHtZ5ntqk4hPx/oNZFgL0hirNTZBX1:OawXkfHtaPWNg0orNTZBF
                        MD5:568407BEC1A12C498C134DE0CE328914
                        SHA1:DB7DDE85826469B9763A692FE0F32D4DD55971B1
                        SHA-256:1F2646FEA9AA1B36E78D03D1D9A1023574DB89F7639CC904FD3B2E6AA8387E69
                        SHA-512:75B6E5B5463E916810E712599395EB34976FFF6A9AC9831DAC6D43D00F35017D43C054F30477D16DBCF0F945BDF579E8F4A7BEAA38490131A9ED61F07CA6C1A3
                        Malicious:false
                        Preview:BM........2...(.......b...........r................................U.......................#...%...%...%...3...=*..M:..\L..\M..vh..........wl......kQ..pW......R"..............@...>......................8...S...J...c"..nB..a..|...................R...M...[...],..j@..P..xQ..............................................V...U...R...M...U...e'..v2..xA..g.............................[...W...W...U...U...S...]...b.....................................i...d...f...]...]...i...k...i...g...l...m ..}'...........>;9..........k...m...k...e...m...k...j...l...p..............u..............cG.......y..{l..........................$!..PKF.....YWU..........y......Z.............mM%......s...................5........ihf..............................\......................................................................................................................!.1.B.Y.n...................................................................................|...........K.

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\AFAsearch_CT5.bmp (copy)

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PC bitmap, Windows 3.x format, 440 x 98 x 8, image size 43122, resolution 2834 x 2834 px/m, 255 important colors, cbSize 44196, bits offset 1074
                        Category:dropped
                        Size (bytes):44196
                        Entropy (8bit):6.324507565259146
                        Encrypted:false
                        SSDEEP:384:mPa2DDrUZfHtZ5ntqk4hPx/oNZFgL0hirNTZBX1:OawXkfHtaPWNg0orNTZBF
                        MD5:568407BEC1A12C498C134DE0CE328914
                        SHA1:DB7DDE85826469B9763A692FE0F32D4DD55971B1
                        SHA-256:1F2646FEA9AA1B36E78D03D1D9A1023574DB89F7639CC904FD3B2E6AA8387E69
                        SHA-512:75B6E5B5463E916810E712599395EB34976FFF6A9AC9831DAC6D43D00F35017D43C054F30477D16DBCF0F945BDF579E8F4A7BEAA38490131A9ED61F07CA6C1A3
                        Malicious:false
                        Preview:BM........2...(.......b...........r................................U.......................#...%...%...%...3...=*..M:..\L..\M..vh..........wl......kQ..pW......R"..............@...>......................8...S...J...c"..nB..a..|...................R...M...[...],..j@..P..xQ..............................................V...U...R...M...U...e'..v2..xA..g.............................[...W...W...U...U...S...]...b.....................................i...d...f...]...]...i...k...i...g...l...m ..}'...........>;9..........k...m...k...e...m...k...j...l...p..............u..............cG.......y..{l..........................$!..PKF.....YWU..........y......Z.............mM%......s...................5........ihf..............................\......................................................................................................................!.1.B.Y.n...................................................................................|...........K.

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_RegDLL.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):4096
                        Entropy (8bit):4.026670007889822
                        Encrypted:false
                        SSDEEP:48:ivuz1hEU3FR/pmqBl8/QMCBaquEMx5BC+SS4k+bkguj0KHc:bz1eEFNcqBC/Qrex5iSKDkc
                        MD5:0EE914C6F0BB93996C75941E1AD629C6
                        SHA1:12E2CB05506EE3E82046C41510F39A258A5E5549
                        SHA-256:4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
                        SHA-512:A899519E78125C69DC40F7E371310516CF8FAA69E3B3FF747E0DDF461F34E50A9FF331AB53B4D07BB45465039E8EBA2EE4684B3EE56987977AE8C7721751F5F9
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................|.......|.......|......Rich............PE..L....M;J..................................... ....@..........................@..............................................l ..P....0..@............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...@....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_setup64.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32+ executable (console) x86-64, for MS Windows
                        Category:dropped
                        Size (bytes):6144
                        Entropy (8bit):4.215994423157539
                        Encrypted:false
                        SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12pS5SKvkc:sfJEVYlvxaX12EF
                        MD5:4FF75F505FDDCC6A9AE62216446205D9
                        SHA1:EFE32D504CE72F32E92DCF01AA2752B04D81A342
                        SHA-256:A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
                        SHA-512:BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
                        Malicious:true
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\_isetup\_shfoldr.dll

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                        Category:dropped
                        Size (bytes):23312
                        Entropy (8bit):4.596242908851566
                        Encrypted:false
                        SSDEEP:384:+Vm08QoKkiWZ76UJuP71W55iWHHoSHigH2euwsHTGHVb+VHHmnH+aHjHqLHxmoq1:2m08QotiCjJuPGw4
                        MD5:92DC6EF532FBB4A5C3201469A5B5EB63
                        SHA1:3E89FF837147C16B4E41C30D6C796374E0B8E62C
                        SHA-256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
                        SHA-512:9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
                        Malicious:false
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\homepage.bmp (copy)

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PC bitmap, Windows 3.x format, 290 x 67 x 8, image size 19566, resolution 2834 x 2834 px/m, cbSize 20644, bits offset 1078
                        Category:dropped
                        Size (bytes):20644
                        Entropy (8bit):5.355926044831159
                        Encrypted:false
                        SSDEEP:192:DSu8Ui99Dic5FODU2iqxLyOP2Hf/FTiYRA6MCyicxXi/VUNki:DSpic5FOY23xLp6nEIkiuO2
                        MD5:1D0595AF549AE00F5DA486E41339F41D
                        SHA1:0A8E9DD886804C5879AD8C548DB03BDE4D887AD2
                        SHA-256:B4671EDF20925F216ECE44AF4F7773FB52D4E4B3DF086D37D092BD45C8EACF9E
                        SHA-512:47814CDDB8E0D5E0EA6B07CF1261DEF4A1081349418F735EBF3960F137A4222007D8547312EE8ECBBE6ED8DDFCBD42B1187B4A0EAAD65DF0E2DCE92BBE9D9214
                        Malicious:false
                        Preview:BM.P......6...(..."...C...........nL..................................................................(&..F<..OC.......{...........................kh.......|..............]U..........s.......[=(...}........eD&..........t.......................j...........~..........d#.....................0..M...R..........x...>......|...........r.{{z.................................................................................................................................................................................................................................................................................................s|..a.......O...:...........:...................|.......a.......$F..]f.......'......CO..@G...................................................................... ......**......03..''..66..<=..AA..DE..HI..JK..LM..QR..[[..UW..bb..]^..ii..pp..ij..??......vv..................SSU...........................................................................................

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\is-0Q9LH.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PC bitmap, Windows 3.x format, 440 x 98 x 8, image size 43122, resolution 2834 x 2834 px/m, 255 important colors, cbSize 44196, bits offset 1074
                        Category:dropped
                        Size (bytes):44196
                        Entropy (8bit):6.324507565259146
                        Encrypted:false
                        SSDEEP:384:mPa2DDrUZfHtZ5ntqk4hPx/oNZFgL0hirNTZBX1:OawXkfHtaPWNg0orNTZBF
                        MD5:568407BEC1A12C498C134DE0CE328914
                        SHA1:DB7DDE85826469B9763A692FE0F32D4DD55971B1
                        SHA-256:1F2646FEA9AA1B36E78D03D1D9A1023574DB89F7639CC904FD3B2E6AA8387E69
                        SHA-512:75B6E5B5463E916810E712599395EB34976FFF6A9AC9831DAC6D43D00F35017D43C054F30477D16DBCF0F945BDF579E8F4A7BEAA38490131A9ED61F07CA6C1A3
                        Malicious:false
                        Preview:BM........2...(.......b...........r................................U.......................#...%...%...%...3...=*..M:..\L..\M..vh..........wl......kQ..pW......R"..............@...>......................8...S...J...c"..nB..a..|...................R...M...[...],..j@..P..xQ..............................................V...U...R...M...U...e'..v2..xA..g.............................[...W...W...U...U...S...]...b.....................................i...d...f...]...]...i...k...i...g...l...m ..}'...........>;9..........k...m...k...e...m...k...j...l...p..............u..............cG.......y..{l..........................$!..PKF.....YWU..........y......Z.............mM%......s...................5........ihf..............................\......................................................................................................................!.1.B.Y.n...................................................................................|...........K.

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\is-90ROM.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PC bitmap, Windows 3.x format, 347 x 26 x 24, resolution 2880 x 2880 px/m, cbSize 27198, bits offset 54
                        Category:dropped
                        Size (bytes):27198
                        Entropy (8bit):6.138101989837099
                        Encrypted:false
                        SSDEEP:384:cfN7+MhIpE/giJ9g9O8VzdwTFIpR7wLRoJJ8l8m6KlxA2XqSYB:cfXy2WpQI3ELOJk6KxLqSYB
                        MD5:1B4B601AB54659DA1780DA90382F41A5
                        SHA1:D7889FEACD813ED806B1A78F425D3ED37EA1F613
                        SHA-256:3A943B3AA3C5E02544B9610DAEF4CE0CD2461F557DEFDD7B058DAEF8748E8666
                        SHA-512:C1C2A337619FF3569DF1AFF985A94D9202B43DF6037184313D7FB19D308471CB79F6E7EBF052F38F96819AC3D65C4721043AAA47CB8FA2D5A416A00E53EAA508
                        Malicious:false
                        Preview:BM>j......6...(...[...................@...@.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\is-BHBEO.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PC bitmap, Windows 3.x format, 290 x 67 x 8, image size 19566, resolution 2834 x 2834 px/m, cbSize 20644, bits offset 1078
                        Category:dropped
                        Size (bytes):20644
                        Entropy (8bit):5.355926044831159
                        Encrypted:false
                        SSDEEP:192:DSu8Ui99Dic5FODU2iqxLyOP2Hf/FTiYRA6MCyicxXi/VUNki:DSpic5FOY23xLp6nEIkiuO2
                        MD5:1D0595AF549AE00F5DA486E41339F41D
                        SHA1:0A8E9DD886804C5879AD8C548DB03BDE4D887AD2
                        SHA-256:B4671EDF20925F216ECE44AF4F7773FB52D4E4B3DF086D37D092BD45C8EACF9E
                        SHA-512:47814CDDB8E0D5E0EA6B07CF1261DEF4A1081349418F735EBF3960F137A4222007D8547312EE8ECBBE6ED8DDFCBD42B1187B4A0EAAD65DF0E2DCE92BBE9D9214
                        Malicious:false
                        Preview:BM.P......6...(..."...C...........nL..................................................................(&..F<..OC.......{...........................kh.......|..............]U..........s.......[=(...}........eD&..........t.......................j...........~..........d#.....................0..M...R..........x...>......|...........r.{{z.................................................................................................................................................................................................................................................................................................s|..a.......O...:...........:...................|.......a.......$F..]f.......'......CO..@G...................................................................... ......**......03..''..66..<=..AA..DE..HI..JK..LM..QR..[[..UW..bb..]^..ii..pp..ij..??......vv..................SSU...........................................................................................

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\is-HJ565.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PC bitmap, Windows 3.x format, 440 x 98 x 8, image size 43122, resolution 2834 x 2834 px/m, 255 important colors, cbSize 44196, bits offset 1074
                        Category:dropped
                        Size (bytes):44196
                        Entropy (8bit):6.324507565259146
                        Encrypted:false
                        SSDEEP:384:mPa2DDrUZfHtZ5ntqk4hPx/oNZFgL0hirNTZBX1:OawXkfHtaPWNg0orNTZBF
                        MD5:568407BEC1A12C498C134DE0CE328914
                        SHA1:DB7DDE85826469B9763A692FE0F32D4DD55971B1
                        SHA-256:1F2646FEA9AA1B36E78D03D1D9A1023574DB89F7639CC904FD3B2E6AA8387E69
                        SHA-512:75B6E5B5463E916810E712599395EB34976FFF6A9AC9831DAC6D43D00F35017D43C054F30477D16DBCF0F945BDF579E8F4A7BEAA38490131A9ED61F07CA6C1A3
                        Malicious:false
                        Preview:BM........2...(.......b...........r................................U.......................#...%...%...%...3...=*..M:..\L..\M..vh..........wl......kQ..pW......R"..............@...>......................8...S...J...c"..nB..a..|...................R...M...[...],..j@..P..xQ..............................................V...U...R...M...U...e'..v2..xA..g.............................[...W...W...U...U...S...]...b.....................................i...d...f...]...]...i...k...i...g...l...m ..}'...........>;9..........k...m...k...e...m...k...j...l...p..............u..............cG.......y..{l..........................$!..PKF.....YWU..........y......Z.............mM%......s...................5........ihf..............................\......................................................................................................................!.1.B.Y.n...................................................................................|...........K.

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\is-O3IUA.tmp

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PC bitmap, Windows 3.x format, 211 x 30 x 24, image size 19080, cbSize 19134, bits offset 54
                        Category:dropped
                        Size (bytes):19134
                        Entropy (8bit):5.895619109071233
                        Encrypted:false
                        SSDEEP:192:bb8/GVkSZQ/1biD1fbb5/94hrJjIeuaA7eh5XYJ3DgtMedYZDHALixIX5HIZb:3AG5Q/A1fpuAehAERYNgtBYCuKXR2
                        MD5:172F3877297519A0397716478D0D9333
                        SHA1:E2EFE69854AD898A1A267303E14689D3099D7B66
                        SHA-256:DC90665070002750629C569C18389FF952BB4E74D8ABAE32B23AB67B01014351
                        SHA-512:C47A07BAE0C92500A68BF853876097BFA462BAA3415C02FCA6FD6DEF13D04E4B86D5D2A11391EB581417C5ADEC90A74F4F6C445264016A6C75EAF9BB14A01C07
                        Malicious:false
                        Preview:BM.J......6...(....................J..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~..~..{..{..{..{..{..{..{..{..}..}..|..|..|..|..|..|..y..{..{..{..{..{..{..{..y..z..|..x..z..|..{..}..|..|..|..|..|..|..|..|..|..|..|..|..}..}..}..}..}..}..}..~..~..~..~

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\rank.bmp (copy)

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PC bitmap, Windows 3.x format, 211 x 30 x 24, image size 19080, cbSize 19134, bits offset 54
                        Category:dropped
                        Size (bytes):19134
                        Entropy (8bit):5.895619109071233
                        Encrypted:false
                        SSDEEP:192:bb8/GVkSZQ/1biD1fbb5/94hrJjIeuaA7eh5XYJ3DgtMedYZDHALixIX5HIZb:3AG5Q/A1fpuAehAERYNgtBYCuKXR2
                        MD5:172F3877297519A0397716478D0D9333
                        SHA1:E2EFE69854AD898A1A267303E14689D3099D7B66
                        SHA-256:DC90665070002750629C569C18389FF952BB4E74D8ABAE32B23AB67B01014351
                        SHA-512:C47A07BAE0C92500A68BF853876097BFA462BAA3415C02FCA6FD6DEF13D04E4B86D5D2A11391EB581417C5ADEC90A74F4F6C445264016A6C75EAF9BB14A01C07
                        Malicious:false
                        Preview:BM.J......6...(....................J..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~..~..{..{..{..{..{..{..{..{..}..}..|..|..|..|..|..|..y..{..{..{..{..{..{..{..y..z..|..x..z..|..{..}..|..|..|..|..|..|..|..|..|..|..|..|..}..}..}..}..}..}..}..~..~..~..~

                        C:\Users\user\AppData\Local\Temp\is-QHN33.tmp\sbar.bmp (copy)

                        Download File
                        Process:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        File Type:PC bitmap, Windows 3.x format, 347 x 26 x 24, resolution 2880 x 2880 px/m, cbSize 27198, bits offset 54
                        Category:dropped
                        Size (bytes):27198
                        Entropy (8bit):6.138101989837099
                        Encrypted:false
                        SSDEEP:384:cfN7+MhIpE/giJ9g9O8VzdwTFIpR7wLRoJJ8l8m6KlxA2XqSYB:cfXy2WpQI3ELOJk6KxLqSYB
                        MD5:1B4B601AB54659DA1780DA90382F41A5
                        SHA1:D7889FEACD813ED806B1A78F425D3ED37EA1F613
                        SHA-256:3A943B3AA3C5E02544B9610DAEF4CE0CD2461F557DEFDD7B058DAEF8748E8666
                        SHA-512:C1C2A337619FF3569DF1AFF985A94D9202B43DF6037184313D7FB19D308471CB79F6E7EBF052F38F96819AC3D65C4721043AAA47CB8FA2D5A416A00E53EAA508
                        Malicious:false
                        Preview:BM>j......6...(...[...................@...@.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\nsaFDD9.tmp

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):7102101
                        Entropy (8bit):7.018638734319074
                        Encrypted:false
                        SSDEEP:49152:+efBAMjW8Tn50nFg4/wXksFP4Zcz+/bhMSJmy6UC6ko6Ryg3ug7bUhijSpsXqF7J:NfKMjpQsfRdw7nqop03BZ+eSYq7Bb5p3
                        MD5:8E2DF540E3E07844FCE07A6155F89F42
                        SHA1:E9BF9459DE76F63332F9B2BF24E4DAFD454B9B55
                        SHA-256:CC6C6725787D606C53CB270A4DD79A84561827814DAEBA137E5FC616368C5392
                        SHA-512:86D34D695B6BFAE3A95B7E50588863BC23DCF87631F39AA4B1062AAE068AE6A968E76B017859B3152DECFD9EA074FD1C23FEC36843BE1C9E9B4D278827F9148C
                        Malicious:true
                        Yara Hits:
                        • Rule: JoeSecurity_EICAR, Description: Yara detected EICAR, Source: C:\Users\user\AppData\Local\Temp\nsaFDD9.tmp, Author: Joe Security
                        Preview:........,...............L...6...4Q..........................................Z...........................F.......z...........C...)...........................................................................................................................................................<...<............z..........B.......................................................m......................._.......................a...............g......................._.......................................................................................................j......................._..............................................................................................................................._.......................................<...............5...6...................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\InstallOptions.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):14336
                        Entropy (8bit):5.670615664956109
                        Encrypted:false
                        SSDEEP:192:i6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxT3K72dwF7dBdcQOz:i6JaVh4I5rpPbT3+BdhO
                        MD5:271B5D1043C4402F08DDEAE383F6979C
                        SHA1:2B88C58AA27BFB4979239579CD65D4C6C67A5295
                        SHA-256:90485CB175686C3E97B32EBF99DAA939C1A6F46E7031F71B72B81CD114FD5B51
                        SHA-512:F8BD4B316726F05647162BB52A2AEB4A6CF5EE976FDB7817A3D25B868B83FB482C38D078F01D3A629AFB0D6FA6CE409B2B3404398563137E22010074F529C11B
                        Malicious:false
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$K.y`*.*`*.*`*.*`*.*(*.*.".*m*.*4..*a*.*.,.*a*.*...*a*.*Rich`*.*........................PE..L....7.H...........!.........:......+*.......0.......................................................................8..p...81.......p..........................8....................................................0..8............................text............................... ..`.rdata.......0....... ..............@..@.data...!(...@.......*..............@....rsrc........p.......2..............@..@.reloc...............4..............@..B................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\System.dll

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Category:dropped
                        Size (bytes):10240
                        Entropy (8bit):5.851788798521327
                        Encrypted:false
                        SSDEEP:192:BGO6dJA/ruAFEiUdWWE6hsD4YUdJfbub1a8SgMO:pKAFERdlxhTYUzqZaV
                        MD5:82F7926FD7D12E3EB8ED7B5232BCF956
                        SHA1:6065FC921B742CC86C77CE2533FC1D17359EB45E
                        SHA-256:604B5E75F43FFAE8F172018CDD8F136392D9C52AE0C100D27EF537BB2DFB3984
                        SHA-512:B31A63EBBDA8F147C32D8336C5ECDE8C5261AD5526B01926D7CD74B7A9A1348DA56E180E53D20E1E300DACA76F9511F24D6E695550B705B7650C239E5B6E76C7
                        Malicious:false
                        Antivirus:
                        • Antivirus: ReversingLabs, Detection: 0%
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C.............................S...........Rich...........PE..L....7.H...........!.................(.......0...............................`......................................p2......t0..P............................P.......................................................0..X............................text...?........................... ..`.rdata.......0....... ..............@..@.data...\....@.......$..............@....reloc.......P.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\crawler.ini

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:Generic INItialization configuration [Field 1]
                        Category:dropped
                        Size (bytes):1706
                        Entropy (8bit):5.348585666762101
                        Encrypted:false
                        SSDEEP:24:ZYlkbZ2a8yAz54TYfXgYQGTcXQ4nIOur0s911ctkheIYGkzwb4AoQjlzioW5n:SK8ysXzT8IOCThsI1kzwUexzm
                        MD5:A2B8A861938E4E9BD021E470004292FF
                        SHA1:174BDFC0929D60D7B809892A827917C690620563
                        SHA-256:6F0C3A40BA57063C6BED9F7228773AA19231C9B15919A2D5C5CADDD437A74610
                        SHA-512:0884DA4DA4FA1DA92541E225302AB24178E6D40AE06B1D49191951458D3B2CC658BCDD4E45E9F967570EF9CBCF0F64B53E231533037F5F41384C10F34FD22C7B
                        Malicious:false
                        Preview:; Ini file generated by the HM NIS Edit IO designer...[Settings]..NumFields=11..RTL=0..State=0....[Field 1]..Type=Checkbox..Text=Add Crawler Toolbar to Internet Explorer and Firefox (Recommended)..Left=8..Right=286..Top=99..Bottom=107..State=1..HWND=66716....[Field 2]..Type=Label..Text=If you select to enable Crawler Toolbar, you agree to abide by the Crawler..Left=14..Right=288..Top=121..Bottom=129..HWND=66718....[Field 3]..Type=Bitmap..Text=C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\crawlerscreen.bmp..Left=4..Right=286..Top=0..Bottom=44..HWND=66720....[Field 4]..Type=Label..Text=and make Crawler my default search provider (A)..Left=18..Right=221..Top=107..Bottom=115..HWND=66722....[Field 5]..Type=Label..Text=- Free fun games, browser skins and cursors..Left=20..Right=223..Top=78..Bottom=86..HWND=66724....[Field 6]..Type=Label..Text=- Form Filler, Download Manager and much more.....Left=20..Right=226..Top=87..Bottom=95..HWND=66726....[Field 7]..Type=Label..Text=Enhance Your Browsin

                        C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\crawlerscreen.bmp

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PC bitmap, Windows 3.x format, 416 x 73 x 8, image size 30368, resolution 2835 x 2835 px/m, cbSize 31446, bits offset 1078
                        Category:dropped
                        Size (bytes):31446
                        Entropy (8bit):5.803393582451246
                        Encrypted:false
                        SSDEEP:384:uEtHGHd8qDpTdtPQT0DJQ+M0X7E98/W0gUxbwa1T:DtHGHd8GTdVFQr0XAXRTsT
                        MD5:EA2672A854110854C181A8526403FD8B
                        SHA1:A6F947D0F51187B64DD72EE3A3AB4F3835338E7C
                        SHA-256:B0B39C2B8E675FFF076D1A1D902062EE0ED08F898334579A544242272CDC8679
                        SHA-512:0FBD3E93FAEDACAE545E7F101DDD41653A50D70721E21398A41C98B765BEDD27B000CFDA04F11EDB7E1E7E15B33337C4F2C1A57D032E0643F14BA5E18B9885FE
                        Malicious:false
                        Preview:BM.z......6...(.......I............v......................"&(.W:...$..159.ZA@.KNP.."...............#...1...1...A...B-.."...1...1...A...R...R...R...R...N...N...R...R!..J)..J1..J1..R9.;vO.2.I..mT.....l..............e ..t`.........................i...pN..n..s.......................................1...9...=...D...J...J...R...R...R...Z...Z...Z...Z...c...c...c...B...N...Z...Z...Z...c...c...k...B...R...k...e...\...f...d...i-..k...k...s...k...s...k...p#..k)..w.......s...w..................s-..t;...,...:...5...9..)...5..N...K..b..x...^...........$.."H..0`..Zl..`.....................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\ioSpecial.ini

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:Generic INItialization configuration [Field 1]
                        Category:dropped
                        Size (bytes):693
                        Entropy (8bit):5.3597733559442675
                        Encrypted:false
                        SSDEEP:12:lOHf9VTsAgQRvAYfZhfjMZ4gNhBfOXFyfN4gNgFOXFYl8s3N/v50OXFNgNC3I:WTdRvAYfZh4Z1a2N1S2e115dgI3I
                        MD5:C4AC9B65B4F243E758F0FB65EEFDF9A2
                        SHA1:1AE5CFE7E67D78C1C8541985C392552A669FEB27
                        SHA-256:80FB99745BD1E3DA4DBB78B37883B6BD0F716476ECB4C6F0818B3073A44D28D8
                        SHA-512:11C17A9C629CDF4D67DEC0174B8BA09765A27A2C2E86453E64D5D5F6BB41497C87E1D594C1EC7AAB44A048E082D4CB7602D11976DBFEFF563946BFFDDB054C4C
                        Malicious:false
                        Preview:[Settings]..Rect=1044..NumFields=4..RTL=0..NextButtonText=&Finish..CancelEnabled=..State=0..[Field 1]..Type=bitmap..Left=0..Right=109..Top=0..Bottom=193..Flags=RESIZETOFIT..Text=C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\modern-wizard.bmp..HWND=132256..[Field 2]..Type=label..Left=120..Right=315..Top=10..Text=Completing the CodecInstaller 2.10.4 Setup Wizard..Bottom=38..HWND=132254..[Field 3]..Type=label..Left=120..Right=315..Top=45..Bottom=85..Text=CodecInstaller 2.10.4 has been installed on your computer.\r\n\r\nClick Finish to close this wizard...HWND=132252..[Field 4]..Type=CheckBox..Text=&Run CodecInstaller 2.10.4..Left=120..Right=315..Top=90..Bottom=100..HWND=787098..State=1..

                        C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\modern-header.bmp

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PC bitmap, Windows 3.x format, 150 x 57 x 8, image size 8664, resolution 7874 x 7874 px/m, cbSize 9742, bits offset 1078
                        Category:dropped
                        Size (bytes):9742
                        Entropy (8bit):3.0428175020775563
                        Encrypted:false
                        SSDEEP:48:d0cdXWWORuvoLR3fPseSLOP7kpnjryBWh477nOR57ctpwLhZ3+oixvvFiUhle2gM:ClWCuv0RUOcP4WSnn07TLhZOH5QUhQ4D
                        MD5:8EEF8FBC6886A404BD1AE135D52D5CA8
                        SHA1:545D3B71F8DAD1FCACB47CCFCDF7DDCA7CF183AA
                        SHA-256:78B611884E4B3955E9CAF442F3D31C7B310A79AB0E5E05590EE846AA6969E253
                        SHA-512:C8F74401C1BE93DEBB5E35B7E0D87D1C3BB7DBCB21853A91E5741C7A3578C37C88A94ACBB2BF22BEDFEBDF31A6E1491F2EC98ACA675B2FDAADBE1E7F16F74F86
                        Malicious:false
                        Preview:BM.&......6...(.......9............!..................x...n&..C??.]@'.rL*.hM8.rT:.]PI.PPP.\XW.\[[.fZN.|TC.o]U.dYY.|bW.caa.jfe.ljj.xdc.rid.xia.pnn.yii.ypn.vrp.xts.|{{..=...F...I...Q...F"..O!..S$..[+..U"..Y&..Y&..])..a-..c1..i3..w...h3..|>..k7..q>..UB..^L..U@..lW..l]..iV..w^..dG..`C..sf..yc..yt..{q..|{..}}...y..yf..zb..}h..lB..zG..;...)...5...?...U...X.......|...v...x...m...g...m...u...|...|......B..B..E..H...N..E..M...V...^...K...P...S...S...^..k..i...t...~..u......g..x...t...`...m...n...j..~...v...~...~.........................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\modern-wizard.bmp

                        Download File
                        Process:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        File Type:PC bitmap, Windows 3.x format, 164 x 314 x 8, image size 51496, resolution 2834 x 2834 px/m, cbSize 52574, bits offset 1078
                        Category:dropped
                        Size (bytes):52574
                        Entropy (8bit):7.331404025376781
                        Encrypted:false
                        SSDEEP:768:LtFaZMvkt5F+MlTel/ylsW+Z1ZNQnwYu2Nl2S9sLEHe+M:LoMJAlSZ1ZSnPn0LEHe
                        MD5:CEAA690E8162485A451066F226035156
                        SHA1:8C71DCEF5757419CC95BC8292D14C6FE8EE2A6EF
                        SHA-256:1B73DF0B89A2943F34582CF81C2D8ED7B1CE4CFB54D86CE58EBD6DD0E1E05F5D
                        SHA-512:71E0DB6BA9B3A9DE9C093D362109A441B53AC023ECD501F05B8FD080E6BDCD1085E9158F494A5BB03DAF09487039673D73DD1E0D189B5A8E335472918C4A2856
                        Malicious:false
                        Preview:BM^.......6...(.......:...........(............................nn.DBB...........}.ia`.............}wv.........................VRQ.....................................n4..X3...8..@...F...B..g=.......b.....N...F....O.=6/.642..........V...R...R...N...L...J...Z....U...`..Z...^...V...R...e...b...V...J..P...k..b...^...Z...w...V......l...b...^...Z...r...l...y&...,../...^........f...b...^...v...l...f...f...b...&..3..Y....TE0..............t...l...j...y......#..,..5..:.uW'..N...h..\..m.I>-......................%..$...$..-..-..d!..<..B..`...p...........$..,..,..,..,..3..4..C..D..K..K.cR1..}.......?;3...........#..$..$..#..,..|"..3..4..4..;..<..D..S..W...x...s......|....................$..$..%..-..,..4..0..<..D..?..C..L..L..M..Q..\..a..f...l..l..q...u...}..................-..)..:..5..<..E..E..L..T...W..\...b...d...m...j...t.......................+..4..<..B..m)..O...e.....#.. ..

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                        Entropy (8bit):7.997831519104326
                        TrID:
                        • Win32 Executable (generic) a (10002005/4) 92.16%
                        • NSIS - Nullsoft Scriptable Install System (846627/2) 7.80%
                        • Generic Win/DOS Executable (2004/3) 0.02%
                        • DOS Executable Generic (2002/1) 0.02%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:setup_CodecInstaller_full.exe
                        File size:3'934'779 bytes
                        MD5:171b409b3248772cc366d31a44aed9f6
                        SHA1:7f9d938717e1056c59a9e9afa958253fc95b4a27
                        SHA256:6ae9662200adb0543d626774c9461e51ee484005251fc34f132ae7ae58b132c7
                        SHA512:de34cfcc499cef4bf4c3677537645b7563c1903b028327834eb7f149362a3dba2951fdaaebba97029a933e2c5102c68a5f0333651e83ac0b4a7884513b55b57d
                        SSDEEP:98304:3skNDgRGQrIQVcBIsT+FJGK557FJxS5Ixn4YwYeCHTqOyQ:3smgNIQeGs6JPjPOIKTKTByQ
                        TLSH:F4063385B5C28DD2CF9F423466962DE12EB0DD2217056A4FC3581E6DFB423932A37B4B
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L....7.H.................Z..........%2.....

                        File Icon

                        Icon Hash:7a687d245cdccc33

                        Static PE Info

                        General

                        Entrypoint:0x403225
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        DLL Characteristics:
                        Time Stamp:0x48A737E7 [Sat Aug 16 20:26:15 2008 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:099c0646ea7282d232219f8807883be0

                        Entrypoint Preview

                        Instruction
                        sub esp, 00000180h
                        push ebx
                        push ebp
                        push esi
                        xor ebx, ebx
                        push edi
                        mov dword ptr [esp+18h], ebx
                        mov dword ptr [esp+10h], 00409128h
                        xor esi, esi
                        mov byte ptr [esp+14h], 00000020h
                        call dword ptr [00407030h]
                        push 00008001h
                        call dword ptr [004070B4h]
                        push ebx
                        call dword ptr [0040727Ch]
                        push 00000008h
                        mov dword ptr [00423F58h], eax
                        call 00007FCD2C7F25C0h
                        mov dword ptr [00423EA4h], eax
                        push ebx
                        lea eax, dword ptr [esp+34h]
                        push 00000160h
                        push eax
                        push ebx
                        push 0041F450h
                        call dword ptr [00407158h]
                        push 004091B0h
                        push 004236A0h
                        call 00007FCD2C7F2277h
                        call dword ptr [004070B0h]
                        mov edi, 00429000h
                        push eax
                        push edi
                        call 00007FCD2C7F2265h
                        push ebx
                        call dword ptr [0040710Ch]
                        cmp byte ptr [00429000h], 00000022h
                        mov dword ptr [00423EA0h], eax
                        mov eax, edi
                        jne 00007FCD2C7EFA8Ch
                        mov byte ptr [esp+14h], 00000022h
                        mov eax, 00429001h
                        push dword ptr [esp+14h]
                        push eax
                        call 00007FCD2C7F1D58h
                        push eax
                        call dword ptr [0040721Ch]
                        mov dword ptr [esp+1Ch], eax
                        jmp 00007FCD2C7EFAE5h
                        cmp cl, 00000020h
                        jne 00007FCD2C7EFA88h
                        inc eax
                        cmp byte ptr [eax], 00000020h
                        je 00007FCD2C7EFA7Ch
                        cmp byte ptr [eax], 00000022h
                        mov byte ptr [eax+eax+00h], 00000000h

                        Rich Headers

                        Programming Language:
                        • [EXP] VC++ 6.0 SP5 build 8804

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x73a40xb4.rdata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x2d0000x6510.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x28c.rdata
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x59760x5a00335c19bb25cd1d02eec2b0a4eacb979cFalse0.6686197916666666data6.466800446206804IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rdata0x70000x11900x1200db16645055619c0cc73276ff5c3adb75False0.4448784722222222data5.177968128705381IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .data0x90000x1af980x40059710519e577598f785044e4d95261f4False0.55078125data4.68983486808998IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .ndata0x240000x90000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .rsrc0x2d0000x65100x6600583c94f360c1ef99ea06ecd0f7b76363False0.4573759191176471data5.656548107768517IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_ICON0x2d3280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.39481327800829874
                        RT_ICON0x2f8d00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5105534709193246
                        RT_ICON0x309780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.39365671641791045
                        RT_ICON0x318200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.7486462093862816
                        RT_ICON0x320c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.6893063583815029
                        RT_ICON0x326300x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6054964539007093
                        RT_DIALOG0x32a980x120dataEnglishUnited States0.5138888888888888
                        RT_DIALOG0x32bb80x200dataEnglishUnited States0.40234375
                        RT_DIALOG0x32db80xf8dataEnglishUnited States0.6290322580645161
                        RT_DIALOG0x32eb00xd4dataEnglishUnited States0.5990566037735849
                        RT_DIALOG0x32f880xeedataEnglishUnited States0.6302521008403361
                        RT_GROUP_ICON0x330780x5adataEnglishUnited States0.6888888888888889
                        RT_VERSION0x330d80x220dataEnglishUnited States0.5091911764705882
                        RT_MANIFEST0x332f80x215XML 1.0 document, ASCII text, with very long lines (533), with no line terminatorsEnglishUnited States0.575984990619137

                        Imports

                        DLLImport
                        KERNEL32.dllCompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
                        USER32.dllEndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
                        GDI32.dllSetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
                        SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
                        ADVAPI32.dllRegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
                        COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                        ole32.dllCoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
                        VERSION.dllGetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

                        Possible Origin

                        Language of compilation systemCountry where language is spokenMap
                        EnglishUnited States

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        May 27, 2024 03:00:09.063508034 CEST4973880192.168.2.4172.67.130.88
                        May 27, 2024 03:00:09.068464994 CEST8049738172.67.130.88192.168.2.4
                        May 27, 2024 03:00:09.068542957 CEST4973880192.168.2.4172.67.130.88
                        May 27, 2024 03:00:09.070149899 CEST4973880192.168.2.4172.67.130.88
                        May 27, 2024 03:00:09.120275021 CEST8049738172.67.130.88192.168.2.4
                        May 27, 2024 03:00:09.548635960 CEST8049738172.67.130.88192.168.2.4
                        May 27, 2024 03:00:09.663041115 CEST4973880192.168.2.4172.67.130.88

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        May 27, 2024 03:00:08.993402958 CEST5078553192.168.2.41.1.1.1
                        May 27, 2024 03:00:09.028928041 CEST53507851.1.1.1192.168.2.4

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        May 27, 2024 03:00:08.993402958 CEST192.168.2.41.1.1.10xdff3Standard query (0)www.jockersoft.comA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        May 27, 2024 03:00:09.028928041 CEST1.1.1.1192.168.2.40xdff3No error (0)www.jockersoft.com172.67.130.88A (IP address)IN (0x0001)false
                        May 27, 2024 03:00:09.028928041 CEST1.1.1.1192.168.2.40xdff3No error (0)www.jockersoft.com104.21.7.177A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • www.jockersoft.com

                        HTTP Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.449738172.67.130.88807556C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe
                        TimestampBytes transferredDirectionData
                        May 27, 2024 03:00:09.070149899 CEST131OUTGET /versionchecker/checker2.php?app=codecinstaller&version=2.10.4.0 HTTP/1.1
                        Host: www.jockersoft.com
                        Connection: Keep-Alive
                        May 27, 2024 03:00:09.548635960 CEST699INHTTP/1.1 200 OK
                        Date: Mon, 27 May 2024 01:00:09 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: keep-alive
                        Vary: Accept-Encoding
                        CF-Cache-Status: DYNAMIC
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4zsYBpNYgQBZcADvhR%2F3yXxP9qo91nQcvw77PWx2GibXmhny5CS%2BRq3QApqGpoAKnEh4OCXRaRlkZHCKk06dMcbrOIUhIok5M93gXU86u50Dqr%2B0AbxJCBT8XlQ%2F0lOcuL1cyTI%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 88a210ff3858c427-EWR
                        alt-svc: h3=":443"; ma=86400
                        Data Raw: 35 30 0d 0a 4f 4b 0d 0a 32 2e 39 2e 31 2e 30 0d 0a 68 74 74 70 3a 2f 2f 77 77 77 2e 6a 6f 63 6b 65 72 73 6f 66 74 2e 63 6f 6d 2f 64 6f 77 6e 6c 6f 61 64 73 2f 6c 61 74 65 73 74 2f 73 65 74 75 70 5f 43 6f 64 65 63 49 6e 73 74 61 6c 6c 65 72 2e 65 78 65 0d 0a 30 0d 0a 0d 0a
                        Data Ascii: 50OK2.9.1.0http://www.jockersoft.com/downloads/latest/setup_CodecInstaller.exe0


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:20:59:40
                        Start date:26/05/2024
                        Path:C:\Users\user\Desktop\setup_CodecInstaller_full.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\setup_CodecInstaller_full.exe"
                        Imagebase:0x400000
                        File size:3'934'779 bytes
                        MD5 hash:171B409B3248772CC366D31A44AED9F6
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:2
                        Start time:21:00:01
                        Start date:26/05/2024
                        Path:C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe" /NORESTART /verysilent
                        Imagebase:0x400000
                        File size:2'911'760 bytes
                        MD5 hash:3AFF13BDB88B4D57D41DC605A18738C9
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:Borland Delphi
                        Antivirus matches:
                        • Detection: 100%, Avira
                        • Detection: 100%, Joe Sandbox ML
                        • Detection: 30%, ReversingLabs
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:4
                        Start time:21:00:02
                        Start date:26/05/2024
                        Path:C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\AppData\Local\Temp\is-56AVD.tmp\CrawlerSetup12.tmp" /SL5="$304AA,2431449,71680,C:\Program Files (x86)\JockerSoft\CodecInstaller\CrawlerSetup12.exe" /NORESTART /verysilent
                        Imagebase:0x400000
                        File size:1'162'240 bytes
                        MD5 hash:DFB7304D96F8F1C29FDA2748779663D7
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:Borland Delphi
                        Yara matches:
                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000004.00000002.1929026516.0000000005920000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                        Antivirus matches:
                        • Detection: 4%, ReversingLabs
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:5
                        Start time:21:00:04
                        Start date:26/05/2024
                        Path:C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe"
                        Imagebase:0xf0000
                        File size:1'065'984 bytes
                        MD5 hash:0A7C0374DA795E987E1F490B495B82F5
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\JockerSoft\CodecInstaller\CodecInstaller.exe, Author: Joe Security
                        Antivirus matches:
                        • Detection: 0%, ReversingLabs
                        Reputation:low
                        Has exited:false

                        General

                        Target ID:7
                        Start time:21:00:08
                        Start date:26/05/2024
                        Path:C:\Program Files (x86)\Crawler\CToolbar.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Program Files (x86)\Crawler\CToolbar.exe" /REGSVR
                        Imagebase:0x400000
                        File size:2'558'088 bytes
                        MD5 hash:EC506EE0F7F493C09DEFC911CAEDFD08
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:Borland Delphi
                        Yara matches:
                        • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000007.00000000.1900724146.0000000000401000.00000020.00000001.01000000.00000018.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:30.1%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:23.3%
                          Total number of Nodes:1239
                          Total number of Limit Nodes:53
                          execution_graph 2864 401cc1 GetDlgItem GetClientRect 2869 4029e8 2864->2869 2867 401d0f DeleteObject 2868 40287d 2867->2868 2870 4029f4 2869->2870 2875 405aa7 2870->2875 2872 401cf1 LoadImageA SendMessageA 2872->2867 2872->2868 2889 405ab4 2875->2889 2876 405cca 2877 402a15 2876->2877 2909 405a85 lstrcpynA 2876->2909 2877->2872 2893 405ce3 2877->2893 2879 405b48 GetVersion 2879->2889 2880 405ca1 lstrlenA 2880->2889 2883 405aa7 10 API calls 2883->2880 2884 405bc0 GetSystemDirectoryA 2884->2889 2886 405bd3 GetWindowsDirectoryA 2886->2889 2887 405ce3 5 API calls 2887->2889 2888 405c07 SHGetSpecialFolderLocation 2888->2889 2892 405c1f SHGetPathFromIDListA CoTaskMemFree 2888->2892 2889->2876 2889->2879 2889->2880 2889->2883 2889->2884 2889->2886 2889->2887 2889->2888 2890 405aa7 10 API calls 2889->2890 2891 405c4a lstrcatA 2889->2891 2902 40596c RegOpenKeyExA 2889->2902 2907 4059e3 wsprintfA 2889->2907 2908 405a85 lstrcpynA 2889->2908 2890->2889 2891->2889 2892->2889 2894 405cef 2893->2894 2896 405d57 2894->2896 2897 405d4c CharNextA 2894->2897 2900 405d3a CharNextA 2894->2900 2901 405d47 CharNextA 2894->2901 2910 4055a3 2894->2910 2895 405d5b CharPrevA 2895->2896 2896->2895 2898 405d76 2896->2898 2897->2894 2897->2896 2898->2872 2900->2894 2901->2897 2903 4059dd 2902->2903 2904 40599f RegQueryValueExA 2902->2904 2903->2889 2905 4059c0 RegCloseKey 2904->2905 2905->2903 2907->2889 2908->2889 2909->2877 2911 4055a9 2910->2911 2912 4055bc 2911->2912 2913 4055af CharNextA 2911->2913 2912->2894 2913->2911 3811 401dc1 3812 4029e8 18 API calls 3811->3812 3813 401dc7 3812->3813 3814 4029e8 18 API calls 3813->3814 3815 401dd0 3814->3815 3816 4029e8 18 API calls 3815->3816 3817 401dd9 3816->3817 3818 4029e8 18 API calls 3817->3818 3819 401de2 3818->3819 3820 401423 25 API calls 3819->3820 3821 401de9 ShellExecuteA 3820->3821 3822 401e16 3821->3822 3823 401ec5 3824 4029e8 18 API calls 3823->3824 3825 401ecc GetFileVersionInfoSizeA 3824->3825 3826 401eef GlobalAlloc 3825->3826 3833 401f45 3825->3833 3827 401f03 GetFileVersionInfoA 3826->3827 3826->3833 3828 401f14 VerQueryValueA 3827->3828 3827->3833 3829 401f2d 3828->3829 3828->3833 3834 4059e3 wsprintfA 3829->3834 3831 401f39 3835 4059e3 wsprintfA 3831->3835 3834->3831 3835->3833 3467 4014ca 3468 404e23 25 API calls 3467->3468 3469 4014d1 3468->3469 3836 403f4b lstrcpynA lstrlenA 3837 40604c 3843 405ed0 3837->3843 3838 40683b 3839 405f51 GlobalFree 3840 405f5a GlobalAlloc 3839->3840 3840->3838 3840->3843 3841 405fd1 GlobalAlloc 3841->3838 3841->3843 3842 405fc8 GlobalFree 3842->3841 3843->3838 3843->3839 3843->3840 3843->3841 3843->3842 3529 401f51 3530 401f63 3529->3530 3540 402004 3529->3540 3531 4029e8 18 API calls 3530->3531 3532 401f6a 3531->3532 3534 4029e8 18 API calls 3532->3534 3533 401423 25 API calls 3538 40215b 3533->3538 3535 401f73 3534->3535 3536 401f88 LoadLibraryExA 3535->3536 3537 401f7b GetModuleHandleA 3535->3537 3539 401f98 GetProcAddress 3536->3539 3536->3540 3537->3536 3537->3539 3541 401fe5 3539->3541 3542 401fa8 3539->3542 3540->3533 3543 404e23 25 API calls 3541->3543 3545 401fb8 3542->3545 3547 401423 3542->3547 3543->3545 3545->3538 3546 401ff8 FreeLibrary 3545->3546 3546->3538 3548 404e23 25 API calls 3547->3548 3549 401431 3548->3549 3549->3545 3747 4014d6 3748 4029cb 18 API calls 3747->3748 3749 4014dc Sleep 3748->3749 3751 40287d 3749->3751 3752 402858 SendMessageA 3753 402872 InvalidateRect 3752->3753 3754 40287d 3752->3754 3753->3754 3856 4018d8 3857 40190f 3856->3857 3858 4029e8 18 API calls 3857->3858 3859 401914 3858->3859 3860 4053aa 68 API calls 3859->3860 3861 40191d 3860->3861 3755 402259 3756 4029e8 18 API calls 3755->3756 3757 402267 3756->3757 3758 4029e8 18 API calls 3757->3758 3759 402270 3758->3759 3760 4029e8 18 API calls 3759->3760 3761 40227a GetPrivateProfileStringA 3760->3761 3862 40155b 3863 401577 ShowWindow 3862->3863 3864 40157e 3862->3864 3863->3864 3865 40158c ShowWindow 3864->3865 3866 40287d 3864->3866 3865->3866 3867 4018db 3868 4029e8 18 API calls 3867->3868 3869 4018e2 3868->3869 3870 405346 MessageBoxIndirectA 3869->3870 3871 4018eb 3870->3871 2914 404f61 2915 404f82 GetDlgItem GetDlgItem GetDlgItem 2914->2915 2916 40510d 2914->2916 2960 403e6c SendMessageA 2915->2960 2918 405116 GetDlgItem CreateThread CloseHandle 2916->2918 2919 40513e 2916->2919 2918->2919 2994 404ef5 OleInitialize 2918->2994 2921 405169 2919->2921 2922 405155 ShowWindow ShowWindow 2919->2922 2923 40518b 2919->2923 2920 404ff3 2925 404ffa GetClientRect GetSystemMetrics SendMessageA SendMessageA 2920->2925 2924 4051c7 2921->2924 2927 4051a0 ShowWindow 2921->2927 2928 40517a 2921->2928 2976 403e6c SendMessageA 2922->2976 2980 403e9e 2923->2980 2924->2923 2934 4051d2 SendMessageA 2924->2934 2932 405069 2925->2932 2933 40504d SendMessageA SendMessageA 2925->2933 2930 4051c0 2927->2930 2931 4051b2 2927->2931 2977 403e10 2928->2977 2938 403e10 SendMessageA 2930->2938 2964 404e23 2931->2964 2939 40507c 2932->2939 2940 40506e SendMessageA 2932->2940 2933->2932 2936 405199 2934->2936 2941 4051eb CreatePopupMenu 2934->2941 2938->2924 2961 403e37 2939->2961 2940->2939 2942 405aa7 18 API calls 2941->2942 2944 4051fb AppendMenuA 2942->2944 2946 405221 2944->2946 2947 40520e GetWindowRect 2944->2947 2945 40508c 2948 405095 ShowWindow 2945->2948 2949 4050c9 GetDlgItem SendMessageA 2945->2949 2951 40522a TrackPopupMenu 2946->2951 2947->2951 2952 4050b8 2948->2952 2953 4050ab ShowWindow 2948->2953 2949->2936 2950 4050f0 SendMessageA SendMessageA 2949->2950 2950->2936 2951->2936 2954 405248 2951->2954 2975 403e6c SendMessageA 2952->2975 2953->2952 2955 405264 SendMessageA 2954->2955 2955->2955 2957 405281 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 2955->2957 2958 4052a3 SendMessageA 2957->2958 2958->2958 2959 4052c4 GlobalUnlock SetClipboardData CloseClipboard 2958->2959 2959->2936 2960->2920 2962 405aa7 18 API calls 2961->2962 2963 403e42 SetDlgItemTextA 2962->2963 2963->2945 2965 404e3e 2964->2965 2973 404ee1 2964->2973 2966 404e5b lstrlenA 2965->2966 2967 405aa7 18 API calls 2965->2967 2968 404e84 2966->2968 2969 404e69 lstrlenA 2966->2969 2967->2966 2971 404e97 2968->2971 2972 404e8a SetWindowTextA 2968->2972 2970 404e7b lstrcatA 2969->2970 2969->2973 2970->2968 2971->2973 2974 404e9d SendMessageA SendMessageA SendMessageA 2971->2974 2972->2971 2973->2930 2974->2973 2975->2949 2976->2921 2978 403e17 2977->2978 2979 403e1d SendMessageA 2977->2979 2978->2979 2979->2923 2981 403eb6 GetWindowLongA 2980->2981 2991 403f3f 2980->2991 2982 403ec7 2981->2982 2981->2991 2983 403ed6 GetSysColor 2982->2983 2984 403ed9 2982->2984 2983->2984 2985 403ee9 SetBkMode 2984->2985 2986 403edf SetTextColor 2984->2986 2987 403f01 GetSysColor 2985->2987 2988 403f07 2985->2988 2986->2985 2987->2988 2989 403f18 2988->2989 2990 403f0e SetBkColor 2988->2990 2989->2991 2992 403f32 CreateBrushIndirect 2989->2992 2993 403f2b DeleteObject 2989->2993 2990->2989 2991->2936 2992->2991 2993->2992 3001 403e83 2994->3001 2996 404f3f 2997 403e83 SendMessageA 2996->2997 2998 404f51 OleUninitialize 2997->2998 2999 404f18 2999->2996 3004 401389 2999->3004 3002 403e9b 3001->3002 3003 403e8c SendMessageA 3001->3003 3002->2999 3003->3002 3006 401390 3004->3006 3005 4013fe 3005->2999 3006->3005 3007 4013cb MulDiv SendMessageA 3006->3007 3007->3006 3018 403964 3019 403ab7 3018->3019 3020 40397c 3018->3020 3022 403b08 3019->3022 3023 403ac8 GetDlgItem GetDlgItem 3019->3023 3020->3019 3021 403988 3020->3021 3024 403993 SetWindowPos 3021->3024 3025 4039a6 3021->3025 3027 403b62 3022->3027 3035 401389 2 API calls 3022->3035 3026 403e37 19 API calls 3023->3026 3024->3025 3029 4039c3 3025->3029 3030 4039ab ShowWindow 3025->3030 3031 403af2 SetClassLongA 3026->3031 3028 403e83 SendMessageA 3027->3028 3078 403ab2 3027->3078 3076 403b74 3028->3076 3032 4039e5 3029->3032 3033 4039cb KiUserCallbackDispatcher 3029->3033 3030->3029 3034 40140b 2 API calls 3031->3034 3037 4039ea SetWindowLongA 3032->3037 3038 4039fb 3032->3038 3040 403dc0 3033->3040 3034->3022 3036 403b3a 3035->3036 3036->3027 3039 403b3e SendMessageA 3036->3039 3037->3078 3043 403a72 3038->3043 3044 403a07 GetDlgItem 3038->3044 3039->3078 3046 403df1 ShowWindow 3040->3046 3040->3078 3041 40140b 2 API calls 3041->3076 3042 403dc2 DestroyWindow KiUserCallbackDispatcher 3042->3040 3045 403e9e 8 API calls 3043->3045 3047 403a37 3044->3047 3048 403a1a SendMessageA IsWindowEnabled 3044->3048 3045->3078 3046->3078 3050 403a44 3047->3050 3051 403a8b SendMessageA 3047->3051 3052 403a57 3047->3052 3059 403a3c 3047->3059 3048->3047 3048->3078 3049 405aa7 18 API calls 3049->3076 3050->3051 3050->3059 3051->3043 3054 403a74 3052->3054 3055 403a5f 3052->3055 3053 403e10 SendMessageA 3053->3043 3057 40140b 2 API calls 3054->3057 3089 40140b 3055->3089 3057->3059 3058 403e37 19 API calls 3058->3076 3059->3043 3059->3053 3060 403e37 19 API calls 3061 403bef GetDlgItem 3060->3061 3062 403c04 3061->3062 3063 403c0c ShowWindow KiUserCallbackDispatcher 3061->3063 3062->3063 3086 403e59 KiUserCallbackDispatcher 3063->3086 3065 403c36 KiUserCallbackDispatcher 3068 403c4a 3065->3068 3066 403c4f GetSystemMenu EnableMenuItem SendMessageA 3067 403c7f SendMessageA 3066->3067 3066->3068 3067->3068 3068->3066 3087 403e6c SendMessageA 3068->3087 3088 405a85 lstrcpynA 3068->3088 3071 403cad lstrlenA 3072 405aa7 18 API calls 3071->3072 3073 403cbe SetWindowTextA 3072->3073 3074 401389 2 API calls 3073->3074 3074->3076 3075 403d02 DestroyWindow 3075->3040 3077 403d1c CreateDialogParamA 3075->3077 3076->3041 3076->3042 3076->3049 3076->3058 3076->3060 3076->3075 3076->3078 3077->3040 3079 403d4f 3077->3079 3080 403e37 19 API calls 3079->3080 3081 403d5a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3080->3081 3082 401389 2 API calls 3081->3082 3083 403da0 3082->3083 3083->3078 3084 403da8 ShowWindow 3083->3084 3085 403e83 SendMessageA 3084->3085 3085->3040 3086->3065 3087->3068 3088->3071 3090 401389 2 API calls 3089->3090 3091 401420 3090->3091 3091->3059 3872 402164 3873 4029e8 18 API calls 3872->3873 3874 40216a 3873->3874 3875 4029e8 18 API calls 3874->3875 3876 402173 3875->3876 3877 4029e8 18 API calls 3876->3877 3878 40217c 3877->3878 3879 405d7c 2 API calls 3878->3879 3880 402185 3879->3880 3881 402196 lstrlenA lstrlenA 3880->3881 3882 402189 3880->3882 3884 404e23 25 API calls 3881->3884 3883 404e23 25 API calls 3882->3883 3886 402191 3883->3886 3885 4021d2 SHFileOperationA 3884->3885 3885->3882 3885->3886 3887 4019e6 3888 4029e8 18 API calls 3887->3888 3889 4019ef ExpandEnvironmentStringsA 3888->3889 3890 401a03 3889->3890 3892 401a16 3889->3892 3891 401a08 lstrcmpA 3890->3891 3890->3892 3891->3892 3893 4021e6 3894 4021ed 3893->3894 3895 402200 3893->3895 3896 405aa7 18 API calls 3894->3896 3897 4021fa 3896->3897 3898 405346 MessageBoxIndirectA 3897->3898 3898->3895 3906 401c6d 3907 4029cb 18 API calls 3906->3907 3908 401c73 IsWindow 3907->3908 3909 4019d6 3908->3909 3910 4025ed 3911 4025f4 3910->3911 3912 40287d 3910->3912 3913 4025fa FindClose 3911->3913 3913->3912 3501 40266e 3502 4029e8 18 API calls 3501->3502 3504 40267c 3502->3504 3503 402692 3506 40573d 2 API calls 3503->3506 3504->3503 3505 4029e8 18 API calls 3504->3505 3505->3503 3507 402698 3506->3507 3527 40575c GetFileAttributesA CreateFileA 3507->3527 3509 4026a5 3510 4026b1 GlobalAlloc 3509->3510 3511 40274e 3509->3511 3512 402745 CloseHandle 3510->3512 3513 4026ca 3510->3513 3514 402756 DeleteFileA 3511->3514 3515 402769 3511->3515 3512->3511 3528 4031da SetFilePointer 3513->3528 3514->3515 3517 4026d0 3518 4031a8 ReadFile 3517->3518 3519 4026d9 GlobalAlloc 3518->3519 3520 4026e9 3519->3520 3521 40271d WriteFile GlobalFree 3519->3521 3523 402f01 47 API calls 3520->3523 3522 402f01 47 API calls 3521->3522 3524 402742 3522->3524 3526 4026f6 3523->3526 3524->3512 3525 402714 GlobalFree 3525->3521 3526->3525 3527->3509 3528->3517 3914 40276f 3915 4029cb 18 API calls 3914->3915 3916 402775 3915->3916 3917 4027b0 3916->3917 3918 402799 3916->3918 3923 40264e 3916->3923 3921 4027c6 3917->3921 3922 4027ba 3917->3922 3919 4027ad 3918->3919 3920 40279e 3918->3920 3929 4059e3 wsprintfA 3919->3929 3928 405a85 lstrcpynA 3920->3928 3925 405aa7 18 API calls 3921->3925 3924 4029cb 18 API calls 3922->3924 3924->3923 3925->3923 3928->3923 3929->3923 3930 4014f0 SetForegroundWindow 3931 40287d 3930->3931 3932 404772 GetDlgItem GetDlgItem 3933 4047c6 7 API calls 3932->3933 3942 4049e3 3932->3942 3934 40486c DeleteObject 3933->3934 3935 40485f SendMessageA 3933->3935 3936 404877 3934->3936 3935->3934 3937 4048ae 3936->3937 3941 405aa7 18 API calls 3936->3941 3939 403e37 19 API calls 3937->3939 3938 404acd 3940 404b7c 3938->3940 3951 404b26 SendMessageA 3938->3951 3973 4049d6 3938->3973 3943 4048c2 3939->3943 3945 404b91 3940->3945 3946 404b85 SendMessageA 3940->3946 3947 404890 SendMessageA SendMessageA 3941->3947 3942->3938 3944 404a57 3942->3944 3985 4046f2 SendMessageA 3942->3985 3950 403e37 19 API calls 3943->3950 3944->3938 3953 404abf SendMessageA 3944->3953 3948 404bba 3945->3948 3954 404ba3 ImageList_Destroy 3945->3954 3955 404baa 3945->3955 3946->3945 3947->3936 3957 404d20 3948->3957 3970 40140b 2 API calls 3948->3970 3979 404bec 3948->3979 3956 4048d0 3950->3956 3958 404b3b SendMessageA 3951->3958 3951->3973 3952 403e9e 8 API calls 3959 404d6c 3952->3959 3953->3938 3954->3955 3955->3948 3960 404bb3 GlobalFree 3955->3960 3961 4049a4 GetWindowLongA SetWindowLongA 3956->3961 3969 40491f SendMessageA 3956->3969 3972 40499e 3956->3972 3974 40495b SendMessageA 3956->3974 3975 40496c SendMessageA 3956->3975 3963 404d32 ShowWindow GetDlgItem ShowWindow 3957->3963 3957->3973 3966 404b4e 3958->3966 3960->3948 3962 4049bd 3961->3962 3964 4049c3 ShowWindow 3962->3964 3965 4049db 3962->3965 3963->3973 3983 403e6c SendMessageA 3964->3983 3984 403e6c SendMessageA 3965->3984 3971 404b5f SendMessageA 3966->3971 3969->3956 3970->3979 3971->3940 3972->3961 3972->3962 3973->3952 3974->3956 3975->3956 3976 404cf6 InvalidateRect 3976->3957 3977 404d0c 3976->3977 3980 404610 21 API calls 3977->3980 3978 404c1a SendMessageA 3981 404c30 3978->3981 3979->3978 3979->3981 3980->3957 3981->3976 3982 404ca4 SendMessageA SendMessageA 3981->3982 3982->3981 3983->3973 3984->3942 3986 404751 SendMessageA 3985->3986 3987 404715 GetMessagePos ScreenToClient SendMessageA 3985->3987 3988 404749 3986->3988 3987->3988 3989 40474e 3987->3989 3988->3944 3989->3986 3990 404d73 3991 404d81 3990->3991 3992 404d98 3990->3992 3993 404d87 3991->3993 4008 404e01 3991->4008 3994 404da6 IsWindowVisible 3992->3994 4000 404dbd 3992->4000 3995 403e83 SendMessageA 3993->3995 3997 404db3 3994->3997 3994->4008 3998 404d91 3995->3998 3996 404e07 CallWindowProcA 3996->3998 3999 4046f2 5 API calls 3997->3999 3999->4000 4000->3996 4009 405a85 lstrcpynA 4000->4009 4002 404dec 4010 4059e3 wsprintfA 4002->4010 4004 404df3 4005 40140b 2 API calls 4004->4005 4006 404dfa 4005->4006 4011 405a85 lstrcpynA 4006->4011 4008->3996 4009->4002 4010->4004 4011->4008 3628 404275 3629 4042b3 3628->3629 3630 4042a6 3628->3630 3632 4042bc GetDlgItem 3629->3632 3638 40432e 3629->3638 3706 40532a GetDlgItemTextA 3630->3706 3635 4042d0 3632->3635 3633 404403 3692 40458f 3633->3692 3696 40532a GetDlgItemTextA 3633->3696 3634 4042ad 3636 405ce3 5 API calls 3634->3636 3637 4042e4 SetWindowTextA 3635->3637 3640 40560c 4 API calls 3635->3640 3636->3629 3643 403e37 19 API calls 3637->3643 3638->3633 3641 405aa7 18 API calls 3638->3641 3638->3692 3645 4042da 3640->3645 3646 404395 SHBrowseForFolderA 3641->3646 3642 40442f 3647 405659 18 API calls 3642->3647 3648 404302 3643->3648 3644 403e9e 8 API calls 3649 4045a3 3644->3649 3645->3637 3653 405578 3 API calls 3645->3653 3646->3633 3650 4043ad CoTaskMemFree 3646->3650 3651 404435 3647->3651 3652 403e37 19 API calls 3648->3652 3654 405578 3 API calls 3650->3654 3697 405a85 lstrcpynA 3651->3697 3655 404310 3652->3655 3653->3637 3656 4043ba 3654->3656 3695 403e6c SendMessageA 3655->3695 3659 4043f1 SetDlgItemTextA 3656->3659 3664 405aa7 18 API calls 3656->3664 3659->3633 3660 40444c 3662 405da3 3 API calls 3660->3662 3661 404318 3663 405da3 3 API calls 3661->3663 3672 404454 3662->3672 3665 40431f 3663->3665 3666 4043d9 lstrcmpiA 3664->3666 3668 404327 SHAutoComplete 3665->3668 3665->3692 3666->3659 3670 4043ea lstrcatA 3666->3670 3667 40448e 3707 405a85 lstrcpynA 3667->3707 3668->3638 3670->3659 3671 404461 GetDiskFreeSpaceExA 3671->3672 3681 4044e1 3671->3681 3672->3667 3672->3671 3675 4055bf 2 API calls 3672->3675 3673 404497 3674 40560c 4 API calls 3673->3674 3676 40449d 3674->3676 3675->3672 3677 4044a1 3676->3677 3678 4044a4 GetDiskFreeSpaceA 3676->3678 3677->3678 3679 4044f9 3678->3679 3680 4044bf MulDiv 3678->3680 3679->3681 3680->3681 3682 40453e 3681->3682 3698 404610 3681->3698 3684 404561 3682->3684 3685 40140b 2 API calls 3682->3685 3708 403e59 KiUserCallbackDispatcher 3684->3708 3685->3684 3686 404530 3688 404540 SetDlgItemTextA 3686->3688 3689 404535 3686->3689 3688->3682 3691 404610 21 API calls 3689->3691 3690 40457d 3690->3692 3693 40458a 3690->3693 3691->3682 3692->3644 3709 40420a 3693->3709 3695->3661 3696->3642 3697->3660 3699 40462a 3698->3699 3700 405aa7 18 API calls 3699->3700 3701 40465f 3700->3701 3702 405aa7 18 API calls 3701->3702 3703 40466a 3702->3703 3704 405aa7 18 API calls 3703->3704 3705 40469b lstrlenA wsprintfA SetDlgItemTextA 3704->3705 3705->3686 3706->3634 3707->3673 3708->3690 3710 404218 3709->3710 3711 40421d SendMessageA 3709->3711 3710->3711 3711->3692 3712 4022f5 3713 4022fb 3712->3713 3714 4029e8 18 API calls 3713->3714 3715 40230d 3714->3715 3716 4029e8 18 API calls 3715->3716 3717 402317 RegCreateKeyExA 3716->3717 3718 402341 3717->3718 3719 40264e 3717->3719 3720 402359 3718->3720 3721 4029e8 18 API calls 3718->3721 3722 402365 3720->3722 3724 4029cb 18 API calls 3720->3724 3723 402352 lstrlenA 3721->3723 3725 402380 RegSetValueExA 3722->3725 3726 402f01 47 API calls 3722->3726 3723->3720 3724->3722 3727 402396 RegCloseKey 3725->3727 3726->3725 3727->3719 4012 4027f5 4013 4029cb 18 API calls 4012->4013 4014 4027fb 4013->4014 4015 40264e 4014->4015 4016 40282c 4014->4016 4018 402809 4014->4018 4016->4015 4017 405aa7 18 API calls 4016->4017 4017->4015 4018->4015 4020 4059e3 wsprintfA 4018->4020 4020->4015 4021 4024f8 4022 4029cb 18 API calls 4021->4022 4023 402502 4022->4023 4024 402536 ReadFile 4023->4024 4025 40257a 4023->4025 4026 40258a 4023->4026 4029 402578 4023->4029 4024->4023 4024->4029 4030 4059e3 wsprintfA 4025->4030 4028 4025a0 SetFilePointer 4026->4028 4026->4029 4028->4029 4030->4029 4031 4016fa 4032 4029e8 18 API calls 4031->4032 4033 401701 SearchPathA 4032->4033 4034 40171c 4033->4034 4035 4014fe 4036 401506 4035->4036 4038 401519 4035->4038 4037 4029cb 18 API calls 4036->4037 4037->4038 3779 403f7f 3780 4040a2 3779->3780 3781 403f95 3779->3781 3782 404111 3780->3782 3785 4041e5 3780->3785 3791 4040e6 GetDlgItem SendMessageA 3780->3791 3784 403e37 19 API calls 3781->3784 3783 40411b GetDlgItem 3782->3783 3782->3785 3789 404131 3783->3789 3790 4041a3 3783->3790 3786 403feb 3784->3786 3787 403e9e 8 API calls 3785->3787 3788 403e37 19 API calls 3786->3788 3792 4041e0 3787->3792 3793 403ff8 CheckDlgButton 3788->3793 3789->3790 3794 404157 6 API calls 3789->3794 3790->3785 3795 4041b5 3790->3795 3810 403e59 KiUserCallbackDispatcher 3791->3810 3808 403e59 KiUserCallbackDispatcher 3793->3808 3794->3790 3798 4041bb SendMessageA 3795->3798 3799 4041cc 3795->3799 3798->3799 3799->3792 3802 4041d2 SendMessageA 3799->3802 3800 40410c 3803 40420a SendMessageA 3800->3803 3801 404016 GetDlgItem 3809 403e6c SendMessageA 3801->3809 3802->3792 3803->3782 3805 40402c SendMessageA 3806 404053 SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 3805->3806 3807 40404a GetSysColor 3805->3807 3806->3792 3807->3806 3808->3801 3809->3805 3810->3800 4039 401000 4040 401037 BeginPaint GetClientRect 4039->4040 4041 40100c DefWindowProcA 4039->4041 4043 4010f3 4040->4043 4044 401179 4041->4044 4045 401073 CreateBrushIndirect FillRect DeleteObject 4043->4045 4046 4010fc 4043->4046 4045->4043 4047 401102 CreateFontIndirectA 4046->4047 4048 401167 EndPaint 4046->4048 4047->4048 4049 401112 6 API calls 4047->4049 4048->4044 4049->4048 4064 401b06 4065 401b13 4064->4065 4066 401b57 4064->4066 4069 4021ed 4065->4069 4072 401b2a 4065->4072 4067 401b80 GlobalAlloc 4066->4067 4068 401b5b 4066->4068 4070 405aa7 18 API calls 4067->4070 4079 401b9b 4068->4079 4085 405a85 lstrcpynA 4068->4085 4071 405aa7 18 API calls 4069->4071 4070->4079 4074 4021fa 4071->4074 4083 405a85 lstrcpynA 4072->4083 4077 405346 MessageBoxIndirectA 4074->4077 4076 401b6d GlobalFree 4076->4079 4077->4079 4078 401b39 4084 405a85 lstrcpynA 4078->4084 4081 401b48 4086 405a85 lstrcpynA 4081->4086 4083->4078 4084->4081 4085->4076 4086->4079 4087 402607 4088 40260a 4087->4088 4090 402622 4087->4090 4089 402617 FindNextFileA 4088->4089 4089->4090 4091 402661 4089->4091 4093 405a85 lstrcpynA 4091->4093 4093->4090 4101 401c8a 4102 4029cb 18 API calls 4101->4102 4103 401c91 4102->4103 4104 4029cb 18 API calls 4103->4104 4105 401c99 GetDlgItem 4104->4105 4106 4024aa 4105->4106 4107 40248e 4108 4029e8 18 API calls 4107->4108 4109 402495 4108->4109 4112 40575c GetFileAttributesA CreateFileA 4109->4112 4111 4024a1 4112->4111 3550 402012 3551 4029e8 18 API calls 3550->3551 3552 402019 3551->3552 3553 4029e8 18 API calls 3552->3553 3554 402023 3553->3554 3555 4029e8 18 API calls 3554->3555 3556 40202c 3555->3556 3557 4029e8 18 API calls 3556->3557 3558 402036 3557->3558 3559 4029e8 18 API calls 3558->3559 3561 402040 3559->3561 3560 402054 CoCreateInstance 3565 402073 3560->3565 3567 402129 3560->3567 3561->3560 3562 4029e8 18 API calls 3561->3562 3562->3560 3563 401423 25 API calls 3564 40215b 3563->3564 3566 402108 MultiByteToWideChar 3565->3566 3565->3567 3566->3567 3567->3563 3567->3564 3729 402215 3730 402223 3729->3730 3731 40221d 3729->3731 3733 4029e8 18 API calls 3730->3733 3735 402233 3730->3735 3732 4029e8 18 API calls 3731->3732 3732->3730 3733->3735 3734 402241 3737 4029e8 18 API calls 3734->3737 3735->3734 3736 4029e8 18 API calls 3735->3736 3736->3734 3738 40224a WritePrivateProfileStringA 3737->3738 3739 401d95 3740 4029cb 18 API calls 3739->3740 3741 401d9b 3740->3741 3742 4029cb 18 API calls 3741->3742 3743 401da4 3742->3743 3744 401db6 EnableWindow 3743->3744 3745 401dab ShowWindow 3743->3745 3746 40287d 3744->3746 3745->3746 4113 401595 4114 4029e8 18 API calls 4113->4114 4115 40159c SetFileAttributesA 4114->4115 4116 4015ae 4115->4116 4117 401e95 4118 4029e8 18 API calls 4117->4118 4119 401e9c 4118->4119 4120 405d7c 2 API calls 4119->4120 4121 401ea2 4120->4121 4123 401eb4 4121->4123 4124 4059e3 wsprintfA 4121->4124 4124->4123 4125 401696 4126 4029e8 18 API calls 4125->4126 4127 40169c GetFullPathNameA 4126->4127 4128 4016d4 4127->4128 4129 4016b3 4127->4129 4130 4016e8 GetShortPathNameA 4128->4130 4131 40287d 4128->4131 4129->4128 4132 405d7c 2 API calls 4129->4132 4130->4131 4133 4016c4 4132->4133 4133->4128 4135 405a85 lstrcpynA 4133->4135 4135->4128 4143 402419 4153 402af2 4143->4153 4145 402423 4146 4029cb 18 API calls 4145->4146 4147 40242c 4146->4147 4148 402443 RegEnumKeyA 4147->4148 4149 40244f RegEnumValueA 4147->4149 4150 40264e 4147->4150 4151 402468 RegCloseKey 4148->4151 4149->4150 4149->4151 4151->4150 4154 4029e8 18 API calls 4153->4154 4155 402b0b 4154->4155 4156 402b19 RegOpenKeyExA 4155->4156 4156->4145 4157 402299 4158 4022c9 4157->4158 4159 40229e 4157->4159 4161 4029e8 18 API calls 4158->4161 4160 402af2 19 API calls 4159->4160 4162 4022a5 4160->4162 4163 4022d0 4161->4163 4164 4029e8 18 API calls 4162->4164 4165 4022e6 4162->4165 4168 402a28 RegOpenKeyExA 4163->4168 4166 4022b6 RegDeleteValueA RegCloseKey 4164->4166 4166->4165 4172 402a53 4168->4172 4177 402a9f 4168->4177 4169 402a79 RegEnumKeyA 4170 402a8b RegCloseKey 4169->4170 4169->4172 4173 405da3 3 API calls 4170->4173 4171 402ab0 RegCloseKey 4171->4177 4172->4169 4172->4170 4172->4171 4174 402a28 3 API calls 4172->4174 4175 402a9b 4173->4175 4174->4172 4176 402acb RegDeleteKeyA 4175->4176 4175->4177 4176->4177 4177->4165 3762 401e1b 3763 4029e8 18 API calls 3762->3763 3764 401e21 3763->3764 3765 404e23 25 API calls 3764->3765 3766 401e2b 3765->3766 3767 4052e5 2 API calls 3766->3767 3768 401e31 3767->3768 3769 401e87 CloseHandle 3768->3769 3770 40264e 3768->3770 3771 401e50 WaitForSingleObject 3768->3771 3773 405ddc 2 API calls 3768->3773 3769->3770 3771->3768 3772 401e5e GetExitCodeProcess 3771->3772 3774 401e70 3772->3774 3775 401e7b 3772->3775 3773->3771 3778 4059e3 wsprintfA 3774->3778 3775->3769 3777 401e79 3775->3777 3777->3769 3778->3777 4178 401d1b GetDC GetDeviceCaps 4179 4029cb 18 API calls 4178->4179 4180 401d37 MulDiv 4179->4180 4181 4029cb 18 API calls 4180->4181 4182 401d4c 4181->4182 4183 405aa7 18 API calls 4182->4183 4184 401d85 CreateFontIndirectA 4183->4184 4185 4024aa 4184->4185 3008 401721 3009 4029e8 18 API calls 3008->3009 3010 401728 3009->3010 3014 40578b 3010->3014 3012 40172f 3013 40578b 2 API calls 3012->3013 3013->3012 3015 405796 GetTickCount GetTempFileNameA 3014->3015 3016 4057c2 3015->3016 3017 4057c6 3015->3017 3016->3015 3016->3017 3017->3012 4186 4023a1 4187 402af2 19 API calls 4186->4187 4188 4023ab 4187->4188 4189 4029e8 18 API calls 4188->4189 4190 4023b4 4189->4190 4191 4023be RegQueryValueExA 4190->4191 4194 40264e 4190->4194 4192 4023e4 RegCloseKey 4191->4192 4193 4023de 4191->4193 4192->4194 4193->4192 4197 4059e3 wsprintfA 4193->4197 4197->4192 4198 401922 4199 4029e8 18 API calls 4198->4199 4200 401929 lstrlenA 4199->4200 4201 4024aa 4200->4201 3092 403225 #17 SetErrorMode OleInitialize 3162 405da3 GetModuleHandleA 3092->3162 3096 403293 GetCommandLineA 3167 405a85 lstrcpynA 3096->3167 3098 4032a5 GetModuleHandleA 3099 4032bc 3098->3099 3100 4055a3 CharNextA 3099->3100 3101 4032d0 CharNextA 3100->3101 3107 4032dd 3101->3107 3102 403346 3103 403359 GetTempPathA 3102->3103 3168 4031f1 3103->3168 3105 40336f 3108 403393 DeleteFileA 3105->3108 3109 403373 GetWindowsDirectoryA lstrcatA 3105->3109 3106 4055a3 CharNextA 3106->3107 3107->3102 3107->3106 3113 403348 3107->3113 3176 402c5b GetTickCount GetModuleFileNameA 3108->3176 3111 4031f1 11 API calls 3109->3111 3114 40338f 3111->3114 3112 4033a4 3115 403411 ExitProcess OleUninitialize 3112->3115 3121 4055a3 CharNextA 3112->3121 3150 4033fd 3112->3150 3260 405a85 lstrcpynA 3113->3260 3114->3108 3114->3115 3117 403426 3115->3117 3118 40350b 3115->3118 3277 405346 3117->3277 3119 40358e ExitProcess 3118->3119 3123 405da3 3 API calls 3118->3123 3126 4033bb 3121->3126 3128 40351a 3123->3128 3131 4033d8 3126->3131 3132 40343c lstrcatA lstrcmpiA 3126->3132 3129 405da3 3 API calls 3128->3129 3130 403523 3129->3130 3133 405da3 3 API calls 3130->3133 3261 405659 3131->3261 3132->3115 3134 403458 CreateDirectoryA SetCurrentDirectoryA 3132->3134 3139 40352c 3133->3139 3136 40347a 3134->3136 3137 40346f 3134->3137 3282 405a85 lstrcpynA 3136->3282 3281 405a85 lstrcpynA 3137->3281 3140 40357a ExitWindowsEx 3139->3140 3147 40353a GetCurrentProcess 3139->3147 3140->3119 3143 403587 3140->3143 3146 40140b 2 API calls 3143->3146 3145 4033f2 3276 405a85 lstrcpynA 3145->3276 3146->3119 3152 40354a 3147->3152 3149 405aa7 18 API calls 3151 4034aa DeleteFileA 3149->3151 3206 4035e3 3150->3206 3153 4034b7 CopyFileA 3151->3153 3159 403488 3151->3159 3152->3140 3153->3159 3154 4034ff 3156 4057d3 38 API calls 3154->3156 3157 403506 3156->3157 3157->3115 3158 405aa7 18 API calls 3158->3159 3159->3149 3159->3154 3159->3158 3161 4034eb CloseHandle 3159->3161 3283 4057d3 3159->3283 3309 4052e5 CreateProcessA 3159->3309 3161->3159 3163 405dca GetProcAddress 3162->3163 3164 405dbf LoadLibraryA 3162->3164 3165 403268 SHGetFileInfoA 3163->3165 3164->3163 3164->3165 3166 405a85 lstrcpynA 3165->3166 3166->3096 3167->3098 3169 405ce3 5 API calls 3168->3169 3170 4031fd 3169->3170 3171 403207 3170->3171 3312 405578 lstrlenA CharPrevA 3170->3312 3171->3105 3174 40578b 2 API calls 3175 403223 3174->3175 3175->3105 3315 40575c GetFileAttributesA CreateFileA 3176->3315 3178 402c9e 3205 402cab 3178->3205 3316 405a85 lstrcpynA 3178->3316 3180 402cc1 3317 4055bf lstrlenA 3180->3317 3184 402cd2 GetFileSize 3185 402dd3 3184->3185 3187 402ce9 3184->3187 3324 402bc5 3185->3324 3187->3185 3190 402e6e 3187->3190 3197 402bc5 32 API calls 3187->3197 3187->3205 3322 4031a8 ReadFile 3187->3322 3192 402bc5 32 API calls 3190->3192 3191 402e16 GlobalAlloc 3194 402e2d 3191->3194 3192->3205 3198 40578b 2 API calls 3194->3198 3195 402df7 3196 4031a8 ReadFile 3195->3196 3199 402e02 3196->3199 3197->3187 3200 402e3e CreateFileA 3198->3200 3199->3191 3199->3205 3201 402e78 3200->3201 3200->3205 3340 4031da SetFilePointer 3201->3340 3203 402e86 3341 402f01 3203->3341 3205->3112 3207 405da3 3 API calls 3206->3207 3208 4035f7 3207->3208 3209 4035fd 3208->3209 3210 40360f 3208->3210 3393 4059e3 wsprintfA 3209->3393 3211 40596c 3 API calls 3210->3211 3212 403630 3211->3212 3213 40364e lstrcatA 3212->3213 3215 40596c 3 API calls 3212->3215 3216 40360d 3213->3216 3215->3213 3384 403897 3216->3384 3219 405659 18 API calls 3220 403676 3219->3220 3221 4036ff 3220->3221 3223 40596c 3 API calls 3220->3223 3222 405659 18 API calls 3221->3222 3224 403705 3222->3224 3226 4036a2 3223->3226 3225 403715 LoadImageA 3224->3225 3227 405aa7 18 API calls 3224->3227 3228 403740 RegisterClassA 3225->3228 3229 4037c9 3225->3229 3226->3221 3230 4036be lstrlenA 3226->3230 3233 4055a3 CharNextA 3226->3233 3227->3225 3231 40377c SystemParametersInfoA CreateWindowExA 3228->3231 3259 40340d 3228->3259 3232 40140b 2 API calls 3229->3232 3234 4036f2 3230->3234 3235 4036cc lstrcmpiA 3230->3235 3231->3229 3236 4037cf 3232->3236 3237 4036bc 3233->3237 3239 405578 3 API calls 3234->3239 3235->3234 3238 4036dc GetFileAttributesA 3235->3238 3241 403897 19 API calls 3236->3241 3236->3259 3237->3230 3240 4036e8 3238->3240 3242 4036f8 3239->3242 3240->3234 3243 4055bf 2 API calls 3240->3243 3244 4037e0 3241->3244 3394 405a85 lstrcpynA 3242->3394 3243->3234 3246 403864 3244->3246 3247 4037e8 ShowWindow LoadLibraryA 3244->3247 3248 404ef5 5 API calls 3246->3248 3249 403807 LoadLibraryA 3247->3249 3250 40380e GetClassInfoA 3247->3250 3251 40386a 3248->3251 3249->3250 3252 403822 GetClassInfoA RegisterClassA 3250->3252 3253 403838 DialogBoxParamA 3250->3253 3255 403886 3251->3255 3256 40386e 3251->3256 3252->3253 3254 40140b 2 API calls 3253->3254 3254->3259 3257 40140b 2 API calls 3255->3257 3258 40140b 2 API calls 3256->3258 3256->3259 3257->3259 3258->3259 3259->3115 3260->3103 3396 405a85 lstrcpynA 3261->3396 3263 40566a 3397 40560c CharNextA CharNextA 3263->3397 3266 4033e3 3266->3115 3275 405a85 lstrcpynA 3266->3275 3267 405ce3 5 API calls 3273 405680 3267->3273 3268 4056ab lstrlenA 3269 4056b6 3268->3269 3268->3273 3271 405578 3 API calls 3269->3271 3272 4056bb GetFileAttributesA 3271->3272 3272->3266 3273->3266 3273->3268 3274 4055bf 2 API calls 3273->3274 3403 405d7c FindFirstFileA 3273->3403 3274->3268 3275->3145 3276->3150 3278 40535b 3277->3278 3279 403434 ExitProcess 3278->3279 3280 40536f MessageBoxIndirectA 3278->3280 3280->3279 3281->3136 3282->3159 3284 405da3 3 API calls 3283->3284 3285 4057de 3284->3285 3286 40583b GetShortPathNameA 3285->3286 3289 405930 3285->3289 3406 40575c GetFileAttributesA CreateFileA 3285->3406 3288 405850 3286->3288 3286->3289 3288->3289 3291 405858 wsprintfA 3288->3291 3289->3159 3290 40581f CloseHandle GetShortPathNameA 3290->3289 3292 405833 3290->3292 3293 405aa7 18 API calls 3291->3293 3292->3286 3292->3289 3294 405880 3293->3294 3407 40575c GetFileAttributesA CreateFileA 3294->3407 3296 40588d 3296->3289 3297 40589c GetFileSize GlobalAlloc 3296->3297 3298 405929 CloseHandle 3297->3298 3299 4058ba ReadFile 3297->3299 3298->3289 3299->3298 3300 4058ce 3299->3300 3300->3298 3408 4056d1 lstrlenA 3300->3408 3303 4058e3 3413 405a85 lstrcpynA 3303->3413 3304 40593d 3306 4056d1 4 API calls 3304->3306 3307 4058f1 3306->3307 3308 405904 SetFilePointer WriteFile GlobalFree 3307->3308 3308->3298 3310 405320 3309->3310 3311 405314 CloseHandle 3309->3311 3310->3159 3311->3310 3313 405592 lstrcatA 3312->3313 3314 40320f CreateDirectoryA 3312->3314 3313->3314 3314->3174 3315->3178 3316->3180 3318 4055cc 3317->3318 3319 4055d1 CharPrevA 3318->3319 3320 402cc7 3318->3320 3319->3318 3319->3320 3321 405a85 lstrcpynA 3320->3321 3321->3184 3323 4031c9 3322->3323 3323->3187 3325 402bd3 3324->3325 3326 402beb 3324->3326 3327 402bdc DestroyWindow 3325->3327 3331 402be3 3325->3331 3328 402bf3 3326->3328 3329 402bfb GetTickCount 3326->3329 3327->3331 3356 405ddc 3328->3356 3329->3331 3332 402c09 3329->3332 3331->3191 3331->3205 3339 4031da SetFilePointer 3331->3339 3333 402c11 3332->3333 3334 402c3e CreateDialogParamA 3332->3334 3333->3331 3360 402ba9 3333->3360 3334->3331 3336 402c1f wsprintfA 3337 404e23 25 API calls 3336->3337 3338 402c3c 3337->3338 3338->3331 3339->3195 3340->3203 3342 402f12 SetFilePointer 3341->3342 3343 402f2e 3341->3343 3342->3343 3363 40302c GetTickCount 3343->3363 3346 402f3f ReadFile 3347 402f5f 3346->3347 3352 402feb 3346->3352 3348 40302c 42 API calls 3347->3348 3347->3352 3349 402f76 3348->3349 3350 402ff1 ReadFile 3349->3350 3349->3352 3354 402f86 3349->3354 3350->3352 3352->3205 3353 402fa1 ReadFile 3353->3352 3353->3354 3354->3352 3354->3353 3355 402fba WriteFile 3354->3355 3355->3352 3355->3354 3357 405df9 PeekMessageA 3356->3357 3358 405e09 3357->3358 3359 405def DispatchMessageA 3357->3359 3358->3331 3359->3357 3361 402bb8 3360->3361 3362 402bba MulDiv 3360->3362 3361->3362 3362->3336 3364 403196 3363->3364 3365 40305b 3363->3365 3366 402bc5 32 API calls 3364->3366 3376 4031da SetFilePointer 3365->3376 3372 402f37 3366->3372 3368 403066 SetFilePointer 3373 40308b 3368->3373 3369 4031a8 ReadFile 3369->3373 3371 402bc5 32 API calls 3371->3373 3372->3346 3372->3352 3373->3369 3373->3371 3373->3372 3374 403120 WriteFile 3373->3374 3375 403177 SetFilePointer 3373->3375 3377 405e9d 3373->3377 3374->3372 3374->3373 3375->3364 3376->3368 3378 405ec2 3377->3378 3379 405eca 3377->3379 3378->3373 3379->3378 3380 405f51 GlobalFree 3379->3380 3381 405f5a GlobalAlloc 3379->3381 3382 405fd1 GlobalAlloc 3379->3382 3383 405fc8 GlobalFree 3379->3383 3380->3381 3381->3378 3381->3379 3382->3378 3382->3379 3383->3382 3385 4038ab 3384->3385 3395 4059e3 wsprintfA 3385->3395 3387 40391c 3388 405aa7 18 API calls 3387->3388 3389 403928 SetWindowTextA 3388->3389 3390 403944 3389->3390 3391 40365e 3389->3391 3390->3391 3392 405aa7 18 API calls 3390->3392 3391->3219 3392->3390 3393->3216 3394->3221 3395->3387 3396->3263 3398 405626 3397->3398 3402 405632 3397->3402 3399 40562d CharNextA 3398->3399 3398->3402 3400 40564f 3399->3400 3400->3266 3400->3267 3401 4055a3 CharNextA 3401->3402 3402->3400 3402->3401 3404 405d92 FindClose 3403->3404 3405 405d9d 3403->3405 3404->3405 3405->3273 3406->3290 3407->3296 3409 405707 lstrlenA 3408->3409 3410 405711 3409->3410 3411 4056e5 lstrcmpiA 3409->3411 3410->3303 3410->3304 3411->3410 3412 4056fe CharNextA 3411->3412 3412->3409 3413->3307 4202 401ca5 4203 4029cb 18 API calls 4202->4203 4204 401cb5 SetWindowLongA 4203->4204 4205 40287d 4204->4205 3414 4035a6 3415 4035c1 3414->3415 3416 4035b7 CloseHandle 3414->3416 3417 4035d5 3415->3417 3418 4035cb CloseHandle 3415->3418 3416->3415 3421 4053aa 3417->3421 3418->3417 3422 405659 18 API calls 3421->3422 3423 4053be 3422->3423 3424 4053c7 DeleteFileA 3423->3424 3425 4053de 3423->3425 3426 4035e1 3424->3426 3427 405513 3425->3427 3462 405a85 lstrcpynA 3425->3462 3427->3426 3432 405d7c 2 API calls 3427->3432 3429 405408 3430 405419 3429->3430 3431 40540c lstrcatA 3429->3431 3434 4055bf 2 API calls 3430->3434 3433 40541f 3431->3433 3435 405538 3432->3435 3436 40542d lstrcatA 3433->3436 3437 405438 lstrlenA FindFirstFileA 3433->3437 3434->3433 3435->3426 3438 405578 3 API calls 3435->3438 3436->3437 3437->3427 3447 40545c 3437->3447 3440 405542 3438->3440 3439 4055a3 CharNextA 3439->3447 3441 40573d 2 API calls 3440->3441 3442 405548 RemoveDirectoryA 3441->3442 3443 405553 3442->3443 3444 40556a 3442->3444 3443->3426 3449 405559 3443->3449 3445 404e23 25 API calls 3444->3445 3445->3426 3446 4054f2 FindNextFileA 3446->3447 3450 40550a FindClose 3446->3450 3447->3439 3447->3446 3457 4053aa 59 API calls 3447->3457 3458 404e23 25 API calls 3447->3458 3461 4054d0 3447->3461 3463 405a85 lstrcpynA 3447->3463 3464 40573d GetFileAttributesA 3447->3464 3451 404e23 25 API calls 3449->3451 3450->3427 3452 405561 3451->3452 3453 4057d3 38 API calls 3452->3453 3455 405568 3453->3455 3455->3426 3457->3447 3458->3446 3459 404e23 25 API calls 3459->3461 3460 4057d3 38 API calls 3460->3461 3461->3446 3461->3459 3461->3460 3462->3429 3463->3447 3465 4054bf DeleteFileA 3464->3465 3466 40574c SetFileAttributesA 3464->3466 3465->3447 3466->3465 4206 401a26 4207 4029cb 18 API calls 4206->4207 4208 401a2c 4207->4208 4209 4029cb 18 API calls 4208->4209 4210 4019d6 4209->4210 4211 4045aa 4212 4045d6 4211->4212 4213 4045ba 4211->4213 4215 404609 4212->4215 4216 4045dc SHGetPathFromIDListA 4212->4216 4222 40532a GetDlgItemTextA 4213->4222 4218 4045f3 SendMessageA 4216->4218 4219 4045ec 4216->4219 4217 4045c7 SendMessageA 4217->4212 4218->4215 4221 40140b 2 API calls 4219->4221 4221->4218 4222->4217 3476 401bad 3498 4029cb 3476->3498 3478 401bb4 3479 4029cb 18 API calls 3478->3479 3480 401bbe 3479->3480 3481 401bce 3480->3481 3482 4029e8 18 API calls 3480->3482 3483 401bde 3481->3483 3484 4029e8 18 API calls 3481->3484 3482->3481 3485 401be9 3483->3485 3486 401c2d 3483->3486 3484->3483 3487 4029cb 18 API calls 3485->3487 3488 4029e8 18 API calls 3486->3488 3489 401bee 3487->3489 3490 401c32 3488->3490 3491 4029cb 18 API calls 3489->3491 3492 4029e8 18 API calls 3490->3492 3493 401bf7 3491->3493 3494 401c3b FindWindowExA 3492->3494 3495 401c1d SendMessageA 3493->3495 3496 401bff SendMessageTimeoutA 3493->3496 3497 401c59 3494->3497 3495->3497 3496->3497 3499 405aa7 18 API calls 3498->3499 3500 4029df 3499->3500 3500->3478 4223 402b2d 4224 402b55 4223->4224 4225 402b3c SetTimer 4223->4225 4226 402ba3 4224->4226 4227 402ba9 MulDiv 4224->4227 4225->4224 4228 402b63 wsprintfA SetWindowTextA SetDlgItemTextA 4227->4228 4228->4226 4230 40422e 4231 404264 4230->4231 4232 40423e 4230->4232 4234 403e9e 8 API calls 4231->4234 4233 403e37 19 API calls 4232->4233 4235 40424b SetDlgItemTextA 4233->4235 4236 404270 4234->4236 4235->4231 4237 402630 4238 4029e8 18 API calls 4237->4238 4239 402637 FindFirstFileA 4238->4239 4240 40265a 4239->4240 4241 40264a 4239->4241 4243 402661 4240->4243 4245 4059e3 wsprintfA 4240->4245 4246 405a85 lstrcpynA 4243->4246 4245->4243 4246->4241 4254 4024b0 4255 4024b5 4254->4255 4256 4024c6 4254->4256 4257 4029cb 18 API calls 4255->4257 4258 4029e8 18 API calls 4256->4258 4260 4024bc 4257->4260 4259 4024cd lstrlenA 4258->4259 4259->4260 4261 40264e 4260->4261 4262 4024ec WriteFile 4260->4262 4262->4261 3568 4015b3 3569 4029e8 18 API calls 3568->3569 3570 4015ba 3569->3570 3571 40560c 4 API calls 3570->3571 3578 4015c2 3571->3578 3572 40160a 3574 40162d 3572->3574 3575 40160f 3572->3575 3573 4055a3 CharNextA 3576 4015d0 CreateDirectoryA 3573->3576 3581 401423 25 API calls 3574->3581 3577 401423 25 API calls 3575->3577 3576->3578 3579 4015e5 GetLastError 3576->3579 3580 401616 3577->3580 3578->3572 3578->3573 3579->3578 3582 4015f2 GetFileAttributesA 3579->3582 3586 405a85 lstrcpynA 3580->3586 3585 40215b 3581->3585 3582->3578 3584 401621 SetCurrentDirectoryA 3584->3585 3586->3584 3587 401734 3588 4029e8 18 API calls 3587->3588 3589 40173b 3588->3589 3590 401761 3589->3590 3591 401759 3589->3591 3627 405a85 lstrcpynA 3590->3627 3626 405a85 lstrcpynA 3591->3626 3594 40175f 3598 405ce3 5 API calls 3594->3598 3595 40176c 3596 405578 3 API calls 3595->3596 3597 401772 lstrcatA 3596->3597 3597->3594 3618 40177e 3598->3618 3599 405d7c 2 API calls 3599->3618 3600 40573d 2 API calls 3600->3618 3602 401795 CompareFileTime 3602->3618 3603 401859 3605 404e23 25 API calls 3603->3605 3604 401830 3606 404e23 25 API calls 3604->3606 3614 401845 3604->3614 3608 401863 3605->3608 3606->3614 3607 405a85 lstrcpynA 3607->3618 3609 402f01 47 API calls 3608->3609 3610 401876 3609->3610 3611 40188a SetFileTime 3610->3611 3612 40189c FindCloseChangeNotification 3610->3612 3611->3612 3612->3614 3615 4018ad 3612->3615 3613 405aa7 18 API calls 3613->3618 3616 4018b2 3615->3616 3617 4018c5 3615->3617 3619 405aa7 18 API calls 3616->3619 3620 405aa7 18 API calls 3617->3620 3618->3599 3618->3600 3618->3602 3618->3603 3618->3604 3618->3607 3618->3613 3621 405346 MessageBoxIndirectA 3618->3621 3625 40575c GetFileAttributesA CreateFileA 3618->3625 3622 4018ba lstrcatA 3619->3622 3623 4018cd 3620->3623 3621->3618 3622->3623 3624 405346 MessageBoxIndirectA 3623->3624 3624->3614 3625->3618 3626->3594 3627->3595 4263 401634 4264 4029e8 18 API calls 4263->4264 4265 40163a 4264->4265 4266 405d7c 2 API calls 4265->4266 4267 401640 4266->4267 4268 401934 4269 4029cb 18 API calls 4268->4269 4270 40193b 4269->4270 4271 4029cb 18 API calls 4270->4271 4272 401945 4271->4272 4273 4029e8 18 API calls 4272->4273 4274 40194e 4273->4274 4275 401961 lstrlenA 4274->4275 4276 40199c 4274->4276 4277 40196b 4275->4277 4277->4276 4281 405a85 lstrcpynA 4277->4281 4279 401985 4279->4276 4280 401992 lstrlenA 4279->4280 4280->4276 4281->4279 4282 4019b5 4283 4029e8 18 API calls 4282->4283 4284 4019bc 4283->4284 4285 4029e8 18 API calls 4284->4285 4286 4019c5 4285->4286 4287 4019cc lstrcmpiA 4286->4287 4288 4019de lstrcmpA 4286->4288 4289 4019d2 4287->4289 4288->4289 4290 4014b7 4291 4014bd 4290->4291 4292 401389 2 API calls 4291->4292 4293 4014c5 4292->4293 4294 4025be 4295 4025c5 4294->4295 4296 40282a 4294->4296 4297 4029cb 18 API calls 4295->4297 4298 4025d0 4297->4298 4299 4025d7 SetFilePointer 4298->4299 4299->4296 4300 4025e7 4299->4300 4302 4059e3 wsprintfA 4300->4302 4302->4296

                          Executed Functions

                          Function 00403225 Relevance: 75.5, APIs: 24, Strings: 19, Instructions: 270filestringcomCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 0 403225-4032ba #17 SetErrorMode OleInitialize call 405da3 SHGetFileInfoA call 405a85 GetCommandLineA call 405a85 GetModuleHandleA 7 4032c6-4032db call 4055a3 CharNextA 0->7 8 4032bc-4032c1 0->8 11 403340-403344 7->11 8->7 12 403346 11->12 13 4032dd-4032e0 11->13 16 403359-403371 GetTempPathA call 4031f1 12->16 14 4032e2-4032e6 13->14 15 4032e8-4032f0 13->15 14->14 14->15 17 4032f2-4032f3 15->17 18 4032f8-4032fb 15->18 26 403393-4033aa DeleteFileA call 402c5b 16->26 27 403373-403391 GetWindowsDirectoryA lstrcatA call 4031f1 16->27 17->18 20 403330-40333d call 4055a3 18->20 21 4032fd-403301 18->21 20->11 37 40333f 20->37 24 403311-403317 21->24 25 403303-40330c 21->25 32 403327-40332e 24->32 33 403319-403322 24->33 25->24 30 40330e 25->30 39 403411-403420 ExitProcess OleUninitialize 26->39 40 4033ac-4033b2 26->40 27->26 27->39 30->24 32->20 36 403348-403354 call 405a85 32->36 33->32 34 403324 33->34 34->32 36->16 37->11 44 403426-403436 call 405346 ExitProcess 39->44 45 40350b-403511 39->45 42 403401-403408 call 4035e3 40->42 43 4033b4-4033bd call 4055a3 40->43 52 40340d 42->52 58 4033c8-4033ca 43->58 46 403513-403530 call 405da3 * 3 45->46 47 40358e-403596 45->47 73 403532-403534 46->73 74 40357a-403585 ExitWindowsEx 46->74 53 403598 47->53 54 40359c-4035a0 ExitProcess 47->54 52->39 53->54 60 4033cc-4033d6 58->60 61 4033bf-4033c5 58->61 64 4033d8-4033e5 call 405659 60->64 65 40343c-403456 lstrcatA lstrcmpiA 60->65 61->60 63 4033c7 61->63 63->58 64->39 76 4033e7-4033fd call 405a85 * 2 64->76 65->39 67 403458-40346d CreateDirectoryA SetCurrentDirectoryA 65->67 70 40347a-403494 call 405a85 67->70 71 40346f-403475 call 405a85 67->71 83 403499-4034b5 call 405aa7 DeleteFileA 70->83 71->70 73->74 80 403536-403538 73->80 74->47 79 403587-403589 call 40140b 74->79 76->42 79->47 80->74 85 40353a-40354c GetCurrentProcess 80->85 91 4034f6-4034fd 83->91 92 4034b7-4034c7 CopyFileA 83->92 85->74 93 40354e-403570 85->93 91->83 95 4034ff-403506 call 4057d3 91->95 92->91 94 4034c9-4034e9 call 4057d3 call 405aa7 call 4052e5 92->94 93->74 94->91 105 4034eb-4034f2 CloseHandle 94->105 95->39 105->91
                          APIs
                          • #17.COMCTL32 ref: 00403244
                          • SetErrorMode.KERNEL32(00008001), ref: 0040324F
                          • OleInitialize.OLE32(00000000), ref: 00403256
                            • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                            • Part of subcall function 00405DA3: LoadLibraryA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DC0
                            • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                          • SHGetFileInfoA.SHELL32(0041F450,00000000,?,00000160,00000000,00000008), ref: 0040327E
                            • Part of subcall function 00405A85: lstrcpynA.KERNEL32(?,?,00000400,00403293,CodecInstaller 2.10.4 Setup,NSIS Error), ref: 00405A92
                          • GetCommandLineA.KERNEL32(CodecInstaller 2.10.4 Setup,NSIS Error), ref: 00403293
                          • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",00000000), ref: 004032A6
                          • CharNextA.USER32(00000000,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",00000020), ref: 004032D1
                          • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403364
                          • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403379
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403385
                          • DeleteFileA.KERNEL32(1033), ref: 00403398
                          • ExitProcess.KERNEL32(00000000), ref: 00403411
                          • OleUninitialize.OLE32(00000000), ref: 00403416
                          • ExitProcess.KERNEL32 ref: 00403436
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",00000000,00000000), ref: 00403442
                          • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop), ref: 0040344E
                          • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040345A
                          • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403461
                          • DeleteFileA.KERNEL32(0041F050,0041F050,?,00424000,?), ref: 004034AB
                          • CopyFileA.KERNEL32(C:\Users\user\Desktop\setup_CodecInstaller_full.exe,0041F050,00000001), ref: 004034BF
                          • CloseHandle.KERNEL32(00000000,0041F050,0041F050,?,0041F050,00000000), ref: 004034EC
                          • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403541
                          • ExitWindowsEx.USER32(00000002,00000000), ref: 0040357D
                          • ExitProcess.KERNEL32 ref: 004035A0
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: ExitFileProcess$DirectoryHandle$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                          • String ID: /D=$ _?=$"$"C:\Users\user\Desktop\setup_CodecInstaller_full.exe"$1033$C:\Program Files (x86)\JockerSoft\CodecInstaller$C:\Program Files (x86)\JockerSoft\CodecInstaller$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\setup_CodecInstaller_full.exe$CodecInstaller 2.10.4 Setup$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp$Af
                          • API String ID: 553446912-1482919591
                          • Opcode ID: e149b5f9a0c3c464b214265043745c72bc5401cd35e727a8bba4b232b690caf3
                          • Instruction ID: b5e3cabad0cbadbc416d8838d891dc98190303aa4ff7e7c7b73425e0a697763a
                          • Opcode Fuzzy Hash: e149b5f9a0c3c464b214265043745c72bc5401cd35e727a8bba4b232b690caf3
                          • Instruction Fuzzy Hash: FF91C170A08351BED7216F619C89B2B7EACAB44306F04457BF941B62D2C77C9E058B6E
                          Function 00404F61 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 278windowclipboardmemoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 106 404f61-404f7c 107 404f82-40504b GetDlgItem * 3 call 403e6c call 4046c5 GetClientRect GetSystemMetrics SendMessageA * 2 106->107 108 40510d-405114 106->108 128 405069-40506c 107->128 129 40504d-405067 SendMessageA * 2 107->129 110 405116-405138 GetDlgItem CreateThread CloseHandle 108->110 111 40513e-40514b 108->111 110->111 113 405169-405170 111->113 114 40514d-405153 111->114 118 405172-405178 113->118 119 4051c7-4051cb 113->119 116 405155-405164 ShowWindow * 2 call 403e6c 114->116 117 40518b-405194 call 403e9e 114->117 116->113 132 405199-40519d 117->132 123 4051a0-4051b0 ShowWindow 118->123 124 40517a-405186 call 403e10 118->124 119->117 121 4051cd-4051d0 119->121 121->117 130 4051d2-4051e5 SendMessageA 121->130 126 4051c0-4051c2 call 403e10 123->126 127 4051b2-4051bb call 404e23 123->127 124->117 126->119 127->126 135 40507c-405093 call 403e37 128->135 136 40506e-40507a SendMessageA 128->136 129->128 137 4051eb-40520c CreatePopupMenu call 405aa7 AppendMenuA 130->137 138 4052de-4052e0 130->138 145 405095-4050a9 ShowWindow 135->145 146 4050c9-4050ea GetDlgItem SendMessageA 135->146 136->135 143 405221-405227 137->143 144 40520e-40521f GetWindowRect 137->144 138->132 148 40522a-405242 TrackPopupMenu 143->148 144->148 149 4050b8 145->149 150 4050ab-4050b6 ShowWindow 145->150 146->138 147 4050f0-405108 SendMessageA * 2 146->147 147->138 148->138 151 405248-40525f 148->151 152 4050be-4050c4 call 403e6c 149->152 150->152 153 405264-40527f SendMessageA 151->153 152->146 153->153 155 405281-4052a1 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 153->155 156 4052a3-4052c2 SendMessageA 155->156 156->156 157 4052c4-4052d8 GlobalUnlock SetClipboardData CloseClipboard 156->157 157->138
                          APIs
                          • GetDlgItem.USER32(?,00000403), ref: 00404FC0
                          • GetDlgItem.USER32(?,000003EE), ref: 00404FCF
                          • GetClientRect.USER32(?,?), ref: 0040500C
                          • GetSystemMetrics.USER32(00000015), ref: 00405014
                          • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00405035
                          • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405046
                          • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 00405059
                          • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00405067
                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040507A
                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040509C
                          • ShowWindow.USER32(?,00000008), ref: 004050B0
                          • GetDlgItem.USER32(?,000003EC), ref: 004050D1
                          • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004050E1
                          • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004050FA
                          • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405106
                          • GetDlgItem.USER32(?,000003F8), ref: 00404FDE
                            • Part of subcall function 00403E6C: SendMessageA.USER32(00000028,?,00000001,00403C9D), ref: 00403E7A
                          • GetDlgItem.USER32(?,000003EC), ref: 00405123
                          • CreateThread.KERNEL32(00000000,00000000,Function_00004EF5,00000000), ref: 00405131
                          • CloseHandle.KERNEL32(00000000), ref: 00405138
                          • ShowWindow.USER32(00000000), ref: 0040515C
                          • ShowWindow.USER32(000204AA,00000008), ref: 00405161
                          • ShowWindow.USER32(00000008), ref: 004051A8
                          • SendMessageA.USER32(000204AA,00001004,00000000,00000000), ref: 004051DA
                          • CreatePopupMenu.USER32 ref: 004051EB
                          • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405200
                          • GetWindowRect.USER32(000204AA,?), ref: 00405213
                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405237
                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405272
                          • OpenClipboard.USER32(00000000), ref: 00405282
                          • EmptyClipboard.USER32 ref: 00405288
                          • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405291
                          • GlobalLock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040529B
                          • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004052AF
                          • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 004052C7
                          • SetClipboardData.USER32(00000001,00000000), ref: 004052D2
                          • CloseClipboard.USER32 ref: 004052D8
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                          • String ID: {$Af
                          • API String ID: 590372296-2157888807
                          • Opcode ID: 9a27acf1433637b546c4bba5c5163ff2e33fc421ce0b611576c5e59b866a8cf2
                          • Instruction ID: fc5da488f7bc2ad647f0a41a3fd7729356532ad04293fc61f6ec29e3deb516b2
                          • Opcode Fuzzy Hash: 9a27acf1433637b546c4bba5c5163ff2e33fc421ce0b611576c5e59b866a8cf2
                          • Instruction Fuzzy Hash: 94A14B70900208BFDB219F60DD89AAE7F79FB08355F10417AFA04BA2A0C7795E41DF69
                          Function 00404275 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 266stringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 370 404275-4042a4 371 4042b3-4042ba 370->371 372 4042a6-4042ae call 40532a call 405ce3 370->372 374 4042bc-4042d2 GetDlgItem call 4055e5 371->374 375 40432e-404335 371->375 372->371 386 4042e4-404321 SetWindowTextA call 403e37 * 2 call 403e6c call 405da3 374->386 387 4042d4-4042dc call 40560c 374->387 376 40440a-404411 375->376 377 40433b-404341 375->377 382 404420-404437 call 40532a call 405659 376->382 383 404413-40441a 376->383 380 404343-40434e 377->380 381 40435b-404360 377->381 388 404354 380->388 389 404595-4045a7 call 403e9e 380->389 381->376 390 404366-4043ab call 405aa7 SHBrowseForFolderA 381->390 409 404440-404459 call 405a85 call 405da3 382->409 410 404439 382->410 383->382 383->389 386->389 428 404327-40432c SHAutoComplete 386->428 387->386 402 4042de-4042df call 405578 387->402 388->381 403 404403 390->403 404 4043ad-4043c7 CoTaskMemFree call 405578 390->404 402->386 403->376 415 4043f1-404401 SetDlgItemTextA 404->415 416 4043c9-4043cf 404->416 426 404490-40449f call 405a85 call 40560c 409->426 427 40445b-40445f 409->427 410->409 415->376 416->415 419 4043d1-4043e8 call 405aa7 lstrcmpiA 416->419 419->415 430 4043ea-4043ec lstrcatA 419->430 445 4044a1 426->445 446 4044a4-4044bd GetDiskFreeSpaceA 426->446 431 404461-404473 GetDiskFreeSpaceExA 427->431 432 40448e 427->432 428->375 430->415 433 4044e1-4044f7 431->433 434 404475-404477 431->434 432->426 439 4044fc 433->439 436 404479 434->436 437 40447c-40448c call 4055bf 434->437 436->437 437->431 437->432 440 404501-40450b call 4046c5 439->440 450 404518-404521 440->450 451 40450d-40450f 440->451 445->446 448 4044f9 446->448 449 4044bf-4044df MulDiv 446->449 448->439 449->440 453 404523-404533 call 404610 450->453 454 40454e-404558 450->454 451->450 452 404511 451->452 452->450 464 404540-404549 SetDlgItemTextA 453->464 465 404535-404539 call 404610 453->465 456 404564-40456a 454->456 457 40455a-404561 call 40140b 454->457 459 40456c 456->459 460 40456f-404580 call 403e59 456->460 457->456 459->460 468 404582-404588 460->468 469 40458f 460->469 464->454 470 40453e 465->470 468->469 471 40458a call 40420a 468->471 469->389 470->454 471->469
                          APIs
                          • GetDlgItem.USER32(?,000003FB), ref: 004042C1
                          • SetWindowTextA.USER32(?,?), ref: 004042EE
                          • SHAutoComplete.SHLWAPI(?,00000001,00000007,?,?,00000014,?,?,00000001,?), ref: 0040432C
                          • SHBrowseForFolderA.SHELL32(?,0041F868,?), ref: 004043A3
                          • CoTaskMemFree.OLE32(00000000), ref: 004043AE
                          • lstrcmpiA.KERNEL32(Remove folder: ,00420498), ref: 004043E0
                          • lstrcatA.KERNEL32(?,Remove folder: ), ref: 004043EC
                          • SetDlgItemTextA.USER32(?,000003FB,?), ref: 004043FC
                            • Part of subcall function 0040532A: GetDlgItemTextA.USER32(?,?,00000400,0040442F), ref: 0040533D
                            • Part of subcall function 00405CE3: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D3B
                            • Part of subcall function 00405CE3: CharNextA.USER32(?,?,?,00000000), ref: 00405D48
                            • Part of subcall function 00405CE3: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D4D
                            • Part of subcall function 00405CE3: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D5D
                          • GetDiskFreeSpaceExA.KERNEL32(C:\Program Files (x86)\,?,?,?,00000000,C:\Program Files (x86)\,?,?,000003FB,?), ref: 0040446E
                          • GetDiskFreeSpaceA.KERNEL32(C:\Program Files (x86)\,?,?,0000040F,?,C:\Program Files (x86)\,C:\Program Files (x86)\,?,00000000,C:\Program Files (x86)\,?,?,000003FB,?), ref: 004044B5
                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 004044D0
                          • SetDlgItemTextA.USER32(00000000,00000400,0041F450), ref: 00404549
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CharItemText$FreeNext$DiskSpace$AutoBrowseCompleteFolderPrevTaskWindowlstrcatlstrcmpi
                          • String ID: A$C:\Program Files (x86)\$C:\Program Files (x86)\JockerSoft\CodecInstaller$Remove folder: $Af
                          • API String ID: 936030579-3032440397
                          • Opcode ID: e9a4832d590f366890c8c5e10f7ff0b9b126ba8a12bddf7363bffbd2832f67f7
                          • Instruction ID: 6850db0b715ddbe2af210025c5f30c7158fed24285b7178da21f46715b177744
                          • Opcode Fuzzy Hash: e9a4832d590f366890c8c5e10f7ff0b9b126ba8a12bddf7363bffbd2832f67f7
                          • Instruction Fuzzy Hash: BA9162B1A00218BBDF11AFA1DD85AAF77B8EF84314F10403BFB04B6291D77C9A419B59
                          Function 004053AA Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 156filestringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 544 4053aa-4053c5 call 405659 547 4053c7-4053d9 DeleteFileA 544->547 548 4053de-4053e8 544->548 549 405572-405575 547->549 550 4053ea-4053ec 548->550 551 4053fc-40540a call 405a85 548->551 552 4053f2-4053f6 550->552 553 40551d-405523 550->553 559 405419-40541a call 4055bf 551->559 560 40540c-405417 lstrcatA 551->560 552->551 552->553 553->549 555 405525-405528 553->555 557 405532-40553a call 405d7c 555->557 558 40552a-405530 555->558 557->549 568 40553c-405551 call 405578 call 40573d RemoveDirectoryA 557->568 558->549 562 40541f-405422 559->562 560->562 565 405424-40542b 562->565 566 40542d-405433 lstrcatA 562->566 565->566 567 405438-405456 lstrlenA FindFirstFileA 565->567 566->567 569 405513-405517 567->569 570 40545c-405473 call 4055a3 567->570 583 405553-405557 568->583 584 40556a-40556d call 404e23 568->584 569->553 572 405519 569->572 577 405475-405479 570->577 578 40547e-405481 570->578 572->553 577->578 580 40547b 577->580 581 405483-405488 578->581 582 405494-4054a2 call 405a85 578->582 580->578 586 4054f2-405504 FindNextFileA 581->586 587 40548a-40548c 581->587 594 4054a4-4054ac 582->594 595 4054b9-4054c8 call 40573d DeleteFileA 582->595 583->558 589 405559-405568 call 404e23 call 4057d3 583->589 584->549 586->570 592 40550a-40550d FindClose 586->592 587->582 590 40548e-405492 587->590 589->549 590->582 590->586 592->569 594->586 599 4054ae-4054b7 call 4053aa 594->599 604 4054ea-4054ed call 404e23 595->604 605 4054ca-4054ce 595->605 599->586 604->586 606 4054d0-4054e0 call 404e23 call 4057d3 605->606 607 4054e2-4054e8 605->607 606->586 607->586
                          APIs
                          • DeleteFileA.KERNEL32(?,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",74DF2EE0), ref: 004053C8
                          • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",74DF2EE0), ref: 00405412
                          • lstrcatA.KERNEL32(?,0040900C,?,C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",74DF2EE0), ref: 00405433
                          • lstrlenA.KERNEL32(?,?,0040900C,?,C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",74DF2EE0), ref: 00405439
                          • FindFirstFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\*.*,?,?,?,0040900C,?,C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\*.*,?,00000000,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",74DF2EE0), ref: 0040544A
                          • FindNextFileA.KERNELBASE(?,00000010,000000F2,?), ref: 004054FC
                          • FindClose.KERNEL32(?), ref: 0040550D
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                          • String ID: "C:\Users\user\Desktop\setup_CodecInstaller_full.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\*.*$\*.*
                          • API String ID: 2035342205-2140686033
                          • Opcode ID: f03fa35e229480a227b16915fc655d2f067cecf287ee4dfbdf736c714da85b76
                          • Instruction ID: 0322a8429cd808b8a7b2d486838befd4e4df4ca31dedcf7a9ac14dfd5c4716bd
                          • Opcode Fuzzy Hash: f03fa35e229480a227b16915fc655d2f067cecf287ee4dfbdf736c714da85b76
                          • Instruction Fuzzy Hash: 2851CE30904A58BACB21AB219C85BFF3A78DF42719F14817BF901751D2CB7C4982DE6E
                          Function 00405AA7 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 195stringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 613 405aa7-405ab2 614 405ab4-405ac3 613->614 615 405ac5-405ae2 613->615 614->615 616 405cc0-405cc4 615->616 617 405ae8-405aef 615->617 618 405af4-405afe 616->618 619 405cca-405cd4 616->619 617->616 618->619 622 405b04-405b0b 618->622 620 405cd6-405cda call 405a85 619->620 621 405cdf-405ce0 619->621 620->621 623 405b11-405b42 622->623 624 405cb3 622->624 626 405b48-405b53 GetVersion 623->626 627 405c5d-405c60 623->627 628 405cb5-405cbb 624->628 629 405cbd-405cbf 624->629 630 405b55-405b59 626->630 631 405b6d 626->631 632 405c90-405c93 627->632 633 405c62-405c65 627->633 628->616 629->616 630->631 634 405b5b-405b5f 630->634 637 405b74-405b7b 631->637 638 405ca1-405cb1 lstrlenA 632->638 639 405c95-405c9c call 405aa7 632->639 635 405c75-405c81 call 405a85 633->635 636 405c67-405c73 call 4059e3 633->636 634->631 640 405b61-405b65 634->640 650 405c86-405c8c 635->650 636->650 642 405b80-405b82 637->642 643 405b7d-405b7f 637->643 638->616 639->638 640->631 646 405b67-405b6b 640->646 648 405b84-405b9f call 40596c 642->648 649 405bbb-405bbe 642->649 643->642 646->637 658 405ba4-405ba7 648->658 651 405bc0-405bcc GetSystemDirectoryA 649->651 652 405bce-405bd1 649->652 650->638 654 405c8e 650->654 655 405c3f-405c42 651->655 656 405bd3-405be1 GetWindowsDirectoryA 652->656 657 405c3b-405c3d 652->657 659 405c55-405c5b call 405ce3 654->659 655->659 662 405c44-405c48 655->662 656->657 657->655 661 405be3-405bed 657->661 658->662 663 405bad-405bb6 call 405aa7 658->663 659->638 665 405c07-405c1d SHGetSpecialFolderLocation 661->665 666 405bef-405bf2 661->666 662->659 668 405c4a-405c50 lstrcatA 662->668 663->655 670 405c38 665->670 671 405c1f-405c36 SHGetPathFromIDListA CoTaskMemFree 665->671 666->665 669 405bf4-405bfb 666->669 668->659 673 405c03-405c05 669->673 670->657 671->655 671->670 673->655 673->665
                          APIs
                          • GetVersion.KERNEL32(00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00404E5B,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000), ref: 00405B4B
                          • GetSystemDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405BC6
                          • GetWindowsDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405BD9
                          • SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00405C15
                          • SHGetPathFromIDListA.SHELL32(00000000,Remove folder: ), ref: 00405C23
                          • CoTaskMemFree.OLE32(00000000), ref: 00405C2E
                          • lstrcatA.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 00405C50
                          • lstrlenA.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00404E5B,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000), ref: 00405CA2
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                          • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                          • API String ID: 900638850-3881786048
                          • Opcode ID: ee62f025e57db42e027b2d2897614503abab094169b2c6279358b2ef5c8aa085
                          • Instruction ID: 02e69832ec688910c0edf1e4f77165a8fa6b6d990b95ba5e8d1c2d1c59892890
                          • Opcode Fuzzy Hash: ee62f025e57db42e027b2d2897614503abab094169b2c6279358b2ef5c8aa085
                          • Instruction Fuzzy Hash: B251E371A08B19ABEB215B64CC84BBF3B74EB15714F14023BE911BA2D0D37C5982DE4E
                          Function 00402012 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134comCOMMON
                          Download Yara Rule
                          APIs
                          • CoCreateInstance.OLE32(00407384,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402065
                          • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecInstaller\Help.lnk,00000400,?,00000001,00407374,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040211F
                          Strings
                          • C:\Program Files (x86)\JockerSoft\CodecInstaller, xrefs: 0040209D
                          • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecInstaller\Help.lnk, xrefs: 00402108, 00402112, 0040212E
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: ByteCharCreateInstanceMultiWide
                          • String ID: C:\Program Files (x86)\JockerSoft\CodecInstaller$C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecInstaller\Help.lnk
                          • API String ID: 123533781-1964129063
                          • Opcode ID: 40e81596bb293b276b16c7bb725486a38c0737a1be7f7a29e94877c5519a1c5d
                          • Instruction ID: 9a85de16ea5d7a81ede148d9b78cdb1ba9a910f30d2aff7a9c0f788a9809de35
                          • Opcode Fuzzy Hash: 40e81596bb293b276b16c7bb725486a38c0737a1be7f7a29e94877c5519a1c5d
                          • Instruction Fuzzy Hash: 0E414DB5A00104AFDB00DFA4CD89E9E7BBABF49314B20416AF905EB2D1DA79DD41CB64
                          Function 0040604C Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b8718c5171febd1f94c1c08a97aa2274874a9074e7d0b720a207e81be49f5868
                          • Instruction ID: f98c46a7d4a45b1e93054ee16d037c4b99b117d06cd84a33c86e8ff0b6c30e47
                          • Opcode Fuzzy Hash: b8718c5171febd1f94c1c08a97aa2274874a9074e7d0b720a207e81be49f5868
                          • Instruction Fuzzy Hash: 83F18771D00229CBDF18DFA8C8946ADBBB1FF44305F25816ED856BB281D3785A86CF44
                          Function 00405D7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                          Download Yara Rule
                          APIs
                          • FindFirstFileA.KERNEL32(?,004224E8,C:\,0040569C,C:\,C:\,00000000,C:\,C:\,?,?,74DF2EE0,004053BE,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",74DF2EE0), ref: 00405D87
                          • FindClose.KERNEL32(00000000), ref: 00405D93
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Find$CloseFileFirst
                          • String ID: C:\
                          • API String ID: 2295610775-3404278061
                          • Opcode ID: faf9a5a1b02af36eb702065ba3c0ed1dca863e262e1f5f2ed0a66c6ec2a69bc9
                          • Instruction ID: 8877f450b99b184e504413f9ffa66f4d164bf9bd4a7d07bd52ad5b53af664480
                          • Opcode Fuzzy Hash: faf9a5a1b02af36eb702065ba3c0ed1dca863e262e1f5f2ed0a66c6ec2a69bc9
                          • Instruction Fuzzy Hash: 84D012319595306BC75127386D0C84B7A59DF15331750CA33F02AF22F0D3748C518AAD
                          Function 00405DA3 Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                          • LoadLibraryA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DC0
                          • GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: AddressHandleLibraryLoadModuleProc
                          • String ID:
                          • API String ID: 310444273-0
                          • Opcode ID: dcb02677a219034efdab4e35853fb1e5d97da29e7b116a2417b6d6f34bb30324
                          • Instruction ID: 37252885b6730f192407f0687863edf929784b14cf5d3781349e011cb12c2895
                          • Opcode Fuzzy Hash: dcb02677a219034efdab4e35853fb1e5d97da29e7b116a2417b6d6f34bb30324
                          • Instruction Fuzzy Hash: F7E0C232A04610ABC6114B709D489BB77BCEFE9B41300897EF545F6290C734AC229FFA
                          Function 00403964 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 158 403964-403976 159 403ab7-403ac6 158->159 160 40397c-403982 158->160 162 403b15-403b2a 159->162 163 403ac8-403b10 GetDlgItem * 2 call 403e37 SetClassLongA call 40140b 159->163 160->159 161 403988-403991 160->161 164 403993-4039a0 SetWindowPos 161->164 165 4039a6-4039a9 161->165 167 403b6a-403b6f call 403e83 162->167 168 403b2c-403b2f 162->168 163->162 164->165 170 4039c3-4039c9 165->170 171 4039ab-4039bd ShowWindow 165->171 176 403b74-403b8f 167->176 173 403b31-403b3c call 401389 168->173 174 403b62-403b64 168->174 177 4039e5-4039e8 170->177 178 4039cb-4039e0 KiUserCallbackDispatcher 170->178 171->170 173->174 189 403b3e-403b5d SendMessageA 173->189 174->167 175 403e04 174->175 184 403e06-403e0d 175->184 182 403b91-403b93 call 40140b 176->182 183 403b98-403b9e 176->183 187 4039ea-4039f6 SetWindowLongA 177->187 188 4039fb-403a01 177->188 185 403de1-403de7 178->185 182->183 192 403dc2-403ddb DestroyWindow KiUserCallbackDispatcher 183->192 193 403ba4-403baf 183->193 185->175 190 403de9-403def 185->190 187->184 194 403aa4-403ab2 call 403e9e 188->194 195 403a07-403a18 GetDlgItem 188->195 189->184 190->175 197 403df1-403dfa ShowWindow 190->197 192->185 193->192 198 403bb5-403c02 call 405aa7 call 403e37 * 3 GetDlgItem 193->198 194->184 199 403a37-403a3a 195->199 200 403a1a-403a31 SendMessageA IsWindowEnabled 195->200 197->175 228 403c04-403c09 198->228 229 403c0c-403c48 ShowWindow KiUserCallbackDispatcher call 403e59 KiUserCallbackDispatcher 198->229 201 403a3c-403a3d 199->201 202 403a3f-403a42 199->202 200->175 200->199 205 403a6d-403a72 call 403e10 201->205 206 403a50-403a55 202->206 207 403a44-403a4a 202->207 205->194 209 403a8b-403a9e SendMessageA 206->209 211 403a57-403a5d 206->211 207->209 210 403a4c-403a4e 207->210 209->194 210->205 214 403a74-403a7d call 40140b 211->214 215 403a5f-403a65 call 40140b 211->215 214->194 224 403a7f-403a89 214->224 226 403a6b 215->226 224->226 226->205 228->229 232 403c4a-403c4b 229->232 233 403c4d 229->233 234 403c4f-403c7d GetSystemMenu EnableMenuItem SendMessageA 232->234 233->234 235 403c92 234->235 236 403c7f-403c90 SendMessageA 234->236 237 403c98-403cd1 call 403e6c call 405a85 lstrlenA call 405aa7 SetWindowTextA call 401389 235->237 236->237 237->176 246 403cd7-403cd9 237->246 246->176 247 403cdf-403ce3 246->247 248 403d02-403d16 DestroyWindow 247->248 249 403ce5-403ceb 247->249 248->185 251 403d1c-403d49 CreateDialogParamA 248->251 249->175 250 403cf1-403cf7 249->250 250->176 252 403cfd 250->252 251->185 253 403d4f-403da6 call 403e37 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 251->253 252->175 253->175 258 403da8-403dbb ShowWindow call 403e83 253->258 260 403dc0 258->260 260->185
                          APIs
                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039A0
                          • ShowWindow.USER32(?), ref: 004039BD
                          • KiUserCallbackDispatcher.NTDLL ref: 004039D1
                          • SetWindowLongA.USER32(?,00000000,00000000), ref: 004039ED
                          • GetDlgItem.USER32(?,?), ref: 00403A0E
                          • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A22
                          • IsWindowEnabled.USER32(00000000), ref: 00403A29
                          • GetDlgItem.USER32(?,00000001), ref: 00403AD7
                          • GetDlgItem.USER32(?,00000002), ref: 00403AE1
                          • SetClassLongA.USER32(?,000000F2,?), ref: 00403AFB
                          • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B4C
                          • GetDlgItem.USER32(?,00000003), ref: 00403BF2
                          • ShowWindow.USER32(00000000,?), ref: 00403C13
                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403C25
                          • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403C40
                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403C56
                          • EnableMenuItem.USER32(00000000), ref: 00403C5D
                          • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403C75
                          • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403C88
                          • lstrlenA.KERNEL32(00420498,?,00420498,CodecInstaller 2.10.4 Setup), ref: 00403CB1
                          • SetWindowTextA.USER32(?,00420498), ref: 00403CC0
                          • ShowWindow.USER32(?,0000000A), ref: 00403DF4
                          Strings
                          • CodecInstaller 2.10.4 Setup, xrefs: 00403CA2
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Window$Item$MessageSend$CallbackDispatcherShowUser$LongMenu$ClassEnableEnabledSystemTextlstrlen
                          • String ID: CodecInstaller 2.10.4 Setup
                          • API String ID: 2928513764-4030734681
                          • Opcode ID: c5358854f183e837bda4c0b95e5a945ef501bc6668ad5bb67ad4c70267966398
                          • Instruction ID: caafd2a66b76c4ae3962cc82e2ded254e31ce9ec1c8840106f3b43a2641cb278
                          • Opcode Fuzzy Hash: c5358854f183e837bda4c0b95e5a945ef501bc6668ad5bb67ad4c70267966398
                          • Instruction Fuzzy Hash: 95C1AF71A04204BBDB206F21ED85E2B7E7CEB05706F40453EF641B12E1C779AA429F6E
                          Function 004035E3 Relevance: 51.0, APIs: 15, Strings: 14, Instructions: 213stringregistrylibraryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 261 4035e3-4035fb call 405da3 264 4035fd-40360d call 4059e3 261->264 265 40360f-403636 call 40596c 261->265 273 403659-403678 call 403897 call 405659 264->273 269 403638-403649 call 40596c 265->269 270 40364e-403654 lstrcatA 265->270 269->270 270->273 279 40367e-403683 273->279 280 4036ff-403707 call 405659 273->280 279->280 281 403685-40369d call 40596c 279->281 285 403715-40373a LoadImageA 280->285 286 403709-403710 call 405aa7 280->286 287 4036a2-4036a9 281->287 289 403740-403776 RegisterClassA 285->289 290 4037c9-4037d1 call 40140b 285->290 286->285 287->280 291 4036ab-4036ad 287->291 294 40377c-4037c4 SystemParametersInfoA CreateWindowExA 289->294 295 40388d 289->295 304 4037d3-4037d6 290->304 305 4037db-4037e6 call 403897 290->305 292 4036be-4036ca lstrlenA 291->292 293 4036af-4036bc call 4055a3 291->293 298 4036f2-4036fa call 405578 call 405a85 292->298 299 4036cc-4036da lstrcmpiA 292->299 293->292 294->290 301 40388f-403896 295->301 298->280 299->298 303 4036dc-4036e6 GetFileAttributesA 299->303 307 4036e8-4036ea 303->307 308 4036ec-4036ed call 4055bf 303->308 304->301 314 403864-403865 call 404ef5 305->314 315 4037e8-403805 ShowWindow LoadLibraryA 305->315 307->298 307->308 308->298 319 40386a-40386c 314->319 317 403807-40380c LoadLibraryA 315->317 318 40380e-403820 GetClassInfoA 315->318 317->318 320 403822-403832 GetClassInfoA RegisterClassA 318->320 321 403838-40385b DialogBoxParamA call 40140b 318->321 323 403886-403888 call 40140b 319->323 324 40386e-403874 319->324 320->321 325 403860-403862 321->325 323->295 324->304 326 40387a-403881 call 40140b 324->326 325->301 326->304
                          APIs
                            • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                            • Part of subcall function 00405DA3: LoadLibraryA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DC0
                            • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                          • lstrcatA.KERNEL32(1033,00420498,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420498,00000000,00000006,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403654
                          • lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\JockerSoft\CodecInstaller,1033,00420498,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420498,00000000,00000006,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe"), ref: 004036BF
                          • lstrcmpiA.KERNEL32(?,.exe), ref: 004036D2
                          • GetFileAttributesA.KERNEL32(Remove folder: ), ref: 004036DD
                          • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\JockerSoft\CodecInstaller), ref: 00403726
                            • Part of subcall function 004059E3: wsprintfA.USER32 ref: 004059F0
                          • RegisterClassA.USER32 ref: 0040376D
                          • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403785
                          • CreateWindowExA.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004037BE
                          • ShowWindow.USER32(00000005,00000000), ref: 004037F0
                          • LoadLibraryA.KERNEL32(RichEd20), ref: 00403801
                          • LoadLibraryA.KERNEL32(RichEd32), ref: 0040380C
                          • GetClassInfoA.USER32(00000000,RichEdit20A,00423640), ref: 0040381C
                          • GetClassInfoA.USER32(00000000,RichEdit,00423640), ref: 00403829
                          • RegisterClassA.USER32(00423640), ref: 00403832
                          • DialogBoxParamA.USER32(?,00000000,00403964,00000000), ref: 00403851
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                          • String ID: "C:\Users\user\Desktop\setup_CodecInstaller_full.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\JockerSoft\CodecInstaller$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$Af
                          • API String ID: 914957316-3012655929
                          • Opcode ID: 93f31ef962ac008e7d9642a2e3efad29b23d9d818bf0106660ede9822921a308
                          • Instruction ID: 5423f1521edd6c22147bc7c07d225ef67cd2e9978b4dd0bca8e1ac87d1580d65
                          • Opcode Fuzzy Hash: 93f31ef962ac008e7d9642a2e3efad29b23d9d818bf0106660ede9822921a308
                          • Instruction Fuzzy Hash: 3A61C0B1644200BED6306F65AC45E3B3AADEB4474AF44457FF940B22E1C77DAD058A2E
                          Function 00403F7F Relevance: 44.0, APIs: 20, Strings: 5, Instructions: 204windowstringCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 330 403f7f-403f8f 331 4040a2-4040b5 330->331 332 403f95-403f9d 330->332 333 404111-404115 331->333 334 4040b7-4040c0 331->334 335 403fb0-404048 call 403e37 * 2 CheckDlgButton call 403e59 GetDlgItem call 403e6c SendMessageA 332->335 336 403f9f-403fae 332->336 337 4041e5-4041ec 333->337 338 40411b-40412f GetDlgItem 333->338 339 4041f4 334->339 340 4040c6-4040ce 334->340 368 404053-40409d SendMessageA * 2 lstrlenA SendMessageA * 2 335->368 369 40404a-40404d GetSysColor 335->369 336->335 337->339 345 4041ee 337->345 342 404131-404138 338->342 343 4041a3-4041aa 338->343 346 4041f7-4041fe call 403e9e 339->346 340->339 344 4040d4-4040e0 340->344 342->343 350 40413a-404155 342->350 343->346 351 4041ac-4041b3 343->351 344->339 352 4040e6-40410c GetDlgItem SendMessageA call 403e59 call 40420a 344->352 345->339 353 404203-404207 346->353 350->343 355 404157-4041a0 SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 350->355 351->346 356 4041b5-4041b9 351->356 352->333 355->343 359 4041bb-4041ca SendMessageA 356->359 360 4041cc-4041d0 356->360 359->360 363 4041e0-4041e3 360->363 364 4041d2-4041de SendMessageA 360->364 363->353 364->363 368->353 369->368
                          APIs
                          • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 0040400A
                          • GetDlgItem.USER32(00000000,000003E8), ref: 0040401E
                          • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040403C
                          • GetSysColor.USER32(?), ref: 0040404D
                          • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040405C
                          • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040406B
                          • lstrlenA.KERNEL32(?), ref: 00404075
                          • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404083
                          • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404092
                          • GetDlgItem.USER32(?,0000040A), ref: 004040F5
                          • SendMessageA.USER32(00000000), ref: 004040F8
                          • GetDlgItem.USER32(?,000003E8), ref: 00404123
                          • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404163
                          • LoadCursorA.USER32(00000000,00007F02), ref: 00404172
                          • SetCursor.USER32(00000000), ref: 0040417B
                          • ShellExecuteA.SHELL32(0000070B,open,@.B,00000000,00000000,00000001), ref: 0040418E
                          • LoadCursorA.USER32(00000000,00007F00), ref: 0040419B
                          • SetCursor.USER32(00000000), ref: 0040419E
                          • SendMessageA.USER32(00000111,00000001,00000000), ref: 004041CA
                          • SendMessageA.USER32(00000010,00000000,00000000), ref: 004041DE
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                          • String ID: @.B$N$Remove folder: $open$Af
                          • API String ID: 3615053054-1455998824
                          • Opcode ID: 086c9584272f405e5d23a234cb3672cb38a546f38c26fc4f0f37582571ec5c76
                          • Instruction ID: c3de460066171d4a99b3db8707b5a70307f179c1ca483427b8a670d92431fbf8
                          • Opcode Fuzzy Hash: 086c9584272f405e5d23a234cb3672cb38a546f38c26fc4f0f37582571ec5c76
                          • Instruction Fuzzy Hash: 4E61C3B1A40209BFEB109F60CC45B6A7B69FB54715F108136FB04BA2D1C7B8A951CFA8
                          Function 00402C5B Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 203memoryCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 473 402c5b-402ca9 GetTickCount GetModuleFileNameA call 40575c 476 402cb5-402ce3 call 405a85 call 4055bf call 405a85 GetFileSize 473->476 477 402cab-402cb0 473->477 485 402dd3-402de1 call 402bc5 476->485 486 402ce9-402d00 476->486 478 402efa-402efe 477->478 493 402eb2-402eb7 485->493 494 402de7-402dea 485->494 488 402d02 486->488 489 402d04-402d0a call 4031a8 486->489 488->489 492 402d0f-402d11 489->492 495 402d17-402d1d 492->495 496 402e6e-402e76 call 402bc5 492->496 493->478 497 402e16-402e62 GlobalAlloc call 405e7d call 40578b CreateFileA 494->497 498 402dec-402dfd call 4031da call 4031a8 494->498 499 402d9d-402da1 495->499 500 402d1f-402d37 call 40571d 495->500 496->493 524 402e64-402e69 497->524 525 402e78-402ea8 call 4031da call 402f01 497->525 516 402e02-402e04 498->516 504 402da3-402da9 call 402bc5 499->504 505 402daa-402db0 499->505 500->505 519 402d39-402d40 500->519 504->505 512 402db2-402dc0 call 405e0f 505->512 513 402dc3-402dcd 505->513 512->513 513->485 513->486 516->493 521 402e0a-402e10 516->521 519->505 523 402d42-402d49 519->523 521->493 521->497 523->505 526 402d4b-402d52 523->526 524->478 532 402ead-402eb0 525->532 526->505 528 402d54-402d5b 526->528 528->505 530 402d5d-402d7d 528->530 530->493 533 402d83-402d87 530->533 532->493 534 402eb9-402eca 532->534 535 402d89-402d8d 533->535 536 402d8f-402d97 533->536 537 402ed2-402ed7 534->537 538 402ecc 534->538 535->485 535->536 536->505 539 402d99-402d9b 536->539 540 402ed8-402ede 537->540 538->537 539->505 540->540 541 402ee0-402ef8 call 40571d 540->541 541->478
                          APIs
                          • GetTickCount.KERNEL32 ref: 00402C6F
                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\setup_CodecInstaller_full.exe,00000400), ref: 00402C8B
                            • Part of subcall function 0040575C: GetFileAttributesA.KERNEL32(00000003,00402C9E,C:\Users\user\Desktop\setup_CodecInstaller_full.exe,80000000,00000003), ref: 00405760
                            • Part of subcall function 0040575C: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405782
                          • GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\setup_CodecInstaller_full.exe,C:\Users\user\Desktop\setup_CodecInstaller_full.exe,80000000,00000003), ref: 00402CD4
                          • GlobalAlloc.KERNEL32(00000040,00409128), ref: 00402E1B
                          Strings
                          • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402EB2
                          • Inst, xrefs: 00402D42
                          • Error launching installer, xrefs: 00402CAB
                          • Af, xrefs: 00402EBD
                          • Null, xrefs: 00402D54
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C5B, 00402E33
                          • C:\Users\user\Desktop\setup_CodecInstaller_full.exe, xrefs: 00402C75, 00402C84, 00402C98, 00402CB5
                          • C:\Users\user\Desktop, xrefs: 00402CB6, 00402CBB, 00402CC1
                          • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402E64
                          • soft, xrefs: 00402D4B
                          • "C:\Users\user\Desktop\setup_CodecInstaller_full.exe", xrefs: 00402C68
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                          • String ID: "C:\Users\user\Desktop\setup_CodecInstaller_full.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\setup_CodecInstaller_full.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$Af
                          • API String ID: 2803837635-832906692
                          • Opcode ID: 036c89e0cc90ad4de89c9e7dedac2777f09155a606a3cdf3f6c72e570c098a7e
                          • Instruction ID: 3eb6007c32f8468fb795c2e80af6b0be0f5756db52a0f0690052116b0cd8de19
                          • Opcode Fuzzy Hash: 036c89e0cc90ad4de89c9e7dedac2777f09155a606a3cdf3f6c72e570c098a7e
                          • Instruction Fuzzy Hash: 5B61E231A40204ABDB219F64DE89B9A7BB8AF04315F10417BF905B72D1D7BC9E858B9C
                          Function 00401734 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 674 401734-401757 call 4029e8 call 4055e5 679 401761-401773 call 405a85 call 405578 lstrcatA 674->679 680 401759-40175f call 405a85 674->680 685 401778-40177e call 405ce3 679->685 680->685 690 401783-401787 685->690 691 401789-401793 call 405d7c 690->691 692 4017ba-4017bd 690->692 699 4017a5-4017b7 691->699 700 401795-4017a3 CompareFileTime 691->700 693 4017c5-4017e1 call 40575c 692->693 694 4017bf-4017c0 call 40573d 692->694 702 4017e3-4017e6 693->702 703 401859-401882 call 404e23 call 402f01 693->703 694->693 699->692 700->699 704 4017e8-40182a call 405a85 * 2 call 405aa7 call 405a85 call 405346 702->704 705 40183b-401845 call 404e23 702->705 715 401884-401888 703->715 716 40188a-401896 SetFileTime 703->716 704->690 738 401830-401831 704->738 717 40184e-401854 705->717 715->716 719 40189c-4018a7 FindCloseChangeNotification 715->719 716->719 720 402886 717->720 724 40287d-402880 719->724 725 4018ad-4018b0 719->725 723 402888-40288c 720->723 724->720 727 4018b2-4018c3 call 405aa7 lstrcatA 725->727 728 4018c5-4018c8 call 405aa7 725->728 734 4018cd-402205 call 405346 727->734 728->734 734->723 741 40264e-402655 734->741 738->717 740 401833-401834 738->740 740->705 741->724
                          APIs
                          • lstrcatA.KERNEL32(00000000,00000000,2.0.50727,C:\Program Files (x86)\JockerSoft\CodecInstaller,00000000,00000000,00000031), ref: 00401773
                          • CompareFileTime.KERNEL32(-00000014,?,2.0.50727,2.0.50727,00000000,00000000,2.0.50727,C:\Program Files (x86)\JockerSoft\CodecInstaller,00000000,00000000,00000031), ref: 0040179D
                            • Part of subcall function 00405A85: lstrcpynA.KERNEL32(?,?,00000400,00403293,CodecInstaller 2.10.4 Setup,NSIS Error), ref: 00405A92
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                            • Part of subcall function 00404E23: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00402C3C,00402C3C,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000), ref: 00404E7F
                            • Part of subcall function 00404E23: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\), ref: 00404E91
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                          • String ID: 2.0.50727$C:\Program Files (x86)\JockerSoft\CodecInstaller$C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\System.dll
                          • API String ID: 1941528284-2033910310
                          • Opcode ID: 073bbe030f047274e04caab6cb8eb6ac34bfc484aa9b19250fe91091786d1638
                          • Instruction ID: c3a7f6530b99602e8ac3371ca3d410005e8cb954db153f1edc9c693d5e31c606
                          • Opcode Fuzzy Hash: 073bbe030f047274e04caab6cb8eb6ac34bfc484aa9b19250fe91091786d1638
                          • Instruction Fuzzy Hash: 4541AD31A00515BACB10BBB5DD86DAF3679EF45369B20433BF511B20E1D77C8A418EAE
                          Function 00404E23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 742 404e23-404e38 743 404eee-404ef2 742->743 744 404e3e-404e50 742->744 745 404e52-404e56 call 405aa7 744->745 746 404e5b-404e67 lstrlenA 744->746 745->746 748 404e84-404e88 746->748 749 404e69-404e79 lstrlenA 746->749 751 404e97-404e9b 748->751 752 404e8a-404e91 SetWindowTextA 748->752 749->743 750 404e7b-404e7f lstrcatA 749->750 750->748 753 404ee1-404ee3 751->753 754 404e9d-404edf SendMessageA * 3 751->754 752->751 753->743 755 404ee5-404ee8 753->755 754->753 755->743
                          APIs
                          • lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                          • lstrlenA.KERNEL32(00402C3C,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                          • lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00402C3C,00402C3C,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000), ref: 00404E7F
                          • SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\), ref: 00404E91
                          • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                          • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                          • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                          • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\
                          • API String ID: 2531174081-2286581735
                          • Opcode ID: 94da9e9132b5b6a426ccb9336292207d108e235db2aef8778ca3341f410f67ae
                          • Instruction ID: 451019a1d205659c79ebfdec41688bb46c1145c2f0803241f2332644a3b6c24c
                          • Opcode Fuzzy Hash: 94da9e9132b5b6a426ccb9336292207d108e235db2aef8778ca3341f410f67ae
                          • Instruction Fuzzy Hash: 12217C71A00118BBCB119FA5DD809DFBFB9FB44354F00807AF904A6290C7394E45CF98
                          Function 00402F01 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 756 402f01-402f10 757 402f12-402f28 SetFilePointer 756->757 758 402f2e-402f39 call 40302c 756->758 757->758 761 403025-403029 758->761 762 402f3f-402f59 ReadFile 758->762 763 403022 762->763 764 402f5f-402f62 762->764 766 403024 763->766 764->763 765 402f68-402f7b call 40302c 764->765 765->761 769 402f81-402f84 765->769 766->761 770 402ff1-402ff7 769->770 771 402f86-402f89 769->771 772 402ff9 770->772 773 402ffc-40300f ReadFile 770->773 774 40301d-403020 771->774 775 402f8f 771->775 772->773 773->763 776 403011-40301a 773->776 774->761 777 402f94-402f9c 775->777 776->774 778 402fa1-402fb3 ReadFile 777->778 779 402f9e 777->779 778->763 780 402fb5-402fb8 778->780 779->778 780->763 781 402fba-402fcf WriteFile 780->781 782 402fd1-402fd4 781->782 783 402fed-402fef 781->783 782->783 784 402fd6-402fe9 782->784 783->766 784->777 785 402feb 784->785 785->774
                          APIs
                          • SetFilePointer.KERNEL32(00409128,00000000,00000000,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000,00000000,00409128,0000D9E4), ref: 00402F28
                          • ReadFile.KERNEL32(00409128,00000004,0000D9E4,00000000,00000004,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000,00000000,00409128), ref: 00402F55
                          • ReadFile.KERNEL32(00413038,00004000,0000D9E4,00000000,00409128,?,00402EAD,000000FF,00000000,00000000,00409128,0000D9E4), ref: 00402FAF
                          • WriteFile.KERNEL32(00000000,00413038,0000D9E4,000000FF,00000000,?,00402EAD,000000FF,00000000,00000000,00409128,0000D9E4), ref: 00402FC7
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: File$Read$PointerWrite
                          • String ID: 80A
                          • API String ID: 2113905535-195308239
                          • Opcode ID: 1d0c5bb9ecfe910818843e6bf7809c02e5eaef0b1ff428f1de7b4674f3045140
                          • Instruction ID: 41b23491bffeaa1753be022b97a7ffae9df7beca0cc47644b0b6bde15745b2e9
                          • Opcode Fuzzy Hash: 1d0c5bb9ecfe910818843e6bf7809c02e5eaef0b1ff428f1de7b4674f3045140
                          • Instruction Fuzzy Hash: 91310B31901209EFDF21CF55DE84DAE7BB8EB453A5F20403AF504E61E0D2749E41EB69
                          Function 0040302C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108fileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 786 40302c-403055 GetTickCount 787 403196-40319e call 402bc5 786->787 788 40305b-403086 call 4031da SetFilePointer 786->788 793 4031a0-4031a5 787->793 794 40308b-40309d 788->794 795 4030a1-4030af call 4031a8 794->795 796 40309f 794->796 799 4030b5-4030c1 795->799 800 403188-40318b 795->800 796->795 801 4030c7-4030cd 799->801 800->793 802 4030f8-403114 call 405e9d 801->802 803 4030cf-4030d5 801->803 809 403191 802->809 810 403116-40311e 802->810 803->802 804 4030d7-4030f7 call 402bc5 803->804 804->802 811 403193-403194 809->811 812 403120-403136 WriteFile 810->812 813 403152-403158 810->813 811->793 815 403138-40313c 812->815 816 40318d-40318f 812->816 813->809 814 40315a-40315c 813->814 814->809 817 40315e-403171 814->817 815->816 818 40313e-40314a 815->818 816->811 817->794 819 403177-403186 SetFilePointer 817->819 818->801 820 403150 818->820 819->787 820->817
                          APIs
                          • GetTickCount.KERNEL32 ref: 00403041
                            • Part of subcall function 004031DA: SetFilePointer.KERNEL32(00000000,00000000,00000000,00402E86,0000D9E4), ref: 004031E8
                          • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?,?,00402EAD,000000FF,00000000), ref: 00403074
                          • WriteFile.KERNEL32(0040B038,0040E38C,00000000,00000000,00413038,00004000,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?), ref: 0040312E
                          • SetFilePointer.KERNEL32(0002C525,00000000,00000000,00413038,00004000,?,00000000,?,00402F37,00000004,00000000,00000000,00000000,?,?), ref: 00403180
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: File$Pointer$CountTickWrite
                          • String ID: 80A$Af
                          • API String ID: 2146148272-3888956764
                          • Opcode ID: ed78ee5ec995d1e48517d07008e9dcae49a3cb750e614cf53c056dca52c31bf9
                          • Instruction ID: 8653c145dc750015188d6a9afa30315cb9c5a6a6900809742879fa1bd1138a56
                          • Opcode Fuzzy Hash: ed78ee5ec995d1e48517d07008e9dcae49a3cb750e614cf53c056dca52c31bf9
                          • Instruction Fuzzy Hash: 74417FB2504302AFD7109F19EE8496A3FBCF748396710813BE511B62F1C7386A559BAE
                          Function 0040266E Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          APIs
                          • GlobalAlloc.KERNEL32(00000040,0000DA00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026C2
                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026DE
                          • GlobalFree.KERNEL32(?), ref: 00402717
                          • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402729
                          • GlobalFree.KERNELBASE(00000000), ref: 00402730
                          • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402748
                          • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040275C
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                          • String ID:
                          • API String ID: 3294113728-0
                          • Opcode ID: e1dbbd87a4995adb5d4b176dfc603e7938d652ba744b9476e49d84610bdc442c
                          • Instruction ID: 9ca9f948efa3d3b3c01768b84b42719a88da944e93008125b7d5b0dd1b363230
                          • Opcode Fuzzy Hash: e1dbbd87a4995adb5d4b176dfc603e7938d652ba744b9476e49d84610bdc442c
                          • Instruction Fuzzy Hash: 5B318D71C00128BBDF216FA9CD89D9E7E79EF09364F10422AF910772E0D7795D419BA8
                          Function 00401F51 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69libraryloaderCOMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 854 401f51-401f5d 855 401f63-401f79 call 4029e8 * 2 854->855 856 40200b-40200d 854->856 866 401f88-401f96 LoadLibraryExA 855->866 867 401f7b-401f86 GetModuleHandleA 855->867 858 402156-40215b call 401423 856->858 863 40287d-40288c 858->863 869 401f98-401fa6 GetProcAddress 866->869 870 402004-402006 866->870 867->866 867->869 871 401fe5-401fea call 404e23 869->871 872 401fa8-401fae 869->872 870->858 876 401fef-401ff2 871->876 874 401fb0-401fbc call 401423 872->874 875 401fc7-401fdb 872->875 874->876 882 401fbe-401fc5 874->882 879 401fe0-401fe3 875->879 876->863 880 401ff8-401fff FreeLibrary 876->880 879->876 880->863 882->876
                          APIs
                          • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F7C
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                            • Part of subcall function 00404E23: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00402C3C,00402C3C,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000), ref: 00404E7F
                            • Part of subcall function 00404E23: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\), ref: 00404E91
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                          • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                          • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                          • FreeLibrary.KERNEL32(00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00401FF9
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                          • String ID: ?B
                          • API String ID: 2987980305-117478770
                          • Opcode ID: d071b56c17c60737a883917a47807aa3b43815b86c54e8a125836051b49b2955
                          • Instruction ID: 6286e611532d8822c51d7e946ff34bbadf458e6cc54079b264412ac530ebcb8a
                          • Opcode Fuzzy Hash: d071b56c17c60737a883917a47807aa3b43815b86c54e8a125836051b49b2955
                          • Instruction Fuzzy Hash: 9611E772D04216EBCF107FA4DE89EAE75B0AB44359F20423BF611B62E0C77C8941DA5E
                          Function 004015B3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 0040560C: CharNextA.USER32(004053BE,?,C:\,00000000,00405670,C:\,C:\,?,?,74DF2EE0,004053BE,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",74DF2EE0), ref: 0040561A
                            • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040561F
                            • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040562E
                          • CreateDirectoryA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                          • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                          • GetFileAttributesA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                          • SetCurrentDirectoryA.KERNEL32(00000000,C:\Program Files (x86)\JockerSoft\CodecInstaller,00000000,00000000,000000F0), ref: 00401622
                          Strings
                          • C:\Program Files (x86)\JockerSoft\CodecInstaller, xrefs: 00401617
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                          • String ID: C:\Program Files (x86)\JockerSoft\CodecInstaller
                          • API String ID: 3751793516-2132650300
                          • Opcode ID: 3f602eef6a9276b361c6f48a5542be6569244e826c95c893fc839ff482763a37
                          • Instruction ID: 11ba4fe5436512bc7837d50811c3794abd92905400bb47a2e3f09ad75438aea6
                          • Opcode Fuzzy Hash: 3f602eef6a9276b361c6f48a5542be6569244e826c95c893fc839ff482763a37
                          • Instruction Fuzzy Hash: B3010431908150AFDB116FB51D44D7F67B0AA56365768073BF491B22E2C63C4942D62E
                          Function 0040578B Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                          Download Yara Rule
                          APIs
                          • GetTickCount.KERNEL32 ref: 0040579E
                          • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 004057B8
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CountFileNameTempTick
                          • String ID: "C:\Users\user\Desktop\setup_CodecInstaller_full.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                          • API String ID: 1716503409-3062323651
                          • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                          • Instruction ID: 4fcdc00fff711095840056c8ed2a58f2bfde19b521d5dac465ae6a1bf3f6778c
                          • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                          • Instruction Fuzzy Hash: F9F0A736348304B6D7104E55DC04B9B7F69DF91750F14C02BFA449B1C0D6B0995497A5
                          Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                          Download Yara Rule
                          APIs
                          • GetDlgItem.USER32(?), ref: 00401CC5
                          • GetClientRect.USER32(00000000,?), ref: 00401CD2
                          • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CF3
                          • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                          • DeleteObject.GDI32(00000000), ref: 00401D10
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                          • String ID:
                          • API String ID: 1849352358-0
                          • Opcode ID: 33d569184284705a4e7e4981a652a902063fe8ce0dc9f4433447b061a7f05a5b
                          • Instruction ID: ad5020e38ef11d08f371025551c7f23f007b957d45941c5b52acf933ea75ddf9
                          • Opcode Fuzzy Hash: 33d569184284705a4e7e4981a652a902063fe8ce0dc9f4433447b061a7f05a5b
                          • Instruction Fuzzy Hash: 31F0F9B2A04105BFD700EBA4EE89DAFB7BDEB44341B104476F601F21A0C7789D018B29
                          Function 00404610 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenA.KERNEL32(00420498,00420498,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404530,000000DF,0000040F,00000400,00000000), ref: 0040469E
                          • wsprintfA.USER32 ref: 004046A6
                          • SetDlgItemTextA.USER32(?,00420498), ref: 004046B9
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: ItemTextlstrlenwsprintf
                          • String ID: %u.%u%s%s
                          • API String ID: 3540041739-3551169577
                          • Opcode ID: f6af641a962c6eb9b6bb56365ede9fb0ded334c5404cf8c962fad2e786ef85ec
                          • Instruction ID: 4c66ffa9968b47036da968d2f23bae361eeba693da1d293f62fa9500f86314f5
                          • Opcode Fuzzy Hash: f6af641a962c6eb9b6bb56365ede9fb0ded334c5404cf8c962fad2e786ef85ec
                          • Instruction Fuzzy Hash: 6211E6737001243BDB10A5699C45EAF3299DBC2335F14423BF625F61D1E9798C1186A9
                          Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                          • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend$Timeout
                          • String ID: !
                          • API String ID: 1777923405-2657877971
                          • Opcode ID: 334588288cfdb17ff4757290809a1857d889fbbcabb1089515c2e64beeb01a29
                          • Instruction ID: c520659e647c29be31daea63823ecf32d675036654070bdfdaec67237a792274
                          • Opcode Fuzzy Hash: 334588288cfdb17ff4757290809a1857d889fbbcabb1089515c2e64beeb01a29
                          • Instruction Fuzzy Hash: 902183B1A44104BEDF01AFB5CE5BAAD7A75EF45704F14047AF501B61D1D6B88940D728
                          Function 004052E5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24processCOMMON
                          Download Yara Rule
                          APIs
                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A0,Error launching installer), ref: 0040530A
                          • CloseHandle.KERNEL32(?), ref: 00405317
                          Strings
                          • Error launching installer, xrefs: 004052F8
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 004052E5
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CloseCreateHandleProcess
                          • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                          • API String ID: 3712363035-1785902839
                          • Opcode ID: 6b6a0bc2a3a2861d1b4fb8cb28cdb7ee12dd8b27d4ddea3b465ed8bf02dd5c13
                          • Instruction ID: 638c90c2c8bd3d8652662e5a24b63cb160f6dc818783434175b306b50d96cec4
                          • Opcode Fuzzy Hash: 6b6a0bc2a3a2861d1b4fb8cb28cdb7ee12dd8b27d4ddea3b465ed8bf02dd5c13
                          • Instruction Fuzzy Hash: 32E0ECB4A00209BFDB00AF64ED09B6F7BBCFB04348F808522A911E2150D7B4E8148A69
                          Function 004022F5 Relevance: 6.1, APIs: 4, Instructions: 71registrystringCOMMON
                          Download Yara Rule
                          APIs
                          • RegCreateKeyExA.KERNEL32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402333
                          • lstrlenA.KERNEL32(0040A368,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402353
                          • RegSetValueExA.KERNEL32(?,?,?,?,0040A368,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040238C
                          • RegCloseKey.ADVAPI32(?,?,?,0040A368,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040246F
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CloseCreateValuelstrlen
                          • String ID:
                          • API String ID: 1356686001-0
                          • Opcode ID: 2fbf89c72a2e4e018df1eca794e81268edc29d72705cb254ca7d3287f7429e12
                          • Instruction ID: c0f72d529a206c1f33eb9b8d59e365bb4fe54d10a3d93e78d78dba992e985e14
                          • Opcode Fuzzy Hash: 2fbf89c72a2e4e018df1eca794e81268edc29d72705cb254ca7d3287f7429e12
                          • Instruction Fuzzy Hash: 0F1175B1E00118BFEB10AFA1DE4AEAF767CEB04758F10443AF505B71D0D6B99D019A69
                          Function 00405659 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00405A85: lstrcpynA.KERNEL32(?,?,00000400,00403293,CodecInstaller 2.10.4 Setup,NSIS Error), ref: 00405A92
                            • Part of subcall function 0040560C: CharNextA.USER32(004053BE,?,C:\,00000000,00405670,C:\,C:\,?,?,74DF2EE0,004053BE,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",74DF2EE0), ref: 0040561A
                            • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040561F
                            • Part of subcall function 0040560C: CharNextA.USER32(00000000), ref: 0040562E
                          • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,?,?,74DF2EE0,004053BE,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",74DF2EE0), ref: 004056AC
                          • GetFileAttributesA.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,74DF2EE0,004053BE,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",74DF2EE0), ref: 004056BC
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                          • String ID: C:\
                          • API String ID: 3248276644-3404278061
                          • Opcode ID: 45f9fc393155a5db5d7088df542a2f6c776c74327cf868b98864bd445eec5352
                          • Instruction ID: 45da588c54f8925d2f58c8e200b054ed71ba1ecc9485bcb26325529b6e95793d
                          • Opcode Fuzzy Hash: 45f9fc393155a5db5d7088df542a2f6c776c74327cf868b98864bd445eec5352
                          • Instruction Fuzzy Hash: 4FF02D21604D5525D32222355C09FAF1B05CE863143994E3BF858B12D6C63D89428CAD
                          Function 00401389 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
                          Download Yara Rule
                          APIs
                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                          • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID: 4Uf
                          • API String ID: 3850602802-3208575266
                          • Opcode ID: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                          • Instruction ID: b71ad761f0ea07ecc4e6183a90c0cd8288537aab3e92bb5761005deb6e4a9b1f
                          • Opcode Fuzzy Hash: 7b8e9ba5108b55dad21e1cb19ef7846daac3b048e1c883625bc8c045044f289d
                          • Instruction Fuzzy Hash: 20014431B24210ABE7291B388D08B2A32ADE714315F10423FF801F32F0D678DC028B4C
                          Function 004031F1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00405CE3: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D3B
                            • Part of subcall function 00405CE3: CharNextA.USER32(?,?,?,00000000), ref: 00405D48
                            • Part of subcall function 00405CE3: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D4D
                            • Part of subcall function 00405CE3: CharPrevA.USER32(?,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D5D
                          • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00403212
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Char$Next$CreateDirectoryPrev
                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                          • API String ID: 4115351271-517883005
                          • Opcode ID: f397fa442d7c7bfca081d10e30b5f8fa8879263e701953f13d3cba299977c299
                          • Instruction ID: 52f5018bb87fe832e559484150a565c10a299960058697363e648776ae6da385
                          • Opcode Fuzzy Hash: f397fa442d7c7bfca081d10e30b5f8fa8879263e701953f13d3cba299977c299
                          • Instruction Fuzzy Hash: 68D0C92164AD3036D551372A3D0AFDF090D9F4272EF21417BF804B50CA5B6C6A8319EF
                          Function 00406481 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4704a5ed105780f6478b7403eb4dd8ec19d01cc9a077ced7c1a67cf9ab5ccc14
                          • Instruction ID: 5ae99ca79f71cc2638d3baaeb57d6c4ee888c8cbc78e3ce5cc4ffc2d3191f51a
                          • Opcode Fuzzy Hash: 4704a5ed105780f6478b7403eb4dd8ec19d01cc9a077ced7c1a67cf9ab5ccc14
                          • Instruction Fuzzy Hash: 1FA13571D00229CBDF28CFA8C854BADBBB1FF44305F15816AD816BB281D7785A86DF44
                          Function 00406682 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 62cf5b17206a6db47431eecf79a6a82934569840bddaea447bb47edb6382e710
                          • Instruction ID: bb8ed6064adbc6ac752208bd1780db284a58169b415d1e5229999a4f541ad509
                          • Opcode Fuzzy Hash: 62cf5b17206a6db47431eecf79a6a82934569840bddaea447bb47edb6382e710
                          • Instruction Fuzzy Hash: 11912271D00229CBDF28CF98C854BADBBB1FB44305F15816AD816BB291C7789A96DF44
                          Function 00406398 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 15aa086d42ea43156f7fbf6fbf97274f99b2efc4d47cfe7aa8cc3aef762d7e26
                          • Instruction ID: 22847fb14cdf7a24f95a3c84300c4786f150dfac54d3f328c430af40b2e48c23
                          • Opcode Fuzzy Hash: 15aa086d42ea43156f7fbf6fbf97274f99b2efc4d47cfe7aa8cc3aef762d7e26
                          • Instruction Fuzzy Hash: EB816871D04229CFDF24CFA8C844BAEBBB1FB44305F25816AD406BB281C7789A86DF54
                          Function 00405E9D Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a6e2085cebcdfb89d44d763a6c8341743f8cc52be166a66f13966f2f3d4d66a2
                          • Instruction ID: ba793bdfdeb6fca0581e378ecaac939fdd914989bdfd8c809e8e1c60c55c718d
                          • Opcode Fuzzy Hash: a6e2085cebcdfb89d44d763a6c8341743f8cc52be166a66f13966f2f3d4d66a2
                          • Instruction Fuzzy Hash: 90816972D04229DBDF24DFA8C844BAEBBB0FB44305F11816AD856B72C0C7785A86DF54
                          Function 004062EB Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 25af1c67d90c65bbedd3736b3b8ac70fc4bdcff7d4c70ba7fb1a825d48c8a324
                          • Instruction ID: 4708b7c85b45d81bde2c34293bfadd2d5d28089b3d5bcf645a888e2e7e0fcfc2
                          • Opcode Fuzzy Hash: 25af1c67d90c65bbedd3736b3b8ac70fc4bdcff7d4c70ba7fb1a825d48c8a324
                          • Instruction Fuzzy Hash: 91711371D00229DFDF24CFA8C844BADBBB1FB44305F15816AD816B7281D7389996DF54
                          Function 00406409 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 26fed0205269c67c4524460d7550c555d61838a406f219378ffc8409cc06287b
                          • Instruction ID: b59dca7a73cfed8a049a6b6a8b4acb584d685fa01604791ee1d6e054a78b3619
                          • Opcode Fuzzy Hash: 26fed0205269c67c4524460d7550c555d61838a406f219378ffc8409cc06287b
                          • Instruction Fuzzy Hash: 08714671D04229CFEF28CF98C844BADBBB1FB44305F15816AD816BB281C7789996DF54
                          Function 00406355 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c0236bc9d37fb86cbfb05d60328db13b4a1015dd2f3925378243861a98d78361
                          • Instruction ID: 03af6c1e27b970ccc0602dedbaa06cf660f45ac3eaa39f8bc43b8226cdf4d636
                          • Opcode Fuzzy Hash: c0236bc9d37fb86cbfb05d60328db13b4a1015dd2f3925378243861a98d78361
                          • Instruction Fuzzy Hash: 46715571D00229DFEF28CF98C844BADBBB1FB44305F15806AD816BB281C7789A96DF44
                          Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                            • Part of subcall function 00404E23: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00402C3C,00402C3C,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000), ref: 00404E7F
                            • Part of subcall function 00404E23: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\), ref: 00404E91
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                            • Part of subcall function 004052E5: CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,004224A0,Error launching installer), ref: 0040530A
                            • Part of subcall function 004052E5: CloseHandle.KERNEL32(?), ref: 00405317
                          • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00401E65
                          • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
                          • String ID:
                          • API String ID: 3521207402-0
                          • Opcode ID: 7073670f5fe744450ff6870887c87b48ad2eb0a8773a33fc291ac429a57fa0f8
                          • Instruction ID: bfc20476be5fc53685a683b8d0a1b3bf328c1b7f56aae3e5f2b845df029897a9
                          • Opcode Fuzzy Hash: 7073670f5fe744450ff6870887c87b48ad2eb0a8773a33fc291ac429a57fa0f8
                          • Instruction Fuzzy Hash: 63016971904104EBCF11AFA1CD85AAE7A71EF01358F20807BEA01B61E1C7798A81DB9A
                          Function 0040596C Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON
                          Download Yara Rule
                          APIs
                          • RegOpenKeyExA.KERNEL32(80000002,00405BA4,00000000,00000002,?,00000002,00245445,?,00405BA4,80000002,Software\Microsoft\Windows\CurrentVersion,00245445,Remove folder: ,0066931D), ref: 00405995
                          • RegQueryValueExA.KERNEL32(00245445,?,00000000,00405BA4,00245445,00405BA4), ref: 004059B6
                          • RegCloseKey.KERNEL32(?), ref: 004059D7
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CloseOpenQueryValue
                          • String ID:
                          • API String ID: 3677997916-0
                          • Opcode ID: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                          • Instruction ID: 3aa636dfe1f6cb11478c1da051f9f59f6b9d2babd83d41a9a8ad4a9ca03de75a
                          • Opcode Fuzzy Hash: 20ca1dc64cf80f35bde4a5a459f169022cfe0f17446037da1f5ac97088a586f8
                          • Instruction Fuzzy Hash: 7B0116B114020AEFDB228F64EC49AEB7FACEF143A4F004436F955A6260D235D964DBA5
                          Function 004035A6 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 19COMMON
                          Download Yara Rule
                          APIs
                          • CloseHandle.KERNEL32(FFFFFFFF,00000000,00403416,00000000), ref: 004035B8
                          • CloseHandle.KERNEL32(FFFFFFFF,00000000,00403416,00000000), ref: 004035CC
                          Strings
                          • C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\, xrefs: 004035D7
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CloseHandle
                          • String ID: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\
                          • API String ID: 2962429428-701645895
                          • Opcode ID: be55e5b8e427b8cdde6b00384d0871a0199eafcfb6d9273a338719d70b1cafbd
                          • Instruction ID: d1c705f3b128fbcbfce68daea097d08065639d5fc9d79a491b5de1c55189a292
                          • Opcode Fuzzy Hash: be55e5b8e427b8cdde6b00384d0871a0199eafcfb6d9273a338719d70b1cafbd
                          • Instruction Fuzzy Hash: 1EE0C230904610A6C630AF3CBE499063A286B413317200B22F174F21F1C778AE429AA9
                          Function 00402259 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                          Download Yara Rule
                          APIs
                          • GetPrivateProfileStringA.KERNEL32(00000000,?,!N~,?,000003FF,00000000), ref: 00402289
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: PrivateProfileString
                          • String ID: !N~
                          • API String ID: 1096422788-529124213
                          • Opcode ID: b0cb949857bfa70606c1f0e6d32323e513a988a2d02e3953cc101cc96b82303c
                          • Instruction ID: d6d75ea5d4029c75388a7270594b7fcf450b7863c6313c1f7ecb0d57e88598a5
                          • Opcode Fuzzy Hash: b0cb949857bfa70606c1f0e6d32323e513a988a2d02e3953cc101cc96b82303c
                          • Instruction Fuzzy Hash: 2BE08670940108BBDF00AFE1CD4ADAE3AB8FF04345F10003AF900EB1D1D7B899419B55
                          Function 00403E10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageA.USER32(00000408,?,00000000,00403A72), ref: 00403E2E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID: x
                          • API String ID: 3850602802-2363233923
                          • Opcode ID: 46d605fedc9b17ed3aa99e624faff798016ffe450984ce7ce2feb54509c3447d
                          • Instruction ID: bce536b892f696ae1651e60f059bf7b80650ebd1e9398ed1803d9b0217867372
                          • Opcode Fuzzy Hash: 46d605fedc9b17ed3aa99e624faff798016ffe450984ce7ce2feb54509c3447d
                          • Instruction Fuzzy Hash: D2C012B2684200BACB205F00DE00F167A31F7A0703F10843AF344200B082B85A22DF0D
                          Function 00404EF5 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                          Download Yara Rule
                          APIs
                          • OleInitialize.OLE32(00000000), ref: 00404F05
                            • Part of subcall function 00403E83: SendMessageA.USER32(000204A2,00000000,00000000,00000000), ref: 00403E95
                          • OleUninitialize.OLE32(00000404,00000000), ref: 00404F51
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: InitializeMessageSendUninitialize
                          • String ID:
                          • API String ID: 2896919175-0
                          • Opcode ID: 556d00a79d4960ff1ce6e89c465a7e0d9a54ac6e1d471b85b6eeaa2226694139
                          • Instruction ID: 5663bb6148560c7b3d1261214f65c77f79f6f3f443b0fac6cac87f1992d7f237
                          • Opcode Fuzzy Hash: 556d00a79d4960ff1ce6e89c465a7e0d9a54ac6e1d471b85b6eeaa2226694139
                          • Instruction Fuzzy Hash: 78F0F6B6A041029AD3609F54AD00B1577B4ABD4702F06443AEF04B32E0DB798842866D
                          Function 00402858 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageA.USER32(?,0000000B,00000001), ref: 00402867
                          • InvalidateRect.USER32(?), ref: 00402877
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: InvalidateMessageRectSend
                          • String ID:
                          • API String ID: 909852535-0
                          • Opcode ID: ffe0577e6c8fc7b528b2f146cf9271b40c79fdb70a9871405927ec7d149bb087
                          • Instruction ID: 47d265bab4c7489263fac7e35293b864a8b68ad0a18c756fc26c12a006359435
                          • Opcode Fuzzy Hash: ffe0577e6c8fc7b528b2f146cf9271b40c79fdb70a9871405927ec7d149bb087
                          • Instruction Fuzzy Hash: B4E0EC72B50108FFDB11DFA4FE85DAE77BAEB44355B10007AF201B10A0D7755D50DA28
                          Function 00401D95 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                          Download Yara Rule
                          APIs
                          • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DAB
                          • EnableWindow.USER32(00000000,00000000), ref: 00401DB6
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Window$EnableShow
                          • String ID:
                          • API String ID: 1136574915-0
                          • Opcode ID: 799b51faca074242f6a9630f3cac5d2ea0b03981fa654eeee39fe7dabe0e0f26
                          • Instruction ID: 87c716b605e144f69a9c287c72035feb457677dd11737dea0cbbac412080d302
                          • Opcode Fuzzy Hash: 799b51faca074242f6a9630f3cac5d2ea0b03981fa654eeee39fe7dabe0e0f26
                          • Instruction Fuzzy Hash: 44E08672E04100DBC710EBB56A89D5D3274DF00369B204437F102F10D1C678DC40866E
                          Function 0040575C Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                          Download Yara Rule
                          APIs
                          • GetFileAttributesA.KERNEL32(00000003,00402C9E,C:\Users\user\Desktop\setup_CodecInstaller_full.exe,80000000,00000003), ref: 00405760
                          • CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405782
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: File$AttributesCreate
                          • String ID:
                          • API String ID: 415043291-0
                          • Opcode ID: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                          • Instruction ID: 90a47e22fdd321f70bf06df01bfdefa11f3e73682391c7296034eb3a8fe04f39
                          • Opcode Fuzzy Hash: 6d56aff3fab625e069b8f0f4beb3d6c68df7a2746e2dd21b0a72e0224e52029a
                          • Instruction Fuzzy Hash: 8CD09E31658301AFEF098F20DD1AF2E7AA2EB84B00F10562CB646940E0D6715815DB16
                          Function 0040573D Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                          Download Yara Rule
                          APIs
                          • GetFileAttributesA.KERNEL32(?,00405548,?,?,?), ref: 00405741
                          • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405753
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: AttributesFile
                          • String ID:
                          • API String ID: 3188754299-0
                          • Opcode ID: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                          • Instruction ID: 88d4634cff9a4ddd1fee40d2dea465eb4d792ab4199cb35d7d0d1e1f6e6e1bf9
                          • Opcode Fuzzy Hash: 499c41a265c8c72c251eb99c81a2d8ea197c0ca55525d81af5d9f53b6a62e1c9
                          • Instruction Fuzzy Hash: CAC04CB1808501EBD6016B24DF0D81F7B66EB50321B108B35F569E00F0C7755C66EA1A
                          Function 00402215 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                          Download Yara Rule
                          APIs
                          • WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 0040224E
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: PrivateProfileStringWrite
                          • String ID:
                          • API String ID: 390214022-0
                          • Opcode ID: c2927475e9497a9ba1c08db410f4359770c011c1dbe4487c89ce767d200da861
                          • Instruction ID: c3e28f33354a9bdeaec00bb895c317f9eff9eaea502077a7dac98389f1c24f9d
                          • Opcode Fuzzy Hash: c2927475e9497a9ba1c08db410f4359770c011c1dbe4487c89ce767d200da861
                          • Instruction Fuzzy Hash: CEE04F71B401256BDF507AF14E8E97F1098AB89304F64067FB601B63E2D9BC4D01826A
                          Function 004031A8 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                          Download Yara Rule
                          APIs
                          • ReadFile.KERNEL32(00409128,00000000,00000000,00000000,00413038,0040B038,004030AD,00413038,00004000,?,00000000,?,00402F37,00000004,00000000,00000000), ref: 004031BF
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: FileRead
                          • String ID:
                          • API String ID: 2738559852-0
                          • Opcode ID: b55c46bdf794a51955d6c22ef273c930d40ecd644cbb4da6e13cbea0766faea3
                          • Instruction ID: b8f1ad64850fa721b7c3123cc302f733781f6218d307da9d2aa6486ecc23217a
                          • Opcode Fuzzy Hash: b55c46bdf794a51955d6c22ef273c930d40ecd644cbb4da6e13cbea0766faea3
                          • Instruction Fuzzy Hash: 4BE08632254119BBCF105E619C00AD73F5CEB0A3A2F008432FD55E9190D230EA11DBA5
                          Function 00403E37 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                          Download Yara Rule
                          APIs
                          • SetDlgItemTextA.USER32(?,?,00000000), ref: 00403E51
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: ItemText
                          • String ID:
                          • API String ID: 3367045223-0
                          • Opcode ID: 1bfefb0c1ab433fb2da1342a067be9259472826c2dca36ede68990ca790ee39a
                          • Instruction ID: 3257ab1ff46f438ea35869462898920952e52762d639d3e5def94385b9d7ca70
                          • Opcode Fuzzy Hash: 1bfefb0c1ab433fb2da1342a067be9259472826c2dca36ede68990ca790ee39a
                          • Instruction Fuzzy Hash: F4C08C31208600BFD641A744CC42F1FB3D8EF90315F00C52EB09CE00D1C63884208E2A
                          Function 00403E83 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageA.USER32(000204A2,00000000,00000000,00000000), ref: 00403E95
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: 74a19277012f6d931596f598d2f6ffa2ec736fc7041dbb57cfa43a045af561dc
                          • Instruction ID: a690e73a459cda7dc45cd6bfd63986cbe49d30762b834a4efc5073ebf10b1f23
                          • Opcode Fuzzy Hash: 74a19277012f6d931596f598d2f6ffa2ec736fc7041dbb57cfa43a045af561dc
                          • Instruction Fuzzy Hash: 4AC04C717443027AEA309F619D49F177768A750701F5444657204A51D0C674E510D61D
                          Function 00403E6C Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageA.USER32(00000028,?,00000001,00403C9D), ref: 00403E7A
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend
                          • String ID:
                          • API String ID: 3850602802-0
                          • Opcode ID: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                          • Instruction ID: 0662716cb4741bc9db58cdf5bc89cb1196afa115b106f7c4ea820954fb206898
                          • Opcode Fuzzy Hash: 5380ca26047a56ac044db27ec5452a3d407db4c462228856e9187df95d64c5b6
                          • Instruction Fuzzy Hash: 17B09276685201BADA215B10DE09F457E62E764702F018064B204240B0C6B200A5DB09
                          Function 0040532A Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                          Download Yara Rule
                          APIs
                          • GetDlgItemTextA.USER32(?,?,00000400,0040442F), ref: 0040533D
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: ItemText
                          • String ID:
                          • API String ID: 3367045223-0
                          • Opcode ID: 2a3cf452a9340375e7ea9e4d6319565003b19af3fd8fe49c2e8af92dd2f11c39
                          • Instruction ID: 30df335a9567130ec804c6d1d151e6d7b01c17dcb48a9d335dbed8569bbd2918
                          • Opcode Fuzzy Hash: 2a3cf452a9340375e7ea9e4d6319565003b19af3fd8fe49c2e8af92dd2f11c39
                          • Instruction Fuzzy Hash: FBB09276608200BFDA125F50DE05E0ABB72FB94312F40C465BB98241B082325822EF0A
                          Function 004031DA Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                          Download Yara Rule
                          APIs
                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00402E86,0000D9E4), ref: 004031E8
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: FilePointer
                          • String ID:
                          • API String ID: 973152223-0
                          • Opcode ID: a4f108b6483d59a247dd719aa3338c70368b303c79d310cc125f674897935547
                          • Instruction ID: 0cdacc43d416a0c3c320ce55ce8d4373a9ea66752a7e2c64ddc4eeaf6ba3fa4d
                          • Opcode Fuzzy Hash: a4f108b6483d59a247dd719aa3338c70368b303c79d310cc125f674897935547
                          • Instruction Fuzzy Hash: 49B01271644200BFDA214F00DF05F057B31B790700F108430B394380F082712420EB0D
                          Function 00403E59 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                          Download Yara Rule
                          APIs
                          • KiUserCallbackDispatcher.NTDLL(?,00403C36), ref: 00403E63
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CallbackDispatcherUser
                          • String ID:
                          • API String ID: 2492992576-0
                          • Opcode ID: e403f0ca2ac8db45cee2d53ed42ba508999154e311dc39193cc68a7be12fe6b8
                          • Instruction ID: 53812e58dd903fa0e390f444196fc74dc2a222acb2eae657edebaf1cb9a8c705
                          • Opcode Fuzzy Hash: e403f0ca2ac8db45cee2d53ed42ba508999154e311dc39193cc68a7be12fe6b8
                          • Instruction Fuzzy Hash: 23A00176919104AFCA12AB50EE0880ABAA2BBA4705B41C479B2496057587326861EB6E
                          Function 004014D6 Relevance: 1.3, APIs: 1, Instructions: 17sleepCOMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Sleep
                          • String ID:
                          • API String ID: 3472027048-0
                          • Opcode ID: 19b50a4830f83358754f25e70fca2c28a9151a77ffe0c8107b4ce3a316810c60
                          • Instruction ID: 0c6006439ed6082f77f9429461cbdf1c6d6ee3a64f526e783079c7b3b5076d62
                          • Opcode Fuzzy Hash: 19b50a4830f83358754f25e70fca2c28a9151a77ffe0c8107b4ce3a316810c60
                          • Instruction Fuzzy Hash: 8FD0C9B7F245009BD750EBB9AE8995A73A8EB5136A3204833D902E10E2D67CC942866D

                          Non-executed Functions

                          Function 00404772 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMON
                          Download Yara Rule
                          APIs
                          • GetDlgItem.USER32(?,000003F9), ref: 00404789
                          • GetDlgItem.USER32(?,00000408), ref: 00404796
                          • GlobalAlloc.KERNEL32(00000040,00000004), ref: 004047E2
                          • LoadBitmapA.USER32(0000006E), ref: 004047F5
                          • SetWindowLongA.USER32(?,000000FC,00404D73), ref: 0040480F
                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404823
                          • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 00404837
                          • SendMessageA.USER32(?,00001109,00000002), ref: 0040484C
                          • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404858
                          • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 0040486A
                          • DeleteObject.GDI32(?), ref: 0040486F
                          • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040489A
                          • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 004048A6
                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 0040493B
                          • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404966
                          • SendMessageA.USER32(?,00001100,00000000,?), ref: 0040497A
                          • GetWindowLongA.USER32(?,000000F0), ref: 004049A9
                          • SetWindowLongA.USER32(?,000000F0,00000000), ref: 004049B7
                          • ShowWindow.USER32(?,00000005), ref: 004049C8
                          • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404ACB
                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404B30
                          • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404B45
                          • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404B69
                          • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404B8F
                          • ImageList_Destroy.COMCTL32(?), ref: 00404BA4
                          • GlobalFree.KERNEL32(?), ref: 00404BB4
                          • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404C24
                          • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404CCD
                          • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404CDC
                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00404CFC
                          • ShowWindow.USER32(?,00000000), ref: 00404D4A
                          • GetDlgItem.USER32(?,000003FE), ref: 00404D55
                          • ShowWindow.USER32(00000000), ref: 00404D5C
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                          • String ID: $M$N$Af
                          • API String ID: 1638840714-518358465
                          • Opcode ID: ef5a8f0fa7b3e4a6aa9935b7f13816fad8720619788645843a178f5a4cf577a2
                          • Instruction ID: 2baebcd050ce5e3cc44cfd390f58c160629cefacb8a2130a1722bfbf049ea566
                          • Opcode Fuzzy Hash: ef5a8f0fa7b3e4a6aa9935b7f13816fad8720619788645843a178f5a4cf577a2
                          • Instruction Fuzzy Hash: 5A02B0B0A00208AFDB24DF55DC45BAE7BB5FB84315F10817AF610BA2E1C7799A42CF58
                          Function 00402630 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                          Download Yara Rule
                          APIs
                          • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040263F
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: FileFindFirst
                          • String ID:
                          • API String ID: 1974802433-0
                          • Opcode ID: e584fa9196232c02e1a68c617a522b508c97492f6a39786d95c21bd1ddadd73f
                          • Instruction ID: 76eef0906e3fa6c86cf2ebea0eb1ad5f879b60bc34498b8afccad509cb3c3919
                          • Opcode Fuzzy Hash: e584fa9196232c02e1a68c617a522b508c97492f6a39786d95c21bd1ddadd73f
                          • Instruction Fuzzy Hash: 67F0A772A04100EED700EBB59D49EFE7778DF11324F6005BBE111B20C1C7B889419A2A
                          Function 00401000 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 125COMMON
                          Download Yara Rule
                          APIs
                          • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                          • BeginPaint.USER32(?,?), ref: 00401047
                          • GetClientRect.USER32(?,?), ref: 0040105B
                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                          • DeleteObject.GDI32(?), ref: 004010ED
                          • CreateFontIndirectA.GDI32(?), ref: 00401105
                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                          • SetTextColor.GDI32(00000000,?), ref: 00401130
                          • SelectObject.GDI32(00000000,?), ref: 00401140
                          • DrawTextA.USER32(00000000,CodecInstaller 2.10.4 Setup,000000FF,00000010,00000820), ref: 00401156
                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                          • DeleteObject.GDI32(?), ref: 00401165
                          • EndPaint.USER32(?,?), ref: 0040116E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                          • String ID: CodecInstaller 2.10.4 Setup$F$Af
                          • API String ID: 941294808-2828529146
                          • Opcode ID: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                          • Instruction ID: 81477e3a2fde3fb3f26aa953fc06e347994717d76cab2c79682594c458f31f57
                          • Opcode Fuzzy Hash: 1fa3053a276be56ef7da5d68adfba1d9971bfb9fa2beb597bf2db4fb963a824d
                          • Instruction Fuzzy Hash: 8141BC71804249AFCB058FA4CD459BFBFB9FF44314F00802AF551AA1A0C378EA54DFA5
                          Function 004057D3 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 00405DA3: GetModuleHandleA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DB5
                            • Part of subcall function 00405DA3: LoadLibraryA.KERNEL32(?,?,00000000,00403268,00000008), ref: 00405DC0
                            • Part of subcall function 00405DA3: GetProcAddress.KERNEL32(00000000,?), ref: 00405DD1
                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,00405568,?,00000000,000000F1,?), ref: 00405820
                          • GetShortPathNameA.KERNEL32(?,00422628,00000400), ref: 00405829
                          • GetShortPathNameA.KERNEL32(00000000,004220A0,00000400), ref: 00405846
                          • wsprintfA.USER32 ref: 00405864
                          • GetFileSize.KERNEL32(00000000,00000000,004220A0,C0000000,00000004,004220A0,?,?,?,00000000,000000F1,?), ref: 0040589F
                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004058AE
                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 004058C4
                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421CA0,00000000,-0000000A,00409348,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040590A
                          • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 0040591C
                          • GlobalFree.KERNEL32(00000000), ref: 00405923
                          • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 0040592A
                            • Part of subcall function 004056D1: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004056D8
                            • Part of subcall function 004056D1: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405708
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                          • String ID: %s=%s$[Rename]$Af
                          • API String ID: 3772915668-215048121
                          • Opcode ID: bdd82c279611bb507f6bd4643e59a93f45caea5e2bd6728e2269078b5b6e63b3
                          • Instruction ID: f113039d6a8e0b98787bbcb52898fefdd985450d1919188b96c4478b1d7dfea3
                          • Opcode Fuzzy Hash: bdd82c279611bb507f6bd4643e59a93f45caea5e2bd6728e2269078b5b6e63b3
                          • Instruction Fuzzy Hash: 0F412371A00B11FBD3216B619D48FAB3A5CDB45764F100036FA05F22D2E678A801CEBD
                          Function 00405CE3 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                          Download Yara Rule
                          APIs
                          • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D3B
                          • CharNextA.USER32(?,?,?,00000000), ref: 00405D48
                          • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D4D
                          • CharPrevA.USER32(?,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",C:\Users\user\AppData\Local\Temp\,00000000,004031FD,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405D5D
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Char$Next$Prev
                          • String ID: "C:\Users\user\Desktop\setup_CodecInstaller_full.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                          • API String ID: 589700163-2034332505
                          • Opcode ID: 7ea15337aa65b78854fdfbf4a976c6e6ace2ef0f47433067a0fc10695a03ac80
                          • Instruction ID: 2efc38d3d3d4567a91e012bcb7a73cc210910fb997772161a70c169f721ad970
                          • Opcode Fuzzy Hash: 7ea15337aa65b78854fdfbf4a976c6e6ace2ef0f47433067a0fc10695a03ac80
                          • Instruction Fuzzy Hash: 5811E251804B9129EB3226285C48B7B6F89CF97760F18807BE5C1722C2D67C5C429E6D
                          Function 00402B2D Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 36timeCOMMON
                          Download Yara Rule
                          APIs
                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B48
                          • wsprintfA.USER32 ref: 00402B7C
                          • SetWindowTextA.USER32(?,?), ref: 00402B8C
                          • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402B9E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Text$ItemTimerWindowwsprintf
                          • String ID: unpacking data: %d%%$verifying installer: %d%%$Af
                          • API String ID: 1451636040-523518654
                          • Opcode ID: 40a56b2efe0e63d17619f6af21ed40025e58b1cfdcddd68dcd31756625696e51
                          • Instruction ID: 63589245c82b20a35a818b51aea08eb627593e3ecb5db54badb7bc3d6c1792f2
                          • Opcode Fuzzy Hash: 40a56b2efe0e63d17619f6af21ed40025e58b1cfdcddd68dcd31756625696e51
                          • Instruction Fuzzy Hash: F3F01D70900209ABEF215F50DD0ABAA3779BB04345F00803AFA06A91D1D7B9AA569B99
                          Function 00403E9E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                          Download Yara Rule
                          APIs
                          • GetWindowLongA.USER32(?,000000EB), ref: 00403EBB
                          • GetSysColor.USER32(00000000), ref: 00403ED7
                          • SetTextColor.GDI32(?,00000000), ref: 00403EE3
                          • SetBkMode.GDI32(?,?), ref: 00403EEF
                          • GetSysColor.USER32(?), ref: 00403F02
                          • SetBkColor.GDI32(?,?), ref: 00403F12
                          • DeleteObject.GDI32(?), ref: 00403F2C
                          • CreateBrushIndirect.GDI32(?), ref: 00403F36
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                          • String ID:
                          • API String ID: 2320649405-0
                          • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                          • Instruction ID: 00f1469000c5a89127aeec98ef40b5380c975c6b17ce5fce2ee989e1a8c22914
                          • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                          • Instruction Fuzzy Hash: D9216271904745ABCB219F68DD08B5BBFF8AF01715B048A69F895E22E1C738E9048B55
                          Function 004046F2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                          Download Yara Rule
                          APIs
                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040470D
                          • GetMessagePos.USER32 ref: 00404715
                          • ScreenToClient.USER32(?,?), ref: 0040472F
                          • SendMessageA.USER32(?,00001111,00000000,?), ref: 00404741
                          • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404767
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Message$Send$ClientScreen
                          • String ID: f
                          • API String ID: 41195575-1993550816
                          • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                          • Instruction ID: 77fe7446b7d437ffed3a300e181f1a5f8136abba45dafe536ab26234a61f9ca7
                          • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                          • Instruction Fuzzy Hash: 74014071D00219BADB01DBA4DD45BFEBBB8AB55711F10012ABA10B71C0D7B4A5018B95
                          Function 00403897 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                          Download Yara Rule
                          APIs
                          • SetWindowTextA.USER32(00000000,CodecInstaller 2.10.4 Setup), ref: 0040392F
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: TextWindow
                          • String ID: 1033$C:\Users\user\AppData\Local\Temp\$CodecInstaller 2.10.4 Setup$Af
                          • API String ID: 530164218-1972684180
                          • Opcode ID: 45d4c080dd0ef22fa8bfd7de704e8d964bac96055da05442bf6aafe7c1b6e8a9
                          • Instruction ID: 77a07bfd4d582853364bfe0cce575c4745298431d34a1254bec181f891eb0756
                          • Opcode Fuzzy Hash: 45d4c080dd0ef22fa8bfd7de704e8d964bac96055da05442bf6aafe7c1b6e8a9
                          • Instruction Fuzzy Hash: 3611C271B005119BC334AF15D880A373BBDEF84726369827BE901A73A1C77E9E039A58
                          Function 00402BC5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                          Download Yara Rule
                          APIs
                          • DestroyWindow.USER32(00000000,00000000), ref: 00402BDD
                          • GetTickCount.KERNEL32 ref: 00402BFB
                          • CreateDialogParamA.USER32(0000006F,00000000,00402B2D,00000000), ref: 00402C4D
                            • Part of subcall function 00402BA9: MulDiv.KERNEL32(00000000,00000064,0000072E), ref: 00402BBE
                          • wsprintfA.USER32 ref: 00402C29
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000,?), ref: 00404E5C
                            • Part of subcall function 00404E23: lstrlenA.KERNEL32(00402C3C,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C3C,00000000), ref: 00404E6C
                            • Part of subcall function 00404E23: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00402C3C,00402C3C,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,00000000,00000000,00000000), ref: 00404E7F
                            • Part of subcall function 00404E23: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\), ref: 00404E91
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404EB7
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404ED1
                            • Part of subcall function 00404E23: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404EDF
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: MessageSend$Windowlstrlen$CountCreateDestroyDialogParamTextTicklstrcatwsprintf
                          • String ID: ... %d%%
                          • API String ID: 632923820-2449383134
                          • Opcode ID: 42946fe222b577d1d192751600a433a98719f21f2c091f2ffefdf91b626def39
                          • Instruction ID: 259a824e759da58d6bdbd9050b41674a690fb301749dacda7e517d53f8420425
                          • Opcode Fuzzy Hash: 42946fe222b577d1d192751600a433a98719f21f2c091f2ffefdf91b626def39
                          • Instruction Fuzzy Hash: 29019270909224EBDB216F60EF4C99F7B78AB047017104137F801B12D1C6BCA986C6EE
                          Function 00401D1B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                          Download Yara Rule
                          APIs
                          • GetDC.USER32(?), ref: 00401D22
                          • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                          • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                          • CreateFontIndirectA.GDI32(0040AF6C), ref: 00401D8A
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CapsCreateDeviceFontIndirect
                          • String ID: MS Shell Dlg
                          • API String ID: 3272661963-76309092
                          • Opcode ID: d1ddbc4a90c3912f5bb9f4116a0ad7f2b1a4b42ec7f43b8a79f52a1da45a3ace
                          • Instruction ID: 28934dfc7bc65fa7e96b773f26fd89147779a1e7d92ad1971070d574f64f8b8b
                          • Opcode Fuzzy Hash: d1ddbc4a90c3912f5bb9f4116a0ad7f2b1a4b42ec7f43b8a79f52a1da45a3ace
                          • Instruction Fuzzy Hash: 3AF0AFF0A48341AEE7009770AE1ABAA3B64A715305F104535F582BA1E2C6BC04159F3F
                          Function 00402A28 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                          Download Yara Rule
                          APIs
                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A49
                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A85
                          • RegCloseKey.ADVAPI32(?), ref: 00402A8E
                          • RegCloseKey.ADVAPI32(?), ref: 00402AB3
                          • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402AD1
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Close$DeleteEnumOpen
                          • String ID:
                          • API String ID: 1912718029-0
                          • Opcode ID: 188da090bc2c0dda3339140851fe508e253b0801d39640d6a2b0d173e59915d9
                          • Instruction ID: 7ac3799e0b9b7f286de12d9a89f233b53136cfd59643404f79253a10a0ceffad
                          • Opcode Fuzzy Hash: 188da090bc2c0dda3339140851fe508e253b0801d39640d6a2b0d173e59915d9
                          • Instruction Fuzzy Hash: AA115931A00009FEDF21AF90DE48DAB3B79EB44395B104536BA05A01A0DB749E51AE69
                          Function 00405578 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040320F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 0040557E
                          • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040320F,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,0040336F), ref: 00405587
                          • lstrcatA.KERNEL32(?,0040900C), ref: 00405598
                          Strings
                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405578
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CharPrevlstrcatlstrlen
                          • String ID: C:\Users\user\AppData\Local\Temp\
                          • API String ID: 2659869361-3081826266
                          • Opcode ID: 103a7f091eca4e356757d037532255daa0bd9c7b09fb9152348cdcff170487b5
                          • Instruction ID: 4689f4cb8dc724d8b29f049f697397264ef60a28c46f00026a2de7c751f5ddbe
                          • Opcode Fuzzy Hash: 103a7f091eca4e356757d037532255daa0bd9c7b09fb9152348cdcff170487b5
                          • Instruction Fuzzy Hash: 17D0A962609A307EE20222159C05ECB2A08CF42301B048022F500B62D2C33C4D418FFE
                          Function 00401EC5 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                          Download Yara Rule
                          APIs
                          • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                          • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                          • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                          • VerQueryValueA.VERSION(?,0040900C,?,?,?,?,?,00000000), ref: 00401F24
                            • Part of subcall function 004059E3: wsprintfA.USER32 ref: 004059F0
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                          • String ID:
                          • API String ID: 1404258612-0
                          • Opcode ID: 4b5e31b804a9b772dc9bfcad09cdc0cdcb843d4ad43fb5df833395ad42dead39
                          • Instruction ID: 32b4c4ba67c2d4aeec558e743cb191f9ba8cb92773df28d6a4a6bb64e08d8cf3
                          • Opcode Fuzzy Hash: 4b5e31b804a9b772dc9bfcad09cdc0cdcb843d4ad43fb5df833395ad42dead39
                          • Instruction Fuzzy Hash: 43111CB2900108BEDB01EFA5D945DAEBBB9EF04354B20807AF505F61E1D7789E54DB28
                          Function 0040560C Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                          Download Yara Rule
                          APIs
                          • CharNextA.USER32(004053BE,?,C:\,00000000,00405670,C:\,C:\,?,?,74DF2EE0,004053BE,?,"C:\Users\user\Desktop\setup_CodecInstaller_full.exe",74DF2EE0), ref: 0040561A
                          • CharNextA.USER32(00000000), ref: 0040561F
                          • CharNextA.USER32(00000000), ref: 0040562E
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CharNext
                          • String ID: C:\
                          • API String ID: 3213498283-3404278061
                          • Opcode ID: 823a6b04a944e09c4ec49499f0146cce19f7af5e9ff0db91097355eacddc88c5
                          • Instruction ID: 8d77621b7085ccb429820eca4f781d68bcfd126ff613cd56e481de53d81d286f
                          • Opcode Fuzzy Hash: 823a6b04a944e09c4ec49499f0146cce19f7af5e9ff0db91097355eacddc88c5
                          • Instruction Fuzzy Hash: EAF02752A84A202AEB2232680C54B2B579CCBA5750F444C33E244B62D1C2BD4C838FEA
                          Function 00404D73 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                          Download Yara Rule
                          APIs
                          • IsWindowVisible.USER32(?), ref: 00404DA9
                          • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404E17
                            • Part of subcall function 00403E83: SendMessageA.USER32(000204A2,00000000,00000000,00000000), ref: 00403E95
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: Window$CallMessageProcSendVisible
                          • String ID:
                          • API String ID: 3748168415-3916222277
                          • Opcode ID: 2cfa0dda5096fc282298ac24804e266d5556b05f30a7a7ef0aebc418f5cb8028
                          • Instruction ID: ec2fcea156de3e0d4d2633a939c9d5c5ec8f09c93be26486dc307f4b459a9b20
                          • Opcode Fuzzy Hash: 2cfa0dda5096fc282298ac24804e266d5556b05f30a7a7ef0aebc418f5cb8028
                          • Instruction Fuzzy Hash: B5116A71600208BBDB21AF51DC409AB3A69AB84769F00853AFB14691E2C3799D919FA9
                          Function 004024B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenA.KERNEL32(00000000,00000011), ref: 004024CE
                          • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\System.dll,00000000,?,?,00000000,00000011), ref: 004024ED
                          Strings
                          • C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\System.dll, xrefs: 004024BC, 004024E1
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: FileWritelstrlen
                          • String ID: C:\Users\user\AppData\Local\Temp\nspFDE9.tmp\System.dll
                          • API String ID: 427699356-2377162296
                          • Opcode ID: 92a8b329188589c44d486a588ff23d6cb33407692b1e4f181ebf14dc35eb4a12
                          • Instruction ID: fedee9c099d2663b98e8dec203c278837a510ba70d8909219c610135afd3ad6f
                          • Opcode Fuzzy Hash: 92a8b329188589c44d486a588ff23d6cb33407692b1e4f181ebf14dc35eb4a12
                          • Instruction Fuzzy Hash: 89F0E9B2A44245BFD700EBF19E499AF36689B00345F20443BB141F50C2D6BC89419B2D
                          Function 004055BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC7,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\setup_CodecInstaller_full.exe,C:\Users\user\Desktop\setup_CodecInstaller_full.exe,80000000,00000003), ref: 004055C5
                          • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC7,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\setup_CodecInstaller_full.exe,C:\Users\user\Desktop\setup_CodecInstaller_full.exe,80000000,00000003), ref: 004055D3
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: CharPrevlstrlen
                          • String ID: C:\Users\user\Desktop
                          • API String ID: 2709904686-224404859
                          • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                          • Instruction ID: 41873d5d9910b4adf2dd72edffcb0a7ece880f135012a8254964d84567f142cd
                          • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                          • Instruction Fuzzy Hash: 54D05E62408AB02EE30252109C00B8F7A98CB16300F194462E040A6194C2784C418EB9
                          Function 004056D1 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004056D8
                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 004056F1
                          • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 004056FF
                          • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004058DF,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405708
                          Memory Dump Source
                          • Source File: 00000000.00000002.1866458421.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                          • Associated: 00000000.00000002.1866436621.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866501876.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866530848.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                          • Associated: 00000000.00000002.1866669110.000000000042D000.00000002.00000001.01000000.00000003.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_400000_setup_CodecInstaller_full.jbxd
                          Similarity
                          • API ID: lstrlen$CharNextlstrcmpi
                          • String ID:
                          • API String ID: 190613189-0
                          • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                          • Instruction ID: ab644034e2f35de8b9eb45aecd4941bea8d0256c976e6660c88f08d3bba40562
                          • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                          • Instruction Fuzzy Hash: 93F0A73620DD62DAC3125B695C44A6F6F94EF91314F14457AF440F3141D3359812ABBF

                          Non-executed Functions

                          Function 02427210 Relevance: 31.4, Strings: 25, Instructions: 141COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: ^O$ `O$$^O$$`O$(^O$(`O$,^O$,`O$0^O$0`O$4^O$4`O$8^O$8`O$<^O$@^O$D^O$D`O$H-O$H`O$L^O$L`O$P`O$X`O$p]O
                          • API String ID: 0-3268379574
                          • Opcode ID: da50b22535499b816a3190d6db1e905619dd8e7dcf67a444f62166976cb8219a
                          • Instruction ID: 2b85be5954fa1bb643d18d41bec8b98a40687b7ac7a038cf2acd90cc33262a66
                          • Opcode Fuzzy Hash: da50b22535499b816a3190d6db1e905619dd8e7dcf67a444f62166976cb8219a
                          • Instruction Fuzzy Hash: 93416534219AA86B4322F7AC5501D3D2517CB42380BA2C4B2AF08EF315CF189DC56BAE
                          Function 0241D6E4 Relevance: 23.9, Strings: 19, Instructions: 153COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: (L$4L$DL$DL$DL$DL$DL$DL$DL$DL$DL$DL$DL$DL$DL$TL$`L$pL$L
                          • API String ID: 0-4186829401
                          • Opcode ID: e41923fde651dfe84a85229e1114e76cb4f74bf6111f9ee2a6eb62831b07a915
                          • Instruction ID: d4a482ae76bc270cbeee3dfe3ebfe69517ea6ff01fe400020e3dcb4949f9344a
                          • Opcode Fuzzy Hash: e41923fde651dfe84a85229e1114e76cb4f74bf6111f9ee2a6eb62831b07a915
                          • Instruction Fuzzy Hash: 4A5195B8601494ABC791EBD9D890FAF77AADB88304B50C47AA60497705E738DD01CF6E
                          Function 023D5598 Relevance: 21.3, Strings: 17, Instructions: 76COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: $SB$(ZB$,cH$0[B$<VB$@aH$@cH$DXB$PcH$TaH$\aH$dcH$lYB$pZB$tcH$xZB$bH
                          • API String ID: 0-1987697690
                          • Opcode ID: 502108b8cb40dd412f89d0b818ca670a6fc957c27fe9bd480eb6aacfba7d99b0
                          • Instruction ID: 397e7ac076188c42f681ed4e2f60e17acfb289edcfc095bed459452108eecbba
                          • Opcode Fuzzy Hash: 502108b8cb40dd412f89d0b818ca670a6fc957c27fe9bd480eb6aacfba7d99b0
                          • Instruction Fuzzy Hash: 6A215699B106504387A47A683C9002E2043A7D13107AAED7F698B9F796CB7CCC0A4B4C
                          Function 02434D00 Relevance: 15.5, Strings: 12, Instructions: 459COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,_N$0`N$@_N$L`N$\_N$\_N$h_N$h_N$l`N$t_N$^N$`N
                          • API String ID: 0-1022551639
                          • Opcode ID: 65639534f3582a129a2423b5079132be191966a7df6ad9001aa6a095f9606649
                          • Instruction ID: 39f92e851f106f996da17fbc7e782c5b5aa826a6e0e013c5a120506f7f70bc96
                          • Opcode Fuzzy Hash: 65639534f3582a129a2423b5079132be191966a7df6ad9001aa6a095f9606649
                          • Instruction Fuzzy Hash: 59F17131B046549BDB25EF79D880AAEB7A3BF8C700F50852AE9069B385CB34DC46CF51
                          Function 023D5BE0 Relevance: 15.1, Strings: 12, Instructions: 81COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: 8iH$<gH$D3D$DgH$HiH$LgH$`gH$`iH$hgH$piH$|gH$3D
                          • API String ID: 0-1970155132
                          • Opcode ID: 20611d2416ef6d907cc8cb370a32c13ec19a7787472180bac603e4911fadd18f
                          • Instruction ID: e7e186720f5c4cbf9505edd20e366a521eb7fe9def4dec59d91b2ff1d9eba56a
                          • Opcode Fuzzy Hash: 20611d2416ef6d907cc8cb370a32c13ec19a7787472180bac603e4911fadd18f
                          • Instruction Fuzzy Hash: E121BA497502440397987A682D9126F1087CBD1B057A2ED3F659B6F79ACF7DCC064BCC
                          Function 0241DA34 Relevance: 12.6, Strings: 10, Instructions: 77COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: `L$pL$pL$pL$pL$pL$pL$pL$pL$pL
                          • API String ID: 0-3947171417
                          • Opcode ID: c449a11deade9a0aa1362ff8f1da1a2e91479edf5ff4818df5b6cb5ee52ac460
                          • Instruction ID: 7ae04b6f8ed601f90b0e83908dd849d697ff7c495483fcfadb55e6b2e83e0b97
                          • Opcode Fuzzy Hash: c449a11deade9a0aa1362ff8f1da1a2e91479edf5ff4818df5b6cb5ee52ac460
                          • Instruction Fuzzy Hash: E621587C7051009BC366EB5AD895F6B776BEB88740B60C47BE50197B64CB389C01CE6D
                          Function 02425CDC Relevance: 11.5, Strings: 9, Instructions: 242COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: mM$(lM$/pM$@lM$HmM$`1O$`lM$`mM$lM
                          • API String ID: 0-2262216691
                          • Opcode ID: 8eac78b52ef4303b01d32cfb8a0a2806ddeb46f6870882d149b7f7c83dc99379
                          • Instruction ID: 32f741441836bae87808cf8c3dbbf98567fa44001c4ea379cc6c2e20cfeb92ed
                          • Opcode Fuzzy Hash: 8eac78b52ef4303b01d32cfb8a0a2806ddeb46f6870882d149b7f7c83dc99379
                          • Instruction Fuzzy Hash: 97917C34A1025C9FCB25EBA4D890ADEFBF6FF08304F918466E945A7340D734AA09CF61
                          Function 024383DC Relevance: 10.1, Strings: 8, Instructions: 139COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: (N$({N$4qN$@$N$LEN$t{N$xaN$aN
                          • API String ID: 0-2135987626
                          • Opcode ID: aee87b978d0707d5e4cb9c339ca772e4d19ee9846d28c2e507677d9fd40ff612
                          • Instruction ID: 0c4c7388fcf43a08a92270da06cfcd1c254a1f9247424f3f3bd1ba9cfe31f2a1
                          • Opcode Fuzzy Hash: aee87b978d0707d5e4cb9c339ca772e4d19ee9846d28c2e507677d9fd40ff612
                          • Instruction Fuzzy Hash: C941E0213001446BE709EB5AEC95A3BB39BE784B12F50807FB5015B3E4DEA9BD528B5C
                          Function 0235D998 Relevance: 9.0, Strings: 7, Instructions: 201COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: t@$t@$t@$t@$t@$t@$@
                          • API String ID: 0-3841545565
                          • Opcode ID: 4277e0cb5a731e6254ee2c829e1c73c97ed8a4acd86ba538e9044969f24b269a
                          • Instruction ID: a01404e2f305aef937a22827c2c19a755d80a1d1250a8ba00d2b5d62007c2bd0
                          • Opcode Fuzzy Hash: 4277e0cb5a731e6254ee2c829e1c73c97ed8a4acd86ba538e9044969f24b269a
                          • Instruction Fuzzy Hash: D961B331B002585BEB10FBA9D890F9F73B7DB89344F10D876A908EB781CA38D955CB55
                          Function 024305C0 Relevance: 8.8, Strings: 7, Instructions: 92COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: $.O$,0O$<0O$@0O$H0O$d/O$p/O
                          • API String ID: 0-2567784811
                          • Opcode ID: 9a2ffd6a2aa1e432a887409876d578bb150929a395ca8a36e8a752ee0b032ac2
                          • Instruction ID: 4c92fd38282ca665532e6428a6d75e187717fc169864627098568e28fec33aba
                          • Opcode Fuzzy Hash: 9a2ffd6a2aa1e432a887409876d578bb150929a395ca8a36e8a752ee0b032ac2
                          • Instruction Fuzzy Hash: 5C3160343000544BE319AB24DB61B7A327BD782300F5281369B59AFBB5CB7A9D835B9C
                          Function 023D5248 Relevance: 7.5, Strings: 6, Instructions: 43COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,A$0^H$0_H$D_H$X_H$A
                          • API String ID: 0-513786437
                          • Opcode ID: 0d1b6690e75a23219a9675122ec89bbb808948cf3817575d15b88001b91d3e13
                          • Instruction ID: c6d1141aa6f26405305164193ad258ce6c1cf7b11f4a98b7230225e8b161334d
                          • Opcode Fuzzy Hash: 0d1b6690e75a23219a9675122ec89bbb808948cf3817575d15b88001b91d3e13
                          • Instruction Fuzzy Hash: 7F01196979064003C714BB64ACA05AE2247DB943043A4DD3BBB8A5F389CBBCCC058BCC
                          Function 023D4E84 Relevance: 6.3, Strings: 5, Instructions: 75COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: PYH$\\H$pZH$t\H$YH
                          • API String ID: 0-2482895934
                          • Opcode ID: 57214ea05c9edacaa05679e160eef1f5befe91648f70077a594d6fd5725c4018
                          • Instruction ID: 6c09a658d14f9864d8727dc1e323f5e141766256d7ff3d514e456196848df22b
                          • Opcode Fuzzy Hash: 57214ea05c9edacaa05679e160eef1f5befe91648f70077a594d6fd5725c4018
                          • Instruction Fuzzy Hash: EF218266BD1E54438719B2692CA05AE1143CBD1B003A0CD7BE19AAF794CB7CCD438BCE
                          Function 02371E94 Relevance: 6.3, Strings: 5, Instructions: 43COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: THO$THO$hHO$lHO$pHO
                          • API String ID: 0-2755811577
                          • Opcode ID: 814e3d5999a2c323d645320d32170f67a0c438515bde4d4f0a4ed4e1e60622d3
                          • Instruction ID: adda2bfdbe7e059653ef46d6c9214e4a97baa35474b8a01d0629a8f01bb33a1a
                          • Opcode Fuzzy Hash: 814e3d5999a2c323d645320d32170f67a0c438515bde4d4f0a4ed4e1e60622d3
                          • Instruction Fuzzy Hash: 40016D343101A88B9771BFB9A802D2B3796DBC17507D18872E8088B624DF3CEC158E6A
                          Function 023D5498 Relevance: 6.3, Strings: 5, Instructions: 25COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: H`H$\`H$d`H$l`H$p`H
                          • API String ID: 0-3650906554
                          • Opcode ID: 3680e2f60bd4a525712f84daedd16b7f47550694fcd516b746a311c8529d0492
                          • Instruction ID: 55a431d6abfc38fa831f830fbde7032b2a4a6beaed56359e406562781eb12a4c
                          • Opcode Fuzzy Hash: 3680e2f60bd4a525712f84daedd16b7f47550694fcd516b746a311c8529d0492
                          • Instruction Fuzzy Hash: 82E0BF417412004347D4F6686C9561E115787D6B01B62ED3B229AAF757CB7ECC05479C
                          Function 02436890 Relevance: 5.4, Strings: 4, Instructions: 431COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4zN$TzN$tzN$zN
                          • API String ID: 0-3761737173
                          • Opcode ID: 1fd1205ef3f89148a82afa52602fe0b26970d9c5c4092a30c33e630f6228b9dd
                          • Instruction ID: a7d53644fef2454b165e242aed7619d4c694750372c5051e91e72cc430474d85
                          • Opcode Fuzzy Hash: 1fd1205ef3f89148a82afa52602fe0b26970d9c5c4092a30c33e630f6228b9dd
                          • Instruction Fuzzy Hash: 19C18361B042112BD775BE3D9C40A2F62AB9F8C700B21C53BE949DB74ACE34DC5A8B65
                          Function 023FB304 Relevance: 5.2, Strings: 4, Instructions: 242COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: \O$ \O$$\O$$\O
                          • API String ID: 0-4041541676
                          • Opcode ID: 24c9f265cca8dc4819a3714d06922e931a443239f4ce16f5e23a3283dfddba08
                          • Instruction ID: 85027edb71cadffe67c0762f27c0cb2fe60dfd9d61e9cadaf717ac2ee7ee94c9
                          • Opcode Fuzzy Hash: 24c9f265cca8dc4819a3714d06922e931a443239f4ce16f5e23a3283dfddba08
                          • Instruction Fuzzy Hash: D391AD75604648EFD761CF58D990F69BBFAEB4E704F2184A6EA0897790CB34AE00CF14
                          Function 0243491C Relevance: 5.2, Strings: 4, Instructions: 166COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: $WN$0WN$0WN$c
                          • API String ID: 0-2813315131
                          • Opcode ID: e0d489748375037faf889427ae6cd592cc4d855d62982a232379c284b28e7735
                          • Instruction ID: fc73d55e287aeaeceb534ff082b1eeb9bfdfb983e9696f64b85813c9fb51fda8
                          • Opcode Fuzzy Hash: e0d489748375037faf889427ae6cd592cc4d855d62982a232379c284b28e7735
                          • Instruction Fuzzy Hash: AA51B435E006969BDB21EBE8C490AAEB3F6EF48304F148176D924E7340DB34DD45DB95
                          Function 02421864 Relevance: 5.2, Strings: 4, Instructions: 154COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: `O$ `O$$`O$$`O
                          • API String ID: 0-54657322
                          • Opcode ID: a30447fd4e22b6afd6bb87b4d526fd115d84cf143f197492c39002a7bc064805
                          • Instruction ID: 232ff59e6773703630affd92ae79e40b006adf39d07761fb1f51af3f9c7e8605
                          • Opcode Fuzzy Hash: a30447fd4e22b6afd6bb87b4d526fd115d84cf143f197492c39002a7bc064805
                          • Instruction Fuzzy Hash: F8512C343041549FC720EF19D880E6AB7A6EF85300FA185B69A4C9F365CB31ED96CF99
                          Function 02421C8C Relevance: 5.1, Strings: 4, Instructions: 107COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,*M$D*M$|*M$*M
                          • API String ID: 0-627582033
                          • Opcode ID: 495111e60915bffd45a6b945000c6118f7e55f3ddbaf916b9079644d9854df01
                          • Instruction ID: 150058ac128191008c94bd62d5ee636e2130b70572dd72e64476dbaadace54d5
                          • Opcode Fuzzy Hash: 495111e60915bffd45a6b945000c6118f7e55f3ddbaf916b9079644d9854df01
                          • Instruction Fuzzy Hash: 8641D170900289DFCB21DFACE5507AEBBF2EB09300F548067D408E7391DBB89A15CB59
                          Function 0243C24C Relevance: 5.1, Strings: 4, Instructions: 102COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: IMsg$haO$laO$paO
                          • API String ID: 0-3421424510
                          • Opcode ID: addb187b36737cb09cdb1c7598adc940005634c3b9294f52fc9d70661a0d2204
                          • Instruction ID: 50829258db752ed213f88f8749ec761f19d53ae06dca0cf035752a7a98eb039d
                          • Opcode Fuzzy Hash: addb187b36737cb09cdb1c7598adc940005634c3b9294f52fc9d70661a0d2204
                          • Instruction Fuzzy Hash: 0D417034A102049FCB51EFA9CD91DAEB7B6EF49300B918471E900A7761DB35AD01CF64
                          Function 023FD500 Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: $J$8J$PJ$pJ
                          • API String ID: 0-3312158234
                          • Opcode ID: 753fc08a8b31981488aa54af123cfe98e4bc835df797b1a083906d4fbc760530
                          • Instruction ID: 08ed2f71270d8b64fa3eeb1df4464845baea34cb69a5ab56da3ee152e8a2c981
                          • Opcode Fuzzy Hash: 753fc08a8b31981488aa54af123cfe98e4bc835df797b1a083906d4fbc760530
                          • Instruction Fuzzy Hash: 6D21F23170464C8BEBA0EB79E440A9EB3AAEB44304F108476D709DB744EB34DE00CA19
                          Function 0236DB84 Relevance: 5.1, Strings: 4, Instructions: 71COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: -$.$>$@A
                          • API String ID: 0-2064281053
                          • Opcode ID: f6082a2074be751e637f97d59e3a047e331e226540d71f4074ebae552882f687
                          • Instruction ID: d98a540399daacc4aca8ccef979749042ef078b0395b2d2da66fe65e63600e74
                          • Opcode Fuzzy Hash: f6082a2074be751e637f97d59e3a047e331e226540d71f4074ebae552882f687
                          • Instruction Fuzzy Hash: F1110335B042AD1FDF328A2888947BE7FEADB4A724F1582A5C8419B38DD7748D41C680
                          Function 0243C5E8 Relevance: 5.0, Strings: 4, Instructions: 30COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000003.1841989113.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Offset: 02350000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_3_2350000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: haO$laO$paO$xaO
                          • API String ID: 0-3369357092
                          • Opcode ID: 0b5ebeb628e0b4c2e89e6e5fc994e5a812f82a3c47c0e2fcc29416535aea9051
                          • Instruction ID: 76d4e1aa73015bc000684072a9b90b77670301e76f730051eec92988fff74f27
                          • Opcode Fuzzy Hash: 0b5ebeb628e0b4c2e89e6e5fc994e5a812f82a3c47c0e2fcc29416535aea9051
                          • Instruction Fuzzy Hash: BCF065746083942B9323BB689A11D3D376AD787740BD380B3EB04D7651CA298C919BAE

                          Non-executed Functions

                          Function 05BFD1A2 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000003.1852891449.0000000005BF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_3_5bf0000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: &=S=$D=H=$J=R=$P=T=$\=t=$b=j=
                          • API String ID: 0-453497246
                          • Opcode ID: 3f8c10065fd9bfc1039ed8326282580bd4434674bf9fd5f511dd7c5405638fb2
                          • Instruction ID: e3e1f4e735b004333b9a8825ba3288d90efef47daf575e841a90bded8d806d0d
                          • Opcode Fuzzy Hash: 3f8c10065fd9bfc1039ed8326282580bd4434674bf9fd5f511dd7c5405638fb2
                          • Instruction Fuzzy Hash: 00F16A2144C3D1AEDB669B7884A51C7BFA2AE4B2003DB56EBC4D18F867C61194CBD783
                          Function 05BFD249 Relevance: 5.4, Strings: 4, Instructions: 443COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000003.1852891449.0000000005BF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_3_5bf0000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: &=S=$D=H=$P=T=$\=t=
                          • API String ID: 0-15307798
                          • Opcode ID: 46d43b80d55332dade8007ecfab4957b39d7bb7b5cb19600936e90bee3d7ea1b
                          • Instruction ID: 79cada8ba5980f303858f9c4d14d8d7b4b337d750a000e7bc2d0d1a6de6fbbea
                          • Opcode Fuzzy Hash: 46d43b80d55332dade8007ecfab4957b39d7bb7b5cb19600936e90bee3d7ea1b
                          • Instruction Fuzzy Hash: 3CE1272144D3D1AEDB639B7884A51D7BFE2AE4B20039B5AEEC4C18F823C61194CBD752
                          Function 05BFD289 Relevance: 5.4, Strings: 4, Instructions: 435COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000003.1852891449.0000000005BF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_3_5bf0000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: &=S=$D=H=$P=T=$\=t=
                          • API String ID: 0-15307798
                          • Opcode ID: 5769886289d0820a548cfe8a40328d62cf424f6ad6a876f0a3b50335e54dee35
                          • Instruction ID: cbe3724deb3bedca191de0f68c564388ce15770c3f452bedc1c99116589ea5c2
                          • Opcode Fuzzy Hash: 5769886289d0820a548cfe8a40328d62cf424f6ad6a876f0a3b50335e54dee35
                          • Instruction Fuzzy Hash: 29E1273154D7D1AEDB639B7884A52C7BFA2AE4B2043DB66EBC4C18F823C61194C7D742
                          Function 05BF5F5B Relevance: 10.1, Strings: 8, Instructions: 148COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000003.1852891449.0000000005BF0000.00000004.00001000.00020000.00000000.sdmp, Offset: 05BF0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_3_5bf0000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0q@$4q@$@q@$Dq@$Tq@$\q@$hq@$tq@
                          • API String ID: 0-2664086056
                          • Opcode ID: aa26873595d0c2eb2fc882035f79702c80cb9b4c0a84a87752ee4d90ea56d24c
                          • Instruction ID: a13033a814b10d1f00e1bff2cc2862d3f4e5daee743acc2622653799073ae8d2
                          • Opcode Fuzzy Hash: aa26873595d0c2eb2fc882035f79702c80cb9b4c0a84a87752ee4d90ea56d24c
                          • Instruction Fuzzy Hash: 144134357189416BC722EE78CCC86BEF7A6EB41200B6045F6DB42DB7C4D635B90E8716
                          Function 06A52231 Relevance: 5.3, Strings: 4, Instructions: 270COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000003.1874983088.0000000006A50000.00000004.00001000.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_3_6a50000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: /D=$ _?=$"$NCRC
                          • API String ID: 0-786809015
                          • Opcode ID: 6ba4fb40d7bd92c1ebbe911dd676ce3c93320ecf1dee6a0cc5c55ae1e6c5994a
                          • Instruction ID: edf5f91b23708724ded4f21f224c6515c1480ee7374289737cc242237470c657
                          • Opcode Fuzzy Hash: 6ba4fb40d7bd92c1ebbe911dd676ce3c93320ecf1dee6a0cc5c55ae1e6c5994a
                          • Instruction Fuzzy Hash: F591D471A48341BFE7E0FF609D48B2A7AE8EF05300F470479FD91AA091C7789A45CB66
                          Function 06A525EF Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000003.1874983088.0000000006A50000.00000004.00001000.00020000.00000000.sdmp, Offset: 06A50000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_3_6a50000_CrawlerSetup12.jbxd
                          Similarity
                          • API ID:
                          • String ID: @.B$@6B$A.B$_Nb
                          • API String ID: 0-2614304673
                          • Opcode ID: 0bb5b04f4ce246fb2644b638be55ab87e2fdc5342e204ca8828ad19b9318a602
                          • Instruction ID: 3c2585b972784bd1e8cf4579c2cd3db855ee2135c12ecfbb7893d2e29217349b
                          • Opcode Fuzzy Hash: 0bb5b04f4ce246fb2644b638be55ab87e2fdc5342e204ca8828ad19b9318a602
                          • Instruction Fuzzy Hash: 6861E270A40304BEE7A0FF649E44F2B36BDEB44745F430039FD51A61A0DB78AA41CA3A

                          Execution Graph

                          Execution Coverage:15.1%
                          Dynamic/Decrypted Code Coverage:0%
                          Signature Coverage:100%
                          Total number of Nodes:3
                          Total number of Limit Nodes:0
                          execution_graph 4833 1cdca0f7 4834 1cdca107 NtQuerySystemInformation 4833->4834 4835 1cdca0a4 4834->4835

                          Executed Functions

                          Function 1CDCA0F7 Relevance: 8.4, APIs: 1, Instructions: 6852nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtQuerySystemInformation.NTDLL ref: 1CDCA11C
                          Memory Dump Source
                          • Source File: 00000005.00000002.2887268782.000000001CDC7000.00000020.00000001.00020000.00000000.sdmp, Offset: 1CDC7000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_1cdc7000_CodecInstaller.jbxd
                          Similarity
                          • API ID: InformationQuerySystem
                          • String ID:
                          • API String ID: 3562636166-0
                          • Opcode ID: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                          • Instruction ID: 5a63fbfaa948988dfa3a434588a56fe7ac05e711ac8c08814c2c6200375921f6
                          • Opcode Fuzzy Hash: a3d4a310f25344abd1978f5247c9d082b9ccbb3eaa73dfa71153365510a96fee
                          • Instruction Fuzzy Hash: E3A3E431714A4D8BDB2DEF28DC856A977E5FB95300F10422EE98BC7251DF34EA428B85
                          Function 00007FFD9BB11955 Relevance: 2.6, Strings: 1, Instructions: 1323COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 972 7ffd9bb11955-7ffd9bb120cc 1098 7ffd9bb120d3-7ffd9bb12700 972->1098
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID: 9
                          • API String ID: 0-2366072709
                          • Opcode ID: 79656993c3fb3b02e1a87c7b02f8a4951d27c6256ee561bb5fc5e75ab7ffdff5
                          • Instruction ID: f31a963ee54ece687d6eedd1b59844063aeace291babb701fbf7710921ce9d75
                          • Opcode Fuzzy Hash: 79656993c3fb3b02e1a87c7b02f8a4951d27c6256ee561bb5fc5e75ab7ffdff5
                          • Instruction Fuzzy Hash: CEA2B521B1DE494FEB85EB3884A5BA977D2EF99304F5444BDD05EC72EBCD28AC058342
                          Function 00007FFD9BB15DA1 Relevance: 1.3, Instructions: 1349COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1190 7ffd9bb15da1-7ffd9bb15e63 1191 7ffd9bb15e65-7ffd9bb15e68 1190->1191 1192 7ffd9bb15e78-7ffd9bb15e7b 1190->1192 1193 7ffd9bb15e90-7ffd9bb15eea 1191->1193 1194 7ffd9bb15e6a-7ffd9bb15e6d 1191->1194 1195 7ffd9bb15e81-7ffd9bb15e84 1192->1195 1196 7ffd9bb15ff6-7ffd9bb16050 1192->1196 1225 7ffd9bb16b40-7ffd9bb16bd2 1193->1225 1226 7ffd9bb15ef0-7ffd9bb15f41 1193->1226 1197 7ffd9bb16290-7ffd9bb162df 1194->1197 1198 7ffd9bb15e73 1194->1198 1199 7ffd9bb15f46-7ffd9bb15fa0 1195->1199 1200 7ffd9bb15e8a 1195->1200 1196->1225 1228 7ffd9bb16056-7ffd9bb160a2 1196->1228 1222 7ffd9bb162e0-7ffd9bb1632f 1197->1222 1204 7ffd9bb16a83-7ffd9bb16abf 1198->1204 1199->1225 1231 7ffd9bb15fa6-7ffd9bb15ff1 1199->1231 1200->1204 1236 7ffd9bb16ac0-7ffd9bb16afc 1204->1236 1222->1236 1244 7ffd9bb16335-7ffd9bb16401 1222->1244 1226->1222 1228->1225 1230 7ffd9bb160a8-7ffd9bb160f4 1228->1230 1230->1225 1235 7ffd9bb160fa-7ffd9bb16146 1230->1235 1231->1222 1235->1225 1239 7ffd9bb1614c-7ffd9bb16198 1235->1239 1257 7ffd9bb16b00-7ffd9bb16b3c 1236->1257 1239->1225 1242 7ffd9bb1619e-7ffd9bb161ea 1239->1242 1242->1225 1245 7ffd9bb161f0-7ffd9bb1623c 1242->1245 1244->1257 1258 7ffd9bb16407-7ffd9bb16412 1244->1258 1245->1225 1249 7ffd9bb16242-7ffd9bb1628a 1245->1249 1249->1222 1257->1225 1261 7ffd9bb16471-7ffd9bb164e0 1258->1261 1262 7ffd9bb16414-7ffd9bb16455 1258->1262 1270 7ffd9bb16943-7ffd9bb16946 1261->1270 1272 7ffd9bb16458-7ffd9bb1645a 1262->1272 1275 7ffd9bb164e5-7ffd9bb164f6 1270->1275 1276 7ffd9bb1694c-7ffd9bb16953 1270->1276 1273 7ffd9bb16460-7ffd9bb1646f 1272->1273 1274 7ffd9bb16958-7ffd9bb1696c 1272->1274 1273->1261 1283 7ffd9bb1696e-7ffd9bb1696f 1274->1283 1284 7ffd9bb1697a-7ffd9bb169a1 1274->1284 1275->1225 1277 7ffd9bb164fc-7ffd9bb1650b 1275->1277 1279 7ffd9bb16511-7ffd9bb1652a 1277->1279 1280 7ffd9bb16934-7ffd9bb1693d 1277->1280 1279->1280 1285 7ffd9bb16530-7ffd9bb1655b 1279->1285 1280->1270 1283->1284 1290 7ffd9bb16a70-7ffd9bb16a81 1284->1290 1291 7ffd9bb169a7-7ffd9bb169aa 1284->1291 1293 7ffd9bb1655d-7ffd9bb16562 1285->1293 1294 7ffd9bb16585-7ffd9bb16630 1285->1294 1291->1290 1295 7ffd9bb169b0-7ffd9bb169c1 1291->1295 1298 7ffd9bb16580-7ffd9bb168df call 7ffd9bb16f18 1293->1298 1299 7ffd9bb16564-7ffd9bb16579 1293->1299 1328 7ffd9bb16860-7ffd9bb1689b call 7ffd9bb16e0c call 7ffd9bb16f18 1294->1328 1329 7ffd9bb16636-7ffd9bb166e0 1294->1329 1296 7ffd9bb169c3-7ffd9bb169fd 1295->1296 1297 7ffd9bb16a04-7ffd9bb16a18 1295->1297 1296->1297 1303 7ffd9bb16a30-7ffd9bb16a37 1297->1303 1304 7ffd9bb16a1a-7ffd9bb16a27 1297->1304 1298->1280 1299->1298 1310 7ffd9bb16a50-7ffd9bb16a57 1303->1310 1311 7ffd9bb16a39-7ffd9bb16a4f 1303->1311 1304->1303 1310->1290 1313 7ffd9bb16a59-7ffd9bb16a6f 1310->1313 1311->1310 1313->1290 1328->1280 1341 7ffd9bb166e2-7ffd9bb166ff 1329->1341 1342 7ffd9bb16706-7ffd9bb16714 1329->1342 1341->1342 1346 7ffd9bb16740-7ffd9bb16765 1342->1346 1347 7ffd9bb16716-7ffd9bb16739 1342->1347 1352 7ffd9bb16822-7ffd9bb1682b call 7ffd9bb16db7 1346->1352 1353 7ffd9bb1676b-7ffd9bb16771 1346->1353 1347->1346 1352->1328 1357 7ffd9bb1683b-7ffd9bb1685d 1352->1357 1356 7ffd9bb16778-7ffd9bb16790 1353->1356 1356->1352 1360 7ffd9bb16796-7ffd9bb167a3 1356->1360 1357->1328 1363 7ffd9bb167e3-7ffd9bb1681c 1360->1363 1364 7ffd9bb167a5-7ffd9bb167e1 1360->1364 1363->1357 1364->1363
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fc5df11b702780d468a2ba26050ea5658602a9f3ee2dedcbc13a7c1b29ff9c53
                          • Instruction ID: 69898631a3868cfa24da79582a4fdf0a92702a4bf4f545539941220250b2fdaf
                          • Opcode Fuzzy Hash: fc5df11b702780d468a2ba26050ea5658602a9f3ee2dedcbc13a7c1b29ff9c53
                          • Instruction Fuzzy Hash: 53A2B170A09A8D8FEBA9DF6884A47A477E0FF59304F1540BAD44ECB2E3DE34A945C740
                          Function 00007FFD9BB1404A Relevance: .4, Instructions: 386COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1624 7ffd9bb1404a-7ffd9bb14065 1625 7ffd9bb1406d-7ffd9bb14079 1624->1625 1626 7ffd9bb14067-7ffd9bb1406c 1624->1626 1627 7ffd9bb14081-7ffd9bb1408d 1625->1627 1628 7ffd9bb1407b-7ffd9bb14080 1625->1628 1626->1625 1629 7ffd9bb1408f-7ffd9bb14094 1627->1629 1630 7ffd9bb14095-7ffd9bb140a1 1627->1630 1628->1627 1629->1630 1631 7ffd9bb140a3-7ffd9bb140a8 1630->1631 1632 7ffd9bb140a9-7ffd9bb140b5 1630->1632 1631->1632 1633 7ffd9bb140bd-7ffd9bb140c9 1632->1633 1634 7ffd9bb140b7-7ffd9bb140bc 1632->1634 1635 7ffd9bb140d1-7ffd9bb140ed 1633->1635 1636 7ffd9bb140cb-7ffd9bb140d0 1633->1636 1634->1633 1637 7ffd9bb140ee 1635->1637 1638 7ffd9bb140ef-7ffd9bb14134 1635->1638 1636->1635 1637->1638 1641 7ffd9bb14154-7ffd9bb14157 1638->1641 1642 7ffd9bb14136-7ffd9bb14152 1638->1642 1643 7ffd9bb14183-7ffd9bb1418c 1641->1643 1644 7ffd9bb14159-7ffd9bb1417c 1641->1644 1642->1641 1647 7ffd9bb14193-7ffd9bb1421e 1642->1647 1643->1647 1644->1643 1658 7ffd9bb14224-7ffd9bb14257 1647->1658 1659 7ffd9bb1435a-7ffd9bb14367 1647->1659 1665 7ffd9bb142b8-7ffd9bb14351 1658->1665 1666 7ffd9bb14259-7ffd9bb14298 1658->1666 1660 7ffd9bb14375-7ffd9bb14381 1659->1660 1661 7ffd9bb14369-7ffd9bb1436a 1659->1661 1661->1660 1679 7ffd9bb14358 1665->1679 1666->1665 1679->1659
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9552cdfa57c3270b724a5bf27743d96331d99026042f6923c16459d1e9e868f5
                          • Instruction ID: dc5371cb42ea8a87a0da3c1ba35fca78d5563aceff462c49821b59b57a5a19ec
                          • Opcode Fuzzy Hash: 9552cdfa57c3270b724a5bf27743d96331d99026042f6923c16459d1e9e868f5
                          • Instruction Fuzzy Hash: 2BC1E76160E7CA5FE756DB788865AA57FE1EF57304F0A40EED088CB1E3CE289905C781
                          Function 00007FFD9BB13B45 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1372 7ffd9bb13b45-7ffd9bb13b4f 1373 7ffd9bb13b51-7ffd9bb13b58 1372->1373 1374 7ffd9bb13b59-7ffd9bb13b8d 1372->1374 1373->1374 1377 7ffd9bb13b94-7ffd9bb13bb6 1374->1377
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID: 9
                          • API String ID: 0-2366072709
                          • Opcode ID: 27967b6654d813d9f3a1d63e24b28fdf77695ab83503085cb9dea413215b2f1d
                          • Instruction ID: 2625bfc77770ccbeae9f466a2f3890f12817c8ab431a0a1f00929d7c158dddb6
                          • Opcode Fuzzy Hash: 27967b6654d813d9f3a1d63e24b28fdf77695ab83503085cb9dea413215b2f1d
                          • Instruction Fuzzy Hash: F101C401B0D7C90FD762AB7884A9B247F80AF17214F1A40FDD189CF1E7E9598945C342
                          Function 00007FFD9BB107C1 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1380 7ffd9bb107c1-7ffd9bb10817 1382 7ffd9bb1081f-7ffd9bb10840 1380->1382
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID: 9
                          • API String ID: 0-2366072709
                          • Opcode ID: d80aa517fe7fd3cc0f442e6688e550a87a9d0ea4803df3f7816cdac99aa43ee4
                          • Instruction ID: 2a654539b531538619661c91ae3979f506017707698ab4febd9a139eb195fe4c
                          • Opcode Fuzzy Hash: d80aa517fe7fd3cc0f442e6688e550a87a9d0ea4803df3f7816cdac99aa43ee4
                          • Instruction Fuzzy Hash: 4711616150E7C54FD742AB7888A8A507FF0DF57244B1B00EAD088CF0B3DA5C9D49C762
                          Function 00007FFD9BB14B31 Relevance: 1.0, Instructions: 1017COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1385 7ffd9bb14b31-7ffd9bb14c24 1389 7ffd9bb14c26-7ffd9bb14c29 1385->1389 1390 7ffd9bb14c39-7ffd9bb14c3c 1385->1390 1391 7ffd9bb14c50-7ffd9bb14c7b 1389->1391 1392 7ffd9bb14c2b-7ffd9bb14c2e 1389->1392 1393 7ffd9bb14cf0-7ffd9bb14d2d 1390->1393 1394 7ffd9bb14c42-7ffd9bb14c45 1390->1394 1406 7ffd9bb14c7d 1391->1406 1407 7ffd9bb14c85-7ffd9bb14c94 1391->1407 1395 7ffd9bb14c34 1392->1395 1396 7ffd9bb14d48-7ffd9bb14d85 1392->1396 1417 7ffd9bb14d2f 1393->1417 1418 7ffd9bb14d37-7ffd9bb14d46 1393->1418 1397 7ffd9bb14ca0-7ffd9bb14ccb 1394->1397 1398 7ffd9bb14c47 1394->1398 1399 7ffd9bb15580-7ffd9bb155a0 1395->1399 1419 7ffd9bb14d90-7ffd9bb14d9f 1396->1419 1420 7ffd9bb14d87-7ffd9bb14d8f 1396->1420 1410 7ffd9bb14ccd 1397->1410 1411 7ffd9bb14cd5-7ffd9bb14ce4 1397->1411 1398->1399 1406->1407 1408 7ffd9bb14da0-7ffd9bb14dc1 1407->1408 1422 7ffd9bb14df3-7ffd9bb14e02 1408->1422 1410->1411 1411->1408 1417->1418 1418->1408 1419->1408 1420->1419 1425 7ffd9bb14dc3-7ffd9bb14dc6 1422->1425 1426 7ffd9bb14e04-7ffd9bb14e0f 1422->1426 1427 7ffd9bb14dc8-7ffd9bb14df0 1425->1427 1429 7ffd9bb14e11-7ffd9bb14e3f 1426->1429 1430 7ffd9bb14e84-7ffd9bb14e8f 1426->1430 1427->1422 1429->1427 1442 7ffd9bb14e41-7ffd9bb14e5e 1429->1442 1434 7ffd9bb14e95-7ffd9bb14e9e 1430->1434 1435 7ffd9bb14f5a-7ffd9bb14f5d 1430->1435 1444 7ffd9bb14ea5-7ffd9bb14f54 1434->1444 1438 7ffd9bb14f63-7ffd9bb14f71 1435->1438 1446 7ffd9bb14e63-7ffd9bb14e7b 1438->1446 1447 7ffd9bb14f77-7ffd9bb14f7f 1438->1447 1442->1438 1444->1435 1456 7ffd9bb14e82-7ffd9bb14e83 1446->1456 1449 7ffd9bb151d0-7ffd9bb151df 1447->1449 1454 7ffd9bb14f84-7ffd9bb14f8f 1449->1454 1455 7ffd9bb151e5-7ffd9bb151fa 1449->1455 1462 7ffd9bb14f96-7ffd9bb14f9b 1454->1462 1460 7ffd9bb15261-7ffd9bb15271 1455->1460 1461 7ffd9bb151fc-7ffd9bb1525f 1455->1461 1456->1430 1472 7ffd9bb15279-7ffd9bb152b3 1460->1472 1461->1472 1465 7ffd9bb14fa1-7ffd9bb14fc2 1462->1465 1466 7ffd9bb151c5-7ffd9bb151ce 1462->1466 1480 7ffd9bb15045-7ffd9bb15050 1465->1480 1481 7ffd9bb14fc8-7ffd9bb14fca 1465->1481 1466->1449 1477 7ffd9bb154c0-7ffd9bb154de 1472->1477 1485 7ffd9bb154e4-7ffd9bb15549 1477->1485 1486 7ffd9bb152b8-7ffd9bb152dd 1477->1486 1480->1466 1484 7ffd9bb15056-7ffd9bb1506d 1480->1484 1483 7ffd9bb15030-7ffd9bb1503e 1481->1483 1495 7ffd9bb15040 1483->1495 1496 7ffd9bb14fcc-7ffd9bb15005 1483->1496 1484->1466 1502 7ffd9bb15073-7ffd9bb1507f 1484->1502 1519 7ffd9bb15560-7ffd9bb15567 1485->1519 1520 7ffd9bb1554b-7ffd9bb1555d 1485->1520 1505 7ffd9bb152e4-7ffd9bb153d0 1486->1505 1495->1466 1507 7ffd9bb15008-7ffd9bb1500a 1496->1507 1506 7ffd9bb15081-7ffd9bb15168 1502->1506 1502->1507 1556 7ffd9bb15411-7ffd9bb1545f 1505->1556 1557 7ffd9bb153d2-7ffd9bb153d8 1505->1557 1548 7ffd9bb151b0-7ffd9bb151be 1506->1548 1549 7ffd9bb1516a-7ffd9bb15198 1506->1549 1509 7ffd9bb1502c-7ffd9bb1502f 1507->1509 1510 7ffd9bb1500c-7ffd9bb15027 1507->1510 1509->1483 1510->1466 1527 7ffd9bb15569-7ffd9bb1557c 1519->1527 1520->1527 1548->1466 1549->1548 1558 7ffd9bb1519a-7ffd9bb151a8 1549->1558 1563 7ffd9bb154a0-7ffd9bb154bc 1556->1563 1564 7ffd9bb15461-7ffd9bb1549d 1556->1564 1557->1556 1559 7ffd9bb153da-7ffd9bb1540a 1557->1559 1558->1548 1559->1556 1563->1477 1564->1477
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d248e51b92865077e691c9f9ab2505bd42d9e3743e2e3078d43a29cb373841f1
                          • Instruction ID: d5fcf91766aee956c093cc156506900ee1ced7936b97e9d36955035c3faed798
                          • Opcode Fuzzy Hash: d248e51b92865077e691c9f9ab2505bd42d9e3743e2e3078d43a29cb373841f1
                          • Instruction Fuzzy Hash: C172E120B1DA8A4FEBA9EB289465BB977D1FF49300F5400BDD44DCB2E7DE38A9418741
                          Function 00007FFD9BB147A8 Relevance: .3, Instructions: 346COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1680 7ffd9bb147a8-7ffd9bb14807 1685 7ffd9bb14860-7ffd9bb1492f 1680->1685 1686 7ffd9bb14809-7ffd9bb1485a 1680->1686 1702 7ffd9bb14970-7ffd9bb14992 1685->1702 1703 7ffd9bb14931-7ffd9bb1496d 1685->1703 1693 7ffd9bb14ad0-7ffd9bb14ae0 1686->1693 1709 7ffd9bb14a90-7ffd9bb14aa6 1702->1709 1703->1702 1712 7ffd9bb149a0-7ffd9bb149ba 1709->1712 1713 7ffd9bb14aac-7ffd9bb14ab7 1709->1713 1720 7ffd9bb149c4-7ffd9bb149ca 1712->1720 1721 7ffd9bb149bc-7ffd9bb149bf 1712->1721 1716 7ffd9bb14ab9-7ffd9bb14aca 1713->1716 1717 7ffd9bb14acb 1713->1717 1716->1717 1717->1693 1722 7ffd9bb149f1-7ffd9bb14a05 1720->1722 1723 7ffd9bb149cc-7ffd9bb149ec 1720->1723 1721->1709 1726 7ffd9bb14a30-7ffd9bb14a3d 1722->1726 1727 7ffd9bb14a07-7ffd9bb14a14 1722->1727 1723->1709 1731 7ffd9bb14a3f-7ffd9bb14a42 1726->1731 1732 7ffd9bb14a44-7ffd9bb14a4c 1726->1732 1733 7ffd9bb14a16-7ffd9bb14a29 1727->1733 1734 7ffd9bb14a2b 1727->1734 1735 7ffd9bb14a74-7ffd9bb14a87 1731->1735 1736 7ffd9bb14a54-7ffd9bb14a72 1732->1736 1733->1735 1734->1735 1735->1709 1736->1735
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4ec3bd2a6d0b462e5b4f7a7eaa5f03d61740d2bca41158e99aa6849c8456025f
                          • Instruction ID: e921710e9bef10475d15abbb0ba8ddb07f6c3281d1a78823eb28bdcd1554a87e
                          • Opcode Fuzzy Hash: 4ec3bd2a6d0b462e5b4f7a7eaa5f03d61740d2bca41158e99aa6849c8456025f
                          • Instruction Fuzzy Hash: 55A12761B1EA8A0FEB99AB68547577937D1EF4A300F5601FEE44EC72D7CD28AD028341
                          Function 00007FFD9BB17D2A Relevance: .3, Instructions: 335COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1741 7ffd9bb17d2a-7ffd9bb17d2f 1742 7ffd9bb17d31-7ffd9bb17d32 1741->1742 1743 7ffd9bb17d34-7ffd9bb17d4d 1741->1743 1742->1743 1744 7ffd9bb17d4f-7ffd9bb17d68 1743->1744 1745 7ffd9bb17d73-7ffd9bb17d7c 1744->1745 1746 7ffd9bb17d82-7ffd9bb17d87 1745->1746 1747 7ffd9bb17e46-7ffd9bb17e47 1745->1747 1748 7ffd9bb17d90-7ffd9bb17d96 1746->1748 1749 7ffd9bb17e53-7ffd9bb17e5e 1747->1749 1750 7ffd9bb17e60-7ffd9bb17eda 1748->1750 1751 7ffd9bb17d9c-7ffd9bb17da8 1748->1751 1756 7ffd9bb17ee0-7ffd9bb17f51 1750->1756 1757 7ffd9bb17fe1-7ffd9bb17fe5 1750->1757 1753 7ffd9bb17db0-7ffd9bb17dc3 1751->1753 1758 7ffd9bb17e24-7ffd9bb17e2a 1753->1758 1759 7ffd9bb17dc5-7ffd9bb17e1c 1753->1759 1773 7ffd9bb17f53-7ffd9bb17f55 1756->1773 1774 7ffd9bb17f56-7ffd9bb17fda 1756->1774 1763 7ffd9bb17fec-7ffd9bb17ffa 1757->1763 1760 7ffd9bb17e37-7ffd9bb17e40 1758->1760 1761 7ffd9bb17e2c-7ffd9bb17e35 1758->1761 1759->1758 1760->1747 1760->1748 1761->1749 1766 7ffd9bb18002-7ffd9bb18020 1763->1766 1768 7ffd9bb18027-7ffd9bb1803b 1766->1768 1773->1774 1774->1757
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0920ead7d8945c5c54ba822e4e282c7a8d6884f448f2aff5bec566b9a46ca5e9
                          • Instruction ID: 4642c9b24ae9f3657f43ab66ac00bd1f2e0306b82d8ec037aa60feffcb5dfb31
                          • Opcode Fuzzy Hash: 0920ead7d8945c5c54ba822e4e282c7a8d6884f448f2aff5bec566b9a46ca5e9
                          • Instruction Fuzzy Hash: 0EB17171608A8D8FDBA1EF28C494BE577E0FF69305F1441AAE84DC72A2DF34E9458B41
                          Function 00007FFD9BB1C604 Relevance: .3, Instructions: 270COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1777 7ffd9bb1c604-7ffd9bb1c62f 1778 7ffd9bb1c632-7ffd9bb1c636 1777->1778 1779 7ffd9bb1c637-7ffd9bb1c649 1778->1779 1780 7ffd9bb1c67c-7ffd9bb1c699 1778->1780 1782 7ffd9bb1c655-7ffd9bb1c679 1779->1782 1780->1778 1783 7ffd9bb1c69b-7ffd9bb1c6f6 1780->1783 1782->1780 1790 7ffd9bb1c7d0-7ffd9bb1c800 1783->1790 1791 7ffd9bb1c6fc-7ffd9bb1c71f 1783->1791 1794 7ffd9bb1c721-7ffd9bb1c732 1791->1794 1795 7ffd9bb1c734 1791->1795 1796 7ffd9bb1c736-7ffd9bb1ca22 1794->1796 1795->1796 1809 7ffd9bb1ca24-7ffd9bb1ca35 1796->1809 1810 7ffd9bb1ca36-7ffd9bb1ca46 1796->1810 1809->1810
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b013a82f69a548dcf434bce3db4c6798cf1430a4bb681897c18844df6248cf42
                          • Instruction ID: cda6763fd151b7c4f06991049899b1b1f9556043db4ba12b8da1cf1a797c7fb1
                          • Opcode Fuzzy Hash: b013a82f69a548dcf434bce3db4c6798cf1430a4bb681897c18844df6248cf42
                          • Instruction Fuzzy Hash: 31812461B0EB890FE796DB6C84A56757FE1EF5A244B1600FBD08DCB1E3CE14AC058352
                          Function 00007FFD9BB102E9 Relevance: .3, Instructions: 262COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1813 7ffd9bb102e9-7ffd9bb1033a 1814 7ffd9bb10360-7ffd9bb1037b 1813->1814 1815 7ffd9bb1033c-7ffd9bb10347 1813->1815 1819 7ffd9bb1037d-7ffd9bb103a1 1814->1819 1820 7ffd9bb103c6-7ffd9bb103e9 1814->1820 1815->1814 1818 7ffd9bb10349-7ffd9bb1035a 1815->1818 1818->1814 1819->1814 1828 7ffd9bb103f0-7ffd9bb1041e 1820->1828 1834 7ffd9bb10440-7ffd9bb1044d 1828->1834 1835 7ffd9bb10420-7ffd9bb1043e 1828->1835 1838 7ffd9bb1044f-7ffd9bb104ac 1834->1838 1839 7ffd9bb104b1-7ffd9bb10534 1834->1839 1835->1828 1835->1834 1853 7ffd9bb10549-7ffd9bb1054a 1838->1853 1856 7ffd9bb10536 1839->1856 1857 7ffd9bb1053b-7ffd9bb10542 1839->1857 1855 7ffd9bb10552-7ffd9bb10560 1853->1855 1856->1857 1857->1853
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e35bcdb7cf7538dfb34c6499bf4e09a31f2e0152c316e9dcb617b02f2cdad9bf
                          • Instruction ID: 5be78449a036a29366b3966b64e426450beec5850309bbdf98db4628393dd3fe
                          • Opcode Fuzzy Hash: e35bcdb7cf7538dfb34c6499bf4e09a31f2e0152c316e9dcb617b02f2cdad9bf
                          • Instruction Fuzzy Hash: 5B81F521B0DA494FEB59FB289065A793BE1FF59300F4500BAE44DC71E7DE28ED058742
                          Function 00007FFD9BB13BB9 Relevance: .3, Instructions: 258COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1859 7ffd9bb13bb9-7ffd9bb13c10 1861 7ffd9bb13dc6-7ffd9bb13dd7 1859->1861 1862 7ffd9bb13c16-7ffd9bb13c3d 1859->1862 1865 7ffd9bb13e04-7ffd9bb13e0f 1861->1865 1866 7ffd9bb13dd9-7ffd9bb13e02 1861->1866 1862->1861 1872 7ffd9bb13c43-7ffd9bb13cac 1862->1872 1868 7ffd9bb13e10-7ffd9bb13e42 1865->1868 1866->1868 1881 7ffd9bb13d60-7ffd9bb13d67 1872->1881 1882 7ffd9bb13d6f-7ffd9bb13d75 1881->1882 1883 7ffd9bb13cb1-7ffd9bb13cd4 1882->1883 1884 7ffd9bb13d7b-7ffd9bb13d89 1882->1884 1883->1881 1888 7ffd9bb13cda-7ffd9bb13d10 1883->1888 1889 7ffd9bb13da0-7ffd9bb13da9 1884->1889 1890 7ffd9bb13d8b-7ffd9bb13d9f 1884->1890 1900 7ffd9bb13d20-7ffd9bb13d5b 1888->1900 1901 7ffd9bb13d12-7ffd9bb13d1d 1888->1901 1894 7ffd9bb13dc0 1889->1894 1895 7ffd9bb13dab-7ffd9bb13dbf 1889->1895 1890->1889 1894->1868 1895->1894 1900->1881 1901->1881
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e6d426cc543889dc6f59cd94d0f831a3f73f0546227e53828a219d1d53b3ee67
                          • Instruction ID: 06724bc36734046908431a4860f8db3cc4bb398cab669139879937257235495e
                          • Opcode Fuzzy Hash: e6d426cc543889dc6f59cd94d0f831a3f73f0546227e53828a219d1d53b3ee67
                          • Instruction Fuzzy Hash: 4B812661B0EA8A5FEB99EB3884657797BD1FF49304F4500BAE44EC71D7DE28AC018781
                          Function 00007FFD9BB133BE Relevance: .3, Instructions: 251COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1d8274a2ff73f955a9632c69685acb26a6fee44d279b28c33590f274f4578934
                          • Instruction ID: 08d458b59c687f7f62a65447671513d15eaf2775d596dd5c48d03f61cdffa1e0
                          • Opcode Fuzzy Hash: 1d8274a2ff73f955a9632c69685acb26a6fee44d279b28c33590f274f4578934
                          • Instruction Fuzzy Hash: C381A13071CA894FEB95EB2C84A5BA977D2FF99300F5040B9E40DC72DBCE38A8458742
                          Function 00007FFD9BB10CF4 Relevance: .2, Instructions: 235COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a89ab3bbd8d996a718b3f2aee47611024942a20bcee74fe3730e648a49a55049
                          • Instruction ID: 099a9b156c698c394c8ff51c1bbee56751eaa3ae49cb9339b0bc20ee9b05ec7e
                          • Opcode Fuzzy Hash: a89ab3bbd8d996a718b3f2aee47611024942a20bcee74fe3730e648a49a55049
                          • Instruction Fuzzy Hash: C4712B21F0EA4E4FEBA5EF6880B567837D1FF59704B95107AE40EC72E7DD28A9008340
                          Function 00007FFD9BB143DA Relevance: .2, Instructions: 206COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b4679a0018bf8151722384ff28d4f21b7f3e83c7e797ce3dabcde59245cba027
                          • Instruction ID: 7c7af779174f1c124250adc881a3fc52b98ee3d734b917e368f687fe0fee39b8
                          • Opcode Fuzzy Hash: b4679a0018bf8151722384ff28d4f21b7f3e83c7e797ce3dabcde59245cba027
                          • Instruction Fuzzy Hash: B461F221A1EA8D4FE791EF688465BB53BD1FF4A300F4541FAE01DC71E3CE68A9418782
                          Function 00007FFD9BB12BB9 Relevance: .2, Instructions: 194COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0caede5c1f375b61281874c11bec9c5314c3a6ae2a15df0c8778b57743068468
                          • Instruction ID: ab416b979c528f13515ccba7c4659c18af5a1ff8474e1ff56a8b4f830f4932c7
                          • Opcode Fuzzy Hash: 0caede5c1f375b61281874c11bec9c5314c3a6ae2a15df0c8778b57743068468
                          • Instruction Fuzzy Hash: BC516642B1AA5E0BEBD4BFAC04B577D64C2EF98348B4494BDD86EC62FFEC5C69054201
                          Function 00007FFD9BB111C5 Relevance: .2, Instructions: 187COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9b5449ed58e228dc8dc8fbc1efa7c5f3fe803b32c95a2ae9b84d9352666e1385
                          • Instruction ID: 07bb7e71b3ce5abafbace0608128582d7f47a5d5a7f748f59e0dfcb2e5e0f2e4
                          • Opcode Fuzzy Hash: 9b5449ed58e228dc8dc8fbc1efa7c5f3fe803b32c95a2ae9b84d9352666e1385
                          • Instruction Fuzzy Hash: A851C260B1EA891FE78AE7788464BB47F92AF86244F6500E9D04DCB1E7DE286D41C312
                          Function 00007FFD9BB12D93 Relevance: .2, Instructions: 182COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f81a64688f7202a49f9670b6ee23e36a1c654c4118df922d86e620e4722b42c9
                          • Instruction ID: be4b68d0504db64fe285f09fdc96c55c91e9b4fc6c07314119efc298a6a1137d
                          • Opcode Fuzzy Hash: f81a64688f7202a49f9670b6ee23e36a1c654c4118df922d86e620e4722b42c9
                          • Instruction Fuzzy Hash: 6E51A421B1DA890FEBD5EB6844B1BBD76C2EF49304F5440B9D81DC72EBDD3869418302
                          Function 00007FFD9BB17B60 Relevance: .2, Instructions: 180COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9fd913fe182d7cbc4ec228a39a1f77c44f4fed75231838052d9a11cf53cd986f
                          • Instruction ID: b7e1d1611703f77670d3a91bb4fdc94d9e7f95a85e0aab1cc1d50b22de8e704e
                          • Opcode Fuzzy Hash: 9fd913fe182d7cbc4ec228a39a1f77c44f4fed75231838052d9a11cf53cd986f
                          • Instruction Fuzzy Hash: A9510721B19A4D0FEB99EB6C80657BA63D2EF99301F5445B9E08EC73DBDD2C9C064341
                          Function 00007FFD9BB1CC4D Relevance: .2, Instructions: 171COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 07cf83ed3e758c5ac2cb8f590d76ae4b6fa4c83d8cecf4fbec3371c7b24df2bf
                          • Instruction ID: 98a3a34bd9efff8127329cb5bb12bdd27cf246c3636252fec43fca4e706dd264
                          • Opcode Fuzzy Hash: 07cf83ed3e758c5ac2cb8f590d76ae4b6fa4c83d8cecf4fbec3371c7b24df2bf
                          • Instruction Fuzzy Hash: 4551D031609A4D4FEB69EF18D896BF836D0FF48314F5101B9D41ECB296DE78AA068780
                          Function 00007FFD9BB1C205 Relevance: .2, Instructions: 152COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d66b9dec31d4c3026b084de634bb696d20a11c7f2606186929005d2c76a748c1
                          • Instruction ID: 3560721591aa6636c6fe00ebab055a6e0acaf60d9c32021045b568904b48d491
                          • Opcode Fuzzy Hash: d66b9dec31d4c3026b084de634bb696d20a11c7f2606186929005d2c76a748c1
                          • Instruction Fuzzy Hash: 8441AC7160DA8C8FEBA4DF58C895BE937E1FB49304F40426AD84DCB1A2DB38AA458741
                          Function 00007FFD9BB1147B Relevance: .1, Instructions: 148COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7abab91b2e87feba5e4bc58d2063e7041df58d46efe16fbd858ea647b6832b36
                          • Instruction ID: 8b01bc3c4eae6a8d81e80cb21b62607a9377ab71d69cd7789ad224d5c5201d75
                          • Opcode Fuzzy Hash: 7abab91b2e87feba5e4bc58d2063e7041df58d46efe16fbd858ea647b6832b36
                          • Instruction Fuzzy Hash: 9951C32070DD4A5FEB99EB7880A5B78B792FF89301F5501A8D01DC31E7DF2978419782
                          Function 00007FFD9BB1000A Relevance: .1, Instructions: 146COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c465273c9c85768281f635530788c1ad407fe34848b5e6db53fa196a315cd9bf
                          • Instruction ID: 14846429783d0908a93f288f55a3a9b921451ddf639e03e33194347a84d27cd5
                          • Opcode Fuzzy Hash: c465273c9c85768281f635530788c1ad407fe34848b5e6db53fa196a315cd9bf
                          • Instruction Fuzzy Hash: 45415782A0F7CA0FD7634BB4087A4646F709E6364475E51EBD099CE4F3E94D1A4AC322
                          Function 00007FFD9BB1C1D5 Relevance: .1, Instructions: 132COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cd9fe7d247c46622edeaecdfbabef7c4aa52e88df8fc79f79e14c1ef61e6d399
                          • Instruction ID: 4445b9673f129a221e285f84878c88261263e0476e0c0f6c0451ec021b60d4bf
                          • Opcode Fuzzy Hash: cd9fe7d247c46622edeaecdfbabef7c4aa52e88df8fc79f79e14c1ef61e6d399
                          • Instruction Fuzzy Hash: BA41AE7060EA8D8FEBA4DF58C895BE977E1FF09304F50416AD84DCB2A2DB389A45C741
                          Function 00007FFD9BB1172B Relevance: .1, Instructions: 119COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e3ed1e295f6b7d0083458b84f06d49715f1024c4059286cd26bc83539066ed63
                          • Instruction ID: e819c36986b5c436e114e298d0ad5074e126f0dd2709ec21fdd2b6d2f6896d83
                          • Opcode Fuzzy Hash: e3ed1e295f6b7d0083458b84f06d49715f1024c4059286cd26bc83539066ed63
                          • Instruction Fuzzy Hash: DE31CB83B0FE4A0BF7D9AA6C187667851C1EF98288B49507ED46EC72EBEC4D29010206
                          Function 00007FFD9BB17D50 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5a299f066633a17ecb6101329927ac4ed54a1e5159a066c538a5daeac20dbff8
                          • Instruction ID: 1b07f5625cda138d97f721662cada8dc4f6bdcca87835c247e5783da5fac2ee3
                          • Opcode Fuzzy Hash: 5a299f066633a17ecb6101329927ac4ed54a1e5159a066c538a5daeac20dbff8
                          • Instruction Fuzzy Hash: 3C31817160CA4C8FDB94EF18C094AB6B7E4FF59305F1445ADE48DC7251DA31ED418B82
                          Function 00007FFD9BB1CD0C Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c8cbf373a7acfcfc7306764f3ebdf3421e5066e584deb8bb8094aa5192653cdb
                          • Instruction ID: 952028672f2651568e637201289a033c0b6aee1c613aab2ad0e63f93b1d031db
                          • Opcode Fuzzy Hash: c8cbf373a7acfcfc7306764f3ebdf3421e5066e584deb8bb8094aa5192653cdb
                          • Instruction Fuzzy Hash: 9A319E71B0994D4EEBA9EF589896BF832D1FF48308F500179C41ECB2D6DE38A6018341
                          Function 00007FFD9BB1184A Relevance: .1, Instructions: 106COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3955d5061fe4c1cca09388467d1d31ba5bf0c11351bd34c5c65a9d9c9a0c205d
                          • Instruction ID: b58d790afb914c77be230ad056a03be1b819bc385ed268808a7ffb3701e36370
                          • Opcode Fuzzy Hash: 3955d5061fe4c1cca09388467d1d31ba5bf0c11351bd34c5c65a9d9c9a0c205d
                          • Instruction Fuzzy Hash: 22317402B1EE5A4BEBD8BABC04B1B7D5482AFC8245B4450BDD42EC71FFDC5C6A050206
                          Function 00007FFD9BB10AB9 Relevance: .1, Instructions: 106COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e79c6a3e99847829dfb1fee71066bf9d9f82e49f3f90516b626feb30d8b7aae3
                          • Instruction ID: 171c151777978bd4fbdcd441e94b0e14f85b9fa65b267b779f179ba17fb258a4
                          • Opcode Fuzzy Hash: e79c6a3e99847829dfb1fee71066bf9d9f82e49f3f90516b626feb30d8b7aae3
                          • Instruction Fuzzy Hash: C1217D11B0EB8D0FE759CA7C5CA56657BE1EF8AA1170A41FBD04CCB1D3DE186C058351
                          Function 00007FFD9BB1DAF9 Relevance: .1, Instructions: 104COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d5ac3ba058e009e4e6f16f1d4dd1e86c11acbaa705af9b379520b99ac4237d50
                          • Instruction ID: 56c131879ca2a4daca75d1e984fc3990322c01eabc7064baffb97eb4bdfacb02
                          • Opcode Fuzzy Hash: d5ac3ba058e009e4e6f16f1d4dd1e86c11acbaa705af9b379520b99ac4237d50
                          • Instruction Fuzzy Hash: D0210A71B0EE090FE7299B6838257BA77D0EF55321F5641BDE84DC72D3ED1CAA028281
                          Function 00007FFD9BB142A0 Relevance: .1, Instructions: 100COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c89b061fa40600a9865350d96da6efff0c563881a57f3ddd1ab97a7d0503e575
                          • Instruction ID: 4d124187b7053803342648b45b28b8c5db6e72f83553882da5f6a0b8a41582c3
                          • Opcode Fuzzy Hash: c89b061fa40600a9865350d96da6efff0c563881a57f3ddd1ab97a7d0503e575
                          • Instruction Fuzzy Hash: 40213A12B1D98E0FF765DA6C14A537927D2FF9A344B1A00BAC04CC72E7CE196C074781
                          Function 00007FFD9BB1138D Relevance: .1, Instructions: 99COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 42597fe5b9909bd83770404c11251d7a52b34e514d8ff91a596442acd8f582be
                          • Instruction ID: 9a78695b52efc55f7513b320e168fb86395742e5ac98db41f784a474a17afa48
                          • Opcode Fuzzy Hash: 42597fe5b9909bd83770404c11251d7a52b34e514d8ff91a596442acd8f582be
                          • Instruction Fuzzy Hash: 0621F852B0EA890FE7D5EB7C04B1A7966D2EF89244B8A40FAD05DC75EBEC1C7E054301
                          Function 00007FFD9BB1CB95 Relevance: .1, Instructions: 94COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5602beca206188dbbd4daaad7482e25c6f1efad1df850d08a520c23a7d4d924d
                          • Instruction ID: 29fb46defba715c35a5de4ce40aab2a1144c97ce505f949203c08fd43173f92d
                          • Opcode Fuzzy Hash: 5602beca206188dbbd4daaad7482e25c6f1efad1df850d08a520c23a7d4d924d
                          • Instruction Fuzzy Hash: 3021F01170E3CA0FE3625BB898A5B757F91AF47214F5A40FDE0C9CF1E3CA89890A8341
                          Function 00007FFD9BB1DC8D Relevance: .1, Instructions: 70COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bdf9c457348cec26e724344b7602a6ccf55c9b071c631ca8ce86425f2875e893
                          • Instruction ID: 6378195cb90ea6c38741b5689202373ca0e8cbb9bdf3830f301bf082186eb812
                          • Opcode Fuzzy Hash: bdf9c457348cec26e724344b7602a6ccf55c9b071c631ca8ce86425f2875e893
                          • Instruction Fuzzy Hash: CF11CAB260E7CC4FDB66DF2888646657FA0FF67305B1600DBD489CB1A3DA245914C792
                          Function 00007FFD9BB10EA4 Relevance: .1, Instructions: 69COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9cdc899d2c6286758080382fd2b825212e95c70b04e8fa688ebbec94422a6fd7
                          • Instruction ID: fb00cc9be55f467b4046283008b1db555bb7c561f58e9e2536649cd2513e790d
                          • Opcode Fuzzy Hash: 9cdc899d2c6286758080382fd2b825212e95c70b04e8fa688ebbec94422a6fd7
                          • Instruction Fuzzy Hash: 8C11E791F1FA0E0AEFA4EB6C44B5BBC1382FF9C700F8554B9D00EC21EBDC58A9014240
                          Function 00007FFD9BB1DA39 Relevance: .1, Instructions: 68COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9b2153f3f54dfbe312dc3bcfb167491bc5cea0583145e0ff9c3d00718baf4688
                          • Instruction ID: 438e42bff42cdbd1ee35cd983eb16e01a067ed4aa35638c96e1ac890f80964a5
                          • Opcode Fuzzy Hash: 9b2153f3f54dfbe312dc3bcfb167491bc5cea0583145e0ff9c3d00718baf4688
                          • Instruction Fuzzy Hash: A3118E2060DA8D8FDB56DF28C4646643BE1FF5A314F5941EAD089CB1A2DA24EA04C741
                          Function 00007FFD9BB106CD Relevance: .1, Instructions: 59COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1a8aec559a03ca0fc8c19e96ae12bc2d9f9df94808d390090c4ce9a46c3a3101
                          • Instruction ID: 2ef3e2a427a5de9b6bbcc14f918a28cadfd8099653fc45255f5aa8f710b7efce
                          • Opcode Fuzzy Hash: 1a8aec559a03ca0fc8c19e96ae12bc2d9f9df94808d390090c4ce9a46c3a3101
                          • Instruction Fuzzy Hash: 4A01927150E6C88FCB12DB28C854A957FF0EF4B211B5A41E6D049CF1B3CA299A09CB92
                          Function 00007FFD9BB105C3 Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a3fc29f84b3316f9e7950c49317fcf4edd13ac9f3d27fceea25855ff7e1c8ab2
                          • Instruction ID: a4d51f1c6bbf6fb42ffca42150675877687fb8e2bb6ba46c9c23228b1fc59d87
                          • Opcode Fuzzy Hash: a3fc29f84b3316f9e7950c49317fcf4edd13ac9f3d27fceea25855ff7e1c8ab2
                          • Instruction Fuzzy Hash: AF01C05190F3C51FE7136B788869990BFA0EF17650F4E50EAC0C8CF5A3D5188A0AC342
                          Function 00007FFD9BB10734 Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4f1e19aeb3055f1d989d747e73d4b94166fb3a4e117b2a22703f32af5abceb8d
                          • Instruction ID: 8bd70692a1cd79c91054428ad09b4f16039f9b950acb1bef93f37a1684f09be0
                          • Opcode Fuzzy Hash: 4f1e19aeb3055f1d989d747e73d4b94166fb3a4e117b2a22703f32af5abceb8d
                          • Instruction Fuzzy Hash: 30016D72A0EACC8FDB52DF288851A557FA0FF1B305F5601D6D448CF1B3D624AA08CB52
                          Function 00007FFD9BB12705 Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4cf657b572e4c729248bff8d11f56956473ea6b41e4b86c2a4f3bce071c5fd23
                          • Instruction ID: 220c046a94cc4e936591623b06779d3f2dc3cd1a47965a4380bde552ce4b7ed9
                          • Opcode Fuzzy Hash: 4cf657b572e4c729248bff8d11f56956473ea6b41e4b86c2a4f3bce071c5fd23
                          • Instruction Fuzzy Hash: B8F0F61020D7C60FD7565FA858E9A707F80AF0A114F0A10EDE198CB1E3D5850C09C342
                          Function 00007FFD9BB1091A Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f50dcac305fb12542e9aaf7f67b074df70ff54867bea50a389ea858ff751de30
                          • Instruction ID: 25dd6e7ea7fc8061721842b110703a1541a99be26bcee342440e143e7ae5ab5d
                          • Opcode Fuzzy Hash: f50dcac305fb12542e9aaf7f67b074df70ff54867bea50a389ea858ff751de30
                          • Instruction Fuzzy Hash: D4012B21B0E58D0FFB64AE6844703BD3790FF46345F92117BE41DC61E3CE286B041252
                          Function 00007FFD9BB15606 Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f186f8035733d2c63d0d440b8ed9eb8395c2aa5ad2afb7c9142ca43955f92080
                          • Instruction ID: 661bbb652bbfcdb9d4f62bcb7dfd7b1662505dd19492fdfc9c6e89cf73cc8cdd
                          • Opcode Fuzzy Hash: f186f8035733d2c63d0d440b8ed9eb8395c2aa5ad2afb7c9142ca43955f92080
                          • Instruction Fuzzy Hash: 5C11846140D3C85EEB539FB494656E47FA0EF07204F0E81D5E4D98F063DA289619CBE2
                          Function 00007FFD9BB16F18 Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 744c94ac5867ff79f4bc959d7d7945ea14b8949ca3f1e6d85b03fd141feeb85a
                          • Instruction ID: 5d53071ec6d46d13dedf4e882d9efecef771e2669b75f31a0682384ba0d54c9f
                          • Opcode Fuzzy Hash: 744c94ac5867ff79f4bc959d7d7945ea14b8949ca3f1e6d85b03fd141feeb85a
                          • Instruction Fuzzy Hash: 5DF02B7114850D5EEBF4AF54EC06BF53394FB42315F10803AD46DC2582EE36294EC751
                          Function 00007FFD9BB1CA0E Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 26e938926ce6149b57c5cab7c9480b6da7fc43591a7631b2f4f7950bbfc5b29d
                          • Instruction ID: f8425b3089865fa05a14bc7ea5f8fbad7a8a8ce212acf38b656ae25cbc6b9d7b
                          • Opcode Fuzzy Hash: 26e938926ce6149b57c5cab7c9480b6da7fc43591a7631b2f4f7950bbfc5b29d
                          • Instruction Fuzzy Hash: D5E02BD3B3F68E05EA269AE490720B42750EF01156B0550BFD006C54E7D80A6501C282

                          Non-executed Functions

                          Function 00007FFD9BB1BADD Relevance: 7.7, Strings: 6, Instructions: 157COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID: 2$@$H$_$l$z
                          • API String ID: 0-2158418109
                          • Opcode ID: cc8cbabbe46af7f413048f3300bae59a5b7a02fc7306c887f5ecb08e2ee5b4cf
                          • Instruction ID: cde60258d76c28b0cc11bb6515bfd83c7f9e00d2034b3d26bd27d7e4d708826c
                          • Opcode Fuzzy Hash: cc8cbabbe46af7f413048f3300bae59a5b7a02fc7306c887f5ecb08e2ee5b4cf
                          • Instruction Fuzzy Hash: C8615F7050CBC68ED362DB3C849865AFFD1ABAA314F140B9DE0E9CB2E2D7758545C712
                          Function 00007FFD9BB156E8 Relevance: 6.6, Strings: 5, Instructions: 332COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID: $7$S$g$q
                          • API String ID: 0-598529670
                          • Opcode ID: ddc8636cbee21a412d94dab3166e17c5b6dec975993011e0fc2d59ef2245e5e2
                          • Instruction ID: cbbc1baf4a1168fa73ef22ade0f4b65bf2f80a66dfe37f9f88b581544e871dee
                          • Opcode Fuzzy Hash: ddc8636cbee21a412d94dab3166e17c5b6dec975993011e0fc2d59ef2245e5e2
                          • Instruction Fuzzy Hash: AAE16C7040CBC98FD3A2DB28845875ABFE0BBAA314F584ADDE0D9CB2E2C7758545C752
                          Function 00007FFD9BB1B95C Relevance: 6.4, Strings: 5, Instructions: 127COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID: 7$8$DKfA$\$n
                          • API String ID: 0-3370763964
                          • Opcode ID: 50e9646da0df9aa5331668a652651920fad6845de0a296c702a330475c6329b1
                          • Instruction ID: 8059debef074dc84d7f06f5c792226e4fbd90adfed26454469a5aa68279c0fe9
                          • Opcode Fuzzy Hash: 50e9646da0df9aa5331668a652651920fad6845de0a296c702a330475c6329b1
                          • Instruction Fuzzy Hash: E851AFA001E7C69FD363DB38845968ABFE0AF67224F080ADDD0D58F2E3D7684546C716
                          Function 00007FFD9BB1D261 Relevance: 5.3, Strings: 4, Instructions: 309COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID: ?$U$Y$Z
                          • API String ID: 0-2581756228
                          • Opcode ID: b0b84b63ee90a9eb385f7205e3d46c38862aee4b698f80473e5840d36d5a1eaf
                          • Instruction ID: 7888c0192185080f945e9f114dda3a4903743e08d08498f3a3b5e641b877a07b
                          • Opcode Fuzzy Hash: b0b84b63ee90a9eb385f7205e3d46c38862aee4b698f80473e5840d36d5a1eaf
                          • Instruction Fuzzy Hash: EDC15D7050CBC58FD796DB2C8494756BFE0BBAA314F184A8EE0D8CB2A2C775C585CB52
                          Function 00007FFD9BB15963 Relevance: 5.1, Strings: 4, Instructions: 149COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.2889248000.00007FFD9BB10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BB10000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_5_2_7ffd9bb10000_CodecInstaller.jbxd
                          Similarity
                          • API ID:
                          • String ID: 7$g$q$q
                          • API String ID: 0-3943576285
                          • Opcode ID: 276d62a56ca5c6cba2f5accff1dc9644ad47aea151c138b5d680438cc37412ba
                          • Instruction ID: f0a906aa6e119f0cae07d1c4ac03eede4ab386e07902201d2c795b36ad612a65
                          • Opcode Fuzzy Hash: 276d62a56ca5c6cba2f5accff1dc9644ad47aea151c138b5d680438cc37412ba
                          • Instruction Fuzzy Hash: 0051297000CBC98FD3A1DB28C45875ABFE0BBAA354F544A8DE0DCCB2A2C7759585C752